ZHPCleaner is a tool for removing adware and PUPs, which is simliar to ADWCleaner. I ran it tonight, and it deleted everything it found, even though I wanted nothing to be deleted. So it should be used with extreme caution. At least I know now how to use it properly and get it to keep anything you don't want to be deleted. I ran a scan and then clicked on the Repair button to review what had been found. A number of files and registry keys were detected, but I wanted to keep almost all of these, as they belong to PUPs that I installed myself and want to keep. The results are divided into a number of categories, as you can see in the above screenshot. I clicked on the tab for each category, and clicked on Uncheck to unchceck everything in the category. With nothing selected, I was going to go back and review the results in each categorty and select the few files and registry keys that I did want to be removed. However, I decided not to worry about it for now, so I just clicked on the close button. As soon the repair window closed, ZHPCleaner deleted everything it had detected. It turns out that the close button works the same as clicking on Repair, and there is a Validate button you need to click on after making any changes to save the change, or ZHPCleaner will not take note of anything you've unchecked. I have no idea why the devleoper thought having the close button work the same as the repair button, or that you actually need to click on Validate to get it remember what you've unchecked. It's not something that would be an issue, if you always delete everything found, but for the rest of us it's not good. Not all of the programs ZHPCleaner tried to delete were gone, but they wouldn't run as the needed registry entries for them had been deleted. There is a cancel button which is supposed to restore everything from quarantine, but in my case at least, it did nothing. Fortunately, it's only two nights since I last did a full system backup, so I was able to restore my system from the image and get everything back. There is one positive thing I can say about it. Unlike AdwCleaner it actually lists the threat next to every file and registry key. So, at least you can actually see what a threat a seemingly random registry key belongs to.
Hmm. I ran it a couple of weeks ago and saw that most of the items flagged were items that I needed to keep although they were mostly "non standard" registry entries that I had added to the registry for my own purposes. I don't remember if I clicked "Cancel" or just X'ed out of the program but nothing got automatically deleted. I also ran ZHP Diag (a similar program) this week to scan and view the report to see what it found but again it did not auto clean anything. I really do not remember which method I used for exiting the program. https://www.nicolascoolman.com/download/zhpdiag/
Callender: I see that you've also suggested UltraAdwareKiller. I'm still deciding whether to add an adware detection software as an on-demand, and it's nice to see ZHPCleaner and the one you previously described. Do you suggest one over the other?
They both seem to work differently. Personally I will keep using both. UAK requires the user to whitelist items manually. ZHP Cleaner has no whitelist but the user must uncheck items to be kept and also detects any installed proxy and asks user to approve. Note: Also scans hosts file so if using a large hosts file it's best to switch to default hosts file to decrease scan times. EDIT: ZHP Cleaner and ZHP Diag are not the same.
When I first ran it a few weeks ago, also nothing was deleted. I'm guessing I clicked on the close button. When I ran it again, it crashed before finishng a scan, as did the next update that was released. As, it's been updated several time in the last few weeks, I thought I'd try it again. Which turned out to be a mistake, as it deleted everything. @taleblou @boredog Both ZHPCleaner and ZHPDiag get detected by the same three antiviruses when scanned at VirusTotal. The detection clearly is a false positive.
Well I just ran it again and this time it did in fact delete everything. However I just restored the deleted items by comparing quarantined items with a system image backup. It does crash if you have a large hosts file: Leaving these items checked and closing the "Repair" window results in auto remediation but it can be cancelled if you are quick. If you leave the "Repair" button/ window alone and click on "Report" you see what was found: FOUND file: C:\Users\Chris\AppData\Roaming\SwiftSearch.exe =>PUP.Optional.Pirrit FOUND file: C:\Users\Chris\AppData\Roaming\SwiftSearch.exe =>Adware.Suspect FOUND file: C:\Users\Chris\AppData\Roaming\SwiftSearch.exe =>Adware.GenericTask FOUND file: C:\Users\Chris\Desktop\NpenCandy.bat =>PUP.Optional.OpenCandy FOUND file: C:\Users\Chris\Desktop\SwiftSearch.lnk =>.Superfluous.SwiftSearch FOUND file: C:\Users\Chris\AppData\Roaming\SwiftSearch.exe =>.Superfluous.SwiftSearch FOUND folder: C:\Program Files (x86)\MSECACHE Win Installer Cleanup\WICU3 =>PUP.Optional.CrossRider FOUND folder: C:\Program Files (x86)\MSECACHE Win Installer Cleanup =>PUP.Optional.CrossRider FOUND folder: C:\ProgramData\WildBit Viewer =>.Superfluous.Privoxy FOUND file: C:\Users\Chris\AppData\Roaming\WildBit Viewer\Viewer.ini =>.Superfluous.Privoxy FOUND file: C:\Users\Chris\AppData\Roaming\WildBit Viewer\ViewerMRU.cfg =>.Superfluous.Privoxy FOUND file: C:\Users\Chris\AppData\Roaming\WildBit Viewer\ViewerToolBarSettings.cfg =>.Superfluous.Privoxy FOUND file: C:\Users\Chris\AppData\Roaming\WildBit Viewer\ViewerWindowColumnStates.ini =>.Superfluous.Privoxy FOUND folder: C:\Users\Chris\AppData\Roaming\WildBit Viewer =>.Superfluous.Privoxy FOUND folder: C:\Users\Chris\AppData\Local\SlimWare Utilities Inc\SlimCleaner =>.Superfluous.SlimWareUtilities FOUND folder: C:\Users\Chris\AppData\Local\SlimWare Utilities Inc\SlimDrivers =>.Superfluous.SlimWareUtilities FOUND folder: C:\Users\Chris\AppData\Local\SlimWare Utilities Inc =>.Superfluous.SlimWareUtilities FOUND folder: C:\Users\Chris\AppData\Local\WildBit Viewer =>.Superfluous.Privoxy I'm going to run it again and see if I can figure out how to avoid auto remediation other than using the "Cancel" button.
If you select Uncheck on every tab, followed by Validate (I'm not sure if you have to validate every tab, or you can just do this at the end), the repair will start, but nothing will get deleted. This is a hassle of course. Perhaps in earlier versions, pressing the close button, did just that, and it a bug in the current version which causes it to start the cleanup.
Okay I figured it out. Once the scan is complete if you open the repair window then close it - detected files will be removed. If you just view the report (text file) and exit the program no repairs are carried out. If you open the repair window you must inspect each tab and uncheck items that you want to keep. On each tab you must then Validate your choices. Once Validated those files will not be removed. Closing the repair window initiates "Scan and repair" but only checked items will be removed. If there are no checked items you strangely still get a "repairs carried out" message As far as I can work out Validated items are added to an exclusion list for next time which would explain why there were no registry detections which I had expected to see after I saw them a couple of weeks ago. EDIT: Actually there's no exclusion list that is remembered for subsequent scans. So I agree - use with caution and have a backup first time.
OK, thanks Callender, this was helpful. I d/l it from roger_m's link. It's a rapid scan and gave a report revealing a whopping 7 empty temp folders, but then appeared to freeze. It wouldn't respond to "repair," "close" or minimize, so I don't know. I had to end it in task manager. Anyway, it's in Downloads, so as an on-demand, it seems to be OK, keeping in mind the caveats outlined in this thread. Edit: a normal Hosts file. It's not a big deal, I'll try to figure it out. It should be W10 compatible so it must be something else. I also have VoodooShield, HitmanPro Alert and Windows stuff. It's probably something minor, no worries.
I wonder why it freezes for you but not for me. As I said if I keep a large hosts file enabled then it does freeze. I wonder if other onboard security could hamper it? I have realtime: Comdodo CIS VoodooShield Threatfire EMET Zemana AM Pro All were left enabled.
On my system, it didn't add anything to an ignore list, and everything was detected again the next time I did a scan.
Okay so it does indeed add previously "validated" false positive detections to new scan results so there can't be an exclusion list.
HitmanPro Alert makes ZHPCleaner hang. Disabling "exploit mitigations" makes it function completely. I added it to "exclusions" so that's that.
I see you are running the application directly from your downloads folder. On may machine (Windows 7) it runs from: "C:\Users\Chris\ZHPCleaner.exe" "C:\Users\Chris\Desktop\ZHPCleaner.lnk" = desktop shortcut Although there is also a copy here: "C:\Users\Chris\AppData\Roaming\ZHP\ZHPCleaner.exe" Maybe try downloading to your desktop then launch from there?
did a scan with 2021 version, it crashed when doing repairs, spawns lots of web pages when it finishes scanning to be be used with caution since it tends to find too many malwares
@EASTER fortunately I don't , I used to like ZHP cleaner but it tends to exaggerate, also that window spawn is not necessary that said, the programme is safe, but it doesn't work on my host, pretty much like Zemana antimalware now