Friday
2015-04-13, 15:48
The following instructions have been created to help you to get rid of "Starzip" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
pups
Description:
Starzip creates folders and files in the programfiles and system directory. It creates autorun entries and connects to adware servers in background.
Removal Instructions:
Autorun:
Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd), RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) or msconfig.exe to remove the following autorun entries.
Entries named "startoolsup" and pointing to "?<$PROGRAMFILES>\STARtools\StarToolsUP\STARUpdate.exe*".
Entries named "StarZipMain" and pointing to "?<$PROGRAMFILES>\STARtools\StarZip\starzipup.exe*".
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "startoolsup".
Products that have a key or property named "StarZipMain".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$LOCALAPPDATA>\StarZip\szDocks.ini".
The file at "<$PROGRAMFILES>\STARtools\StarToolsUP\STARUpdate.exe".
The file at "<$PROGRAMFILES>\STARtools\StarToolsUP\uninstall.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\Languages\korean.ini".
The file at "<$PROGRAMFILES>\STARtools\StarZip\partner.ini".
The file at "<$PROGRAMFILES>\STARtools\StarZip\StartoolsLauncher.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\StarZip.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\starzipextchg.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\starzipup.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\szDocks.ini".
The file at "<$PROGRAMFILES>\STARtools\StarZip\szVCDMod.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\Uninstall.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\updatelist.ini".
The file at "<$PROGRAMS>\º°ÅøÁî\º°ÅøÁî ÅëÇÕ¾÷µ¥ÀÌÆ®.lnk".
The file at "<$PROGRAMS>\º°ÅøÁî\º°Áý\º°Áý.lnk".
The file at "<$SYSDIR>\szConfig.ini".
The file at "<$SYSDIR>\szDropTarget.dll".
The file at "<$SYSDIR>\szMenu.dll".
The file at "<$SYSDIR>\sznewcon.dll".
The file at "<$SYSDIR>\ZipShell_x64.dll".
Make sure you set your file manager to display hidden and system files. If Starzip uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) 2.x or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$APPDATA>\StarZip".
The directory at "<$LOCALAPPDATA>\StarZip".
The directory at "<$PROGRAMFILES>\STARtools\StarToolsUP".
The directory at "<$PROGRAMFILES>\STARtools\StarZip\Languages".
The directory at "<$PROGRAMFILES>\STARtools\StarZip\SFXEng".
The directory at "<$PROGRAMFILES>\STARtools\StarZip\SFXKor".
The directory at "<$PROGRAMFILES>\STARtools\StarZip\temp".
The directory at "<$PROGRAMFILES>\STARtools\StarZip".
The directory at "<$PROGRAMFILES>\STARtools".
The directory at "<$PROGRAMS>\º°ÅøÁî\º°Áý".
The directory at "<$PROGRAMS>\º°ÅøÁî".
Make sure you set your file manager to display hidden and system files. If Starzip uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
A key in HKEY_CLASSES_ROOT\ named "StarZip.001", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.7z", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.ace", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.alz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.arc", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.arj", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.b64", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.bh", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.bin", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.bz2", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.cab", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.cpio", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.enc", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.gz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.ice", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.iso", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.jar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.lcd", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.lha", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.lzh", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.mim", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.mme", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.nrg", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.pak", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.pk_", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.pk3", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.rar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.rpm", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.tar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.tbz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.tgz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.uue", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.wsz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.xxe", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.z", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.Zip", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.zoo", plus associated values.
Delete the registry key "{78303B8D-5FB4-4E98-8DED-48122FA6DD93}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8CD1DAFA-79E7-4BF9-A2FC-B35612895BA4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{AE5264CF-FF5F-42a5-A763-9F92C76D4186}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CF065E33-10F6-4B9B-BB91-2098325157AE}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Drive\shellex\DragDropHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Folder\shellex\DragDropHandlers\".
Delete the registry key "STARtools" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "STARtools" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "StarZip" at "HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\".
Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT\.bin\".
Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT\.tgz\".
Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT\.wsz\".
Delete the registry value "{78303B8D-5FB4-4E98-8DED-48122FA6DD93}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\".
Delete the registry value "{8CD1DAFA-79E7-4BF9-A2FC-B35612895BA4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\".
Delete the registry value "{CF065E33-10F6-4B9B-BB91-2098325157AE}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.001\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.7z\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.arj\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.bz2\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.cab\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.cpio\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.gz\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.lzh\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.rar\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.rpm\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.tar\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.z\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.zip\".
If Starzip uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
pups
Description:
Starzip creates folders and files in the programfiles and system directory. It creates autorun entries and connects to adware servers in background.
Removal Instructions:
Autorun:
Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd), RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) or msconfig.exe to remove the following autorun entries.
Entries named "startoolsup" and pointing to "?<$PROGRAMFILES>\STARtools\StarToolsUP\STARUpdate.exe*".
Entries named "StarZipMain" and pointing to "?<$PROGRAMFILES>\STARtools\StarZip\starzipup.exe*".
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "startoolsup".
Products that have a key or property named "StarZipMain".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$LOCALAPPDATA>\StarZip\szDocks.ini".
The file at "<$PROGRAMFILES>\STARtools\StarToolsUP\STARUpdate.exe".
The file at "<$PROGRAMFILES>\STARtools\StarToolsUP\uninstall.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\Languages\korean.ini".
The file at "<$PROGRAMFILES>\STARtools\StarZip\partner.ini".
The file at "<$PROGRAMFILES>\STARtools\StarZip\StartoolsLauncher.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\StarZip.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\starzipextchg.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\starzipup.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\szDocks.ini".
The file at "<$PROGRAMFILES>\STARtools\StarZip\szVCDMod.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\Uninstall.exe".
The file at "<$PROGRAMFILES>\STARtools\StarZip\updatelist.ini".
The file at "<$PROGRAMS>\º°ÅøÁî\º°ÅøÁî ÅëÇÕ¾÷µ¥ÀÌÆ®.lnk".
The file at "<$PROGRAMS>\º°ÅøÁî\º°Áý\º°Áý.lnk".
The file at "<$SYSDIR>\szConfig.ini".
The file at "<$SYSDIR>\szDropTarget.dll".
The file at "<$SYSDIR>\szMenu.dll".
The file at "<$SYSDIR>\sznewcon.dll".
The file at "<$SYSDIR>\ZipShell_x64.dll".
Make sure you set your file manager to display hidden and system files. If Starzip uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) 2.x or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$APPDATA>\StarZip".
The directory at "<$LOCALAPPDATA>\StarZip".
The directory at "<$PROGRAMFILES>\STARtools\StarToolsUP".
The directory at "<$PROGRAMFILES>\STARtools\StarZip\Languages".
The directory at "<$PROGRAMFILES>\STARtools\StarZip\SFXEng".
The directory at "<$PROGRAMFILES>\STARtools\StarZip\SFXKor".
The directory at "<$PROGRAMFILES>\STARtools\StarZip\temp".
The directory at "<$PROGRAMFILES>\STARtools\StarZip".
The directory at "<$PROGRAMFILES>\STARtools".
The directory at "<$PROGRAMS>\º°ÅøÁî\º°Áý".
The directory at "<$PROGRAMS>\º°ÅøÁî".
Make sure you set your file manager to display hidden and system files. If Starzip uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
A key in HKEY_CLASSES_ROOT\ named "StarZip.001", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.7z", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.ace", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.alz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.arc", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.arj", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.b64", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.bh", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.bin", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.bz2", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.cab", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.cpio", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.enc", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.gz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.ice", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.iso", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.jar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.lcd", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.lha", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.lzh", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.mim", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.mme", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.nrg", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.pak", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.pk_", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.pk3", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.rar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.rpm", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.tar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.tbz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.tgz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.uue", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.wsz", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.xxe", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.z", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.Zip", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "StarZip.zoo", plus associated values.
Delete the registry key "{78303B8D-5FB4-4E98-8DED-48122FA6DD93}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8CD1DAFA-79E7-4BF9-A2FC-B35612895BA4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{AE5264CF-FF5F-42a5-A763-9F92C76D4186}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CF065E33-10F6-4B9B-BB91-2098325157AE}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Drive\shellex\DragDropHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\".
Delete the registry key "1StarZip" at "HKEY_CLASSES_ROOT\Folder\shellex\DragDropHandlers\".
Delete the registry key "STARtools" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "STARtools" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "StarZip" at "HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\".
Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT\.bin\".
Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT\.tgz\".
Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT\.wsz\".
Delete the registry value "{78303B8D-5FB4-4E98-8DED-48122FA6DD93}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\".
Delete the registry value "{8CD1DAFA-79E7-4BF9-A2FC-B35612895BA4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\".
Delete the registry value "{CF065E33-10F6-4B9B-BB91-2098325157AE}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.001\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.7z\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.arj\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.bz2\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.cab\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.cpio\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.gz\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.lzh\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.rar\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.rpm\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.tar\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.z\".
Delete the registry value "StarZipBackUp" at "HKEY_CLASSES_ROOT\.zip\".
If Starzip uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.