DzenTime Removal Report

DzenTime is supposed to be – at least officially – an app that helps you relax by reminding you to take breaks from work every now and then. That’s the official tag line. Unfortunately, and a bit hilariously, it also introduces intrusive ads into your life, starts mining crypto with your PC’s resources, and swings the door wide open for malware. That’s the kind of Zen waiting for you.

Oh, and this is what happens if you try to uninstall the app:

Dezntime Uninstaller

Luckily, we have the answers below because we already downloaded and destroyed a sample in our testing. The guide works. Just follow it in its entirety.

Dzentime and Altisik

DzenTime is also closely related to another malware that gets installed with it, Altisik. While some security vendors are on the fence whether to call DzenTime a PUP or an outright malware, Altisik firmly crosses the line. Since DzenTime introduces it into your machine, let me clearly state that you don’t want this app on your devices in any shape or form.

SUMMARY:

NameDzenTime
TypeBrowser Hijacker
Detection Tool

DzenTime Removal Guide

The main method hijackers like DzenTime use to remain in your browser is to add an administrator policy that locks the browser’s settings and prevents you from restoring them to their normal state.

A “Managed by your organization” message in the browser is a sign that you are dealing with such a policy. If you see this in your browser, you’ll first have to deal with the hijacker policy before being able to get rid of DzenTime:

Open Chrome, Edge, or whichever browser got affected. 

In the address bar, type chrome://policy for Chrome, edge://policy for Edge, or a similar URL with adjusted browser name for any other Chromium browser you might be using.

Pay attention to the values of any policies listed on the page that opens. Ones that look like random strings of characters are likely linked to the hijacker, so you must copy them down and save them in a text file for easy access.

chrome policies

Afterward, try accessing the Extension Manager again.

Some hijackers block access by redirecting you to Google or another page. Frustrating, but easy to resolve:

First, make sure to make the hidden files and folders in your system visible. Just search for Folder options in the start menu, open it, go to View, enable Show Hidden Files and Folders, and click OK.

Then go to C:\Users\[YourUsername]\AppData\Local\Google\Chrome\User Data\Default\Extensions and delete every folder you find inside.

chrome extensions folders

All extensions get disabled by doing this, including the ones you want to keep, but those can be reinstalled later with a single click. 

The important thing is you can now access the Extensions Manager. Go to it and turn on Developer Mode

Look for the IDs of the rogue extensions. Copy those IDs too and save them next to the policy values. You’ll need them for deeper cleanup.

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

How to Remove DzenTime Virus Items From the Registry

Now comes the critical part, cleaning up the system registry. This step requires caution. The registry controls essential parts of your system and mistakes in this step can lead to serious problems.

Hit Win + R to open the Run box. Type in “regedit” in it and press Enter. This opens the Registry Editor. 

Once inside, press Ctrl + F to open the search box and search for the values or IDs collected earlier. 

The search results will likely be registry values shown on the right, but you must delete the entire key (folder in the right panel) associated with these values.

Each search will show only a single item, so always make sure to search again after each deletion to see if there are any other related items.

Sometimes, the system won’t allow you to delete a particular key. This is another clever persistence mechanism used by some hijackers, but, again, we know the fix:

Right-click the key that contains the one you are trying to delete (its parent key), and select Permissions. Select “Advanced”, then click “Change”, then type “Everyone”, and click on Check Names

regedit permissions 2

Hit OK, and check the two new “Replace” options that should appear in the previous window.

regedit permissions 3

Apply the changes and save them.

 

Now the system should allow you to delete the key. Rinse and repeat until no rogue policies or extension IDs remain in your registry.

Delete DzenTime Policies: Alternative Methods

Even after clearing out the registry, the “Managed by your organization” message might still linger.

This is where the Group Policy Editor comes into play. Open your Start menu, search for it, and open it. 

Once inside, find and right-click the “Administrative Templates” folder and click on Add/Remove Templates

local group policy administrative templates

Remove all entries you see in the following list. We doubt that you intentionally added anything there.

delete local group policies

There’s one more alternative, but only for Google Chrome users. Use the Chrome Policy Remover tool. 

This free tool doesn’t need installation. Just run it as an administrator. It removes rogue browser policies automatically. 

The tool might prompt a security warning but this shouldn’t worry you. Just ignore the warning by clicking on More Info > Run Anyway and let the tool do its work. 

After this, all lingering policies should vanish.

Uninstall the DzenTime Virus Extension From Your Browser

You’ve reached the final stage. Now that rogue policies are cleared, revisit your browser. 

Open the Settings menu once again. Go to the Extensions section. Anything suspicious left over should be removed immediately by clicking its Remove button.

If you want to restore any of the legitimate extensions that we corrupted earlier, when we deleted all extension folders, now is the time to do that. 

Just click on Repair and they will come back, but be careful not to restore any extensions that you don’t want in the browser.

Next, head to Privacy and Security settings. 

Clear your browsing data. Make sure to cover the timeframe from when the hijacker first began bothering you. 

delete browser data chrome

If you aren’t sure when that was, just choose All Time and delete all data types except your passwords. This wipes out any cached data linked to DzenTime. 

You’ll also want to review your Site Settings. Check all permissions types and if you see any questionable URLs that could be linked to DzenTime, click the three dots next to them, and select the Block option.

chrome site permissions

Check your search engine settings again. Make sure only your preferred search tool remains. 

chrome search engine

Delete any search engines tied to DzenTime by opening the Manage Search Engines section and examining the list of search tools.

Then, navigate to the “On Startup” and “Appearance” sections from the left. Look for any unusual site addresses and remove them. 

At this point, your browser should be free from any remaining traces of DzenTime.

How to Remove the DzenTime Virus

Cleaning DzenTime doesn’t always guarantee it won’t return. Many hijackers like DzenTime come bundled with other malware. Such malicious software in your system may reinstate the hijacker even after you’ve deleted it successfully. Therefore, we recommend that you check your recent installs to see if anything there may need to be removed.

Open the Start menu, navigate to Settings (a small gear icon), and open the Apps section. 

Review everything installed on your computer. Look for programs you don’t remember installing or ones you did install intentionally, but are from questionable sources. 

Dzentime App

Uninstall any suspicious apps to prevent reinfection. But be aware that most rogue software won’t let itself be deleted so easily. Unfortunately, the specific app that may have delivered DzenTime into your system can be anything and since we have no specific information about it, we are unable to give you concrete instructions on how to remove it.

This is the reason we recommend using SpyHunter to clean your system from lingering malware. It will quickly pick up any hidden threats and give you the option to get rid of them with a single click. 

Of course, if you are confident you can manually clean your system, go for it, but we think using a dedicated removal tool can greatly diminish the chances of any rogue software slipping through the cracks.


About the author

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment