Home / malwarePDF  

BrowserModifier:Win32/Tango


First posted on 22 February 2019.
Source: Microsoft

Aliases :

BrowserModifier:Win32/Tango is also known as Trojan.Win32.Pasta.lmp, TR/Pasta.liy, Trojan.Win32.Pasta, Trojan horse Generic18.RGV, Malware.MUTL.

Explanation :

BrowserModifier:Win32/Tango is a web browser toolbar that may be installed without adequate user consent. It changes the browser's search provider and also monitors visited websites to display related keywords in the toolbar. Installation Win32/Tango creates the following file:  <4 characters>.dll   where the first two characters are random and the last two are related to the toolbar's version number. For example, a user with toolbar version 0.0.7.8 may have a file named 9f78.DLL, 0e78.DLL, 5578.DLL or so on, in the system folder.   BrowserModifier:Win32/Tango creates the following registry entries:   HKLMCLASSESCLSID HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects HKLMSOFTWAREMicrosoftInternet ExplorerToolbar HKCUSOFTWAREMicrosoftWindowsCurrentVersionEXTStats HKCUSOFTWAREMicrosoftInternet ExplorerToolbarWebBrowser   where is a randomly generated CLSID.   BrowserModifier:Win32/Tango also adds the following uninstaller information to the registry:   Adds value: "DisplayName" With data: "Tango"   Adds value: "UninstallString" With data: "mshta.exe http://remove.gettango.com/" To subkey:  HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall   where is the same randomly generated CLSID.   Note: If the user attempts using this uninstaller entry for Win32/Tango, they are redirected to a website which indicates there is no relation between the site and the toolbar. There is no known operational uninstaller for this toolbar. Additional information Modifies Internet Explorer The Tango Toolbar displayed in Internet Explorer, such as seen in the following graphic:   When the web browser's search box is used to search the Internet, the user is directed to a website that indicates there is no relation between the site and the toolbar.   Displays a confirmation window When installed, BrowserModifier:Win32/Tango displays a confirmation window, as seen in the image below:   Analysis by Aaron Hulett

Last update 22 February 2019

 

TOP