Cart
Application.180solutions.Zango( Adware.180Search,Adware.Win32.180Solutions,Adware.180Solutions )
SYMPTOMS: A yellow icon with a black "g" appears in the taskbar ,a toolbar appears in your browser and popups appear from time to time when you're surfing the webTECHNICAL DESCRIPTION: Application.180solutions.Zango is an ad supported software that runs in the background and although it has a icon in the taskbar it won't let you unload it through standard methods it also sends information to the home site about your browsing habbits and displays ads based on the keywords you search. It also has a searchbar that displays irelevant or sponsored links if you type in keywords.Files and folders created: C:\Documents and Settings\All Users\Start Menu\Programs\Zango C:\Program Files\Zango Programs C:\Program Files\Zango C:\WINNT\Downloaded Program Files\ClientAX.dll Registry keys created: HKEY_CLASSES_ROOT\AppID\{F1F040D5-E8F8-4680-B101-9334E9773841} HKEY_CLASSES_ROOT\AppID\ZangoToolbar.DLL HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 HKEY_CLASSES_ROOT\LMgr180.WMDRMAx HKEY_CLASSES_ROOT\zangohook.SABHO.1 HKEY_CLASSES_ROOT\zangohook.SABHO HKEY_CLASSES_ROOT\ZangoToolbar.ZCToolBand.1 HKEY_CLASSES_ROOT\ZangoToolbar.ZCToolBand HKEY_CURRENT_USER\Software\zango HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EA0D26BD-9029-431A-86E0-83152D67828A} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zango REG_SZ, 70 bytes, ""c:\program files\zango\zango.exe"" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango Toolbar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango HKEY_LOCAL_MACHINE\SOFTWARE\Zango Programs HKEY_LOCAL_MACHINE\SOFTWARE\zango Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: George Nechifor ,virus researcher |
