eZula TopText is a browser plug-in for Internet Explorer. This means that the TopText software cuddles up in Internet Explorer's process; from the outside, no-one can tell if either native Internet Explorer code or TopText is communicating to the Internet.
After installation of Toptext, network traffic logs revealed that there was unusual HTTP traffic between Internet Explorer and a foreign server, each time the user navigated between URLs. The data transmitted is small and cryptic so we don't know if this is confidential information or not.
Common firewalls and even ZoneAlarm are not capable to block this kind of traffic, as both the port (80) as the application (Internet Explorer) are considered okay.
Being an Internet Explorer plug-in may be a trojan's wettest dream for that matter.
eZula states that TopText is NOT spyware. At this moment, we can't really tell it is. Knowing what other dirty tricks eZula built in TopText, we have to read that statement with the greatest caution. The best caution is to totally get rid of TopText.
You really don't want to take the risk and have doubtful software running in a highly favorable location such as the Internet Explorer process.
OKAY! You're not using a browser that can be affected by TopText.
However, as soon as you run Internet Explorer you CAN be affected by TopText. And even NOW, a hidden eZula component may run in the background passing who-knows-what information to eZula.
To find out if there are TopText components on your system, open this page with Internet Explorer 4+.
WARNING! You are running eZula TopText now.
This page detected that you are running eZula at this moment.
eZula TopText is bundled with popular downloads like KaZaA or Desktop Dollars. That's okay; you can safely uninstall TopText without breaking KaZaA or Desktop Dollars. Those applications will remain entirely functional.
The first step in the uninstall process is going to Control Panel > Add/Remove Programs, selecting 'TopText', 'HotText' or 'ContextPro' from the list and clicking Remove.
After a couple of seconds, a message will tell the uninstall is completed.
Actually, it's not completed; you need to restart your computer and come to this page again. You'll get more directions on how to get rid of eZula Toptext completely.
If you ever had eZula TopText installed, you used Control Panel > Add/Remove Programs to uninstall it, just like eZula says to do.
However, you still have the most hideous part of all on your system -- the eZula auto-downloader/installer. It can instantly download TopText and reinstall it, without your consent. Apart from the innocent looking tray icon flashing up, and a strangely behaving browser for a couple of seconds, the reinstall is totally unnoticeble. Most users will never know what hit them.
This component is called stub.exe and is located in the Windows' System folder. Its name, location and the fact it remains after an uninstall proves the trojan-like nature of eZula's scumware.
The installer/downloader can be ignited by just a single line of HTML code on any Internet page -- not even relying on Javascript.
We tried to find one, but there's no reliable way to detect now if this component is resident on your system. Touching it is enough to start the automatic download/install.
You don't believe it? If you ever had eZula TopText installed, clicking here will instantly reinstall it! No code whatsoever will be downloaded from our Web site; the necessary code to contact eZula + download + install is already there on your system! If you dare to do it, you'll see a sneaky tray icon pop up. After the icon disappears, do a page refresh, and you'll see that TopText is detected again.
Ad-aware
Apart from doing the cleaning with your bare hands, you can also download Lavasoft's free Ad-aware tool. Apart from removing eZula from your system, Ad-aware cleans a whole myriad of spyware.
How to manually remove eZula's downloader/installer.
See if you have stub.exe or ezstub.exe on your system. Do a search on you hard drive for 'stub.exe ezstub.exe'. You'll find it in Windows' System or System32 folder. ezstub.exe can be found in the Program Files folder.
If there's no file like that, about 52K in size, you don't have the downloader/installer. (Some may find a 'stub.exe' in the CuteFTP folder - don't delete that one!)
Open a command prompt (aka DOS window) and go to the directory stub.exe or ezstub.exe is in.
Type this (hit enter at the end of each line):
stub.exe -UnregServer
del stub.exe
Or if you found ezstub.exe:
ezstub.exe -UnregServer
del ezstub.exe
The most vicious eZula component is now removed from your system.
How to remove eZula's Web downloader/installer.
If you downloaded TopText from eZula's Download Site, you have an additional downloader/installer on your system. Again, we can't detect if it's on your system: touching it is igniting it.
Here's how you can find out whether you have it, and how to install it:
See if you have ezulaboot.dll on your system. Do a search on you hard drive for ezulaboot.dll. You'll find it in Windows' Downloaded Programs folder.
If there's no file like that, you don't have the Web downloader/installer on your system.
You'll need regsvr32.exe for removal. Do a search on your hard drive for regsvr32.exe. You'll find it in Windows' System or System32 folder. Take note of its path.
Open a command prompt (aka DOS window) and go to the directory ezulaboot.dll is in.
Type this (hit enter at the end of each line, the path to regsvr32.exe may differ if you're not on Windows NT/2000):
C:\WinNT\system32\regsvr32.exe -u ezulaboot.dll
del ezulaboot.*
eZula's Web installer is now removed from your system.
You are a Web master and want to warn visitors that have eZula installed? WhirlyWiryWeb's Fighting eZula article presents the eZula Detection Script, widely embraced by the eZula fighting community. Extending on Figthing Ezula, the Detecting TopText and Surf+ article tells how to catch both TopText and Surf+ enabled clients.