Home / malwarePDF  

Adware:Win32/ZangoSearchAssistant


First posted on 04 February 2009.
Source: SecurityHome

Aliases :

There are no other names known for Adware:Win32/ZangoSearchAssistant.

Explanation :

180Solutions.Zango.SearchAssistant monitors your current Web browsing activity and displays pop-up advertisements related to the Internet sites you are viewing.

Symptoms
The following symptoms may indicate an installation of 180Solutions.Zango.SearchAssistant:

  • Check Start -> All Programs to see whether Zango is listed.
  • Check the registry for the following key: HKEY_LOCAL_MACHINESOFTWAREzango


    • 180Solutions.Zango.SearchAssistant monitors words on the Web page or in the Web address that you are currently viewing and uses that information to deliver targeted pop-up advertising. 180Solutions.Zango.SearchAssistant is often bundled with other software offered from Zango. Some Web sites may use pop-up boxes to prompt you to install 180Solutions.Zango.SearchAssistant. Some versions of 180Solutions.Zango.SearchAssistant may ask you to review the license agreement on the 180Solutions.Zango.SearchAssistant Web site after the program is installed and running. When installed, 180Solutions.Zango.SearchAssistant:
  • Modifies the registry in order to load when Windows is started:
    • Adds value: "zango"
    with data: "<Program Files>zangozango.exe" to registry key: HKEY_LOCAL_MACHINEMicrosoftWindowsCurrentVersionRun
  • Adds the following registry keys:
    • HKEY_CURRENT_USERSoftwarezangoHKEY_CLASSES_ROOTClientAX.ClientInstallerHKEY_CLASSES_ROOTClientAX.ClientInstaller.1 HKEY_CLASSES_ROOTClientAX.RequiredComponent HKEY_CLASSES_ROOTClientAX.RequiredComponent.1 HKEY_CLASSES_ROOTClientAX.ZangoClientAX HKEY_CLASSES_ROOTClientAX.ZangoClientAX.1 HKEY_CLASSES_ROOTCLSID{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKEY_CLASSES_ROOTCLSID{56F1D444-11BF-4879-A12B-79CF0177F038} HKEY_CLASSES_ROOTTypeLib{8BE3FABA-7468-4851-B97C-0750AF2B908E} HKEY_CLASSES_ROOTzangohook.SABHO HKEY_CLASSES_ROOTzangohook.SABHO.1 HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{56F1D444-11BF-4879-A12B-79CF0177F038} HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallzango HKEY_LOCAL_MACHINESOFTWAREzango
  • Adds a shortcut to the following folder in order to add itself to the Programs menu:
    • C:Documents and SettingsAll UsersStart MenuProgramsango
  • Creates the following folder:
    • <Program Files>ango
  • Adds the following files to that folder:
    • zango.exe zango_gdf.dat zango_hpk.dat zango_kyf_update.dat Zangozangoau.dat Zangozangohook.dll 180Solutions.Zango.SearchAssistant may provide an uninstaller listed as Zango in Add or Remove Programs in Control Panel.

    Last update 04 February 2009

     

    TOP

    Malware :