My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Application.180solutions.Zango

LOW
LOW
141 kbytes
(Adware.180Search,Adware.Win32.180Solutions,Adware.180Solutions)

Symptoms

A yellow icon with a black "g" appears in the taskbar ,a toolbar appears in your browser and popups appear from time to time when you're surfing the web

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

George Nechifor, virus researcher

Technical Description:

Application.180solutions.Zango is an ad supported software that runs in the background and although it has a icon in the taskbar it won't let you unload it through standard methods it also sends information to the home site about your browsing habbits and displays ads based on the keywords you search. It also has a searchbar that displays irelevant or sponsored links if you type in keywords.

Files and folders created:
C:\Documents and Settings\All Users\Start Menu\Programs\Zango
C:\Program Files\Zango Programs
C:\Program Files\Zango
C:\WINNT\Downloaded Program Files\ClientAX.dll

Registry keys created:
HKEY_CLASSES_ROOT\AppID\{F1F040D5-E8F8-4680-B101-9334E9773841}
HKEY_CLASSES_ROOT\AppID\ZangoToolbar.DLL
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx
HKEY_CLASSES_ROOT\zangohook.SABHO.1
HKEY_CLASSES_ROOT\zangohook.SABHO
HKEY_CLASSES_ROOT\ZangoToolbar.ZCToolBand.1
HKEY_CLASSES_ROOT\ZangoToolbar.ZCToolBand
HKEY_CURRENT_USER\Software\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EA0D26BD-9029-431A-86E0-83152D67828A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zango REG_SZ, 70 bytes, ""c:\program files\zango\zango.exe""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Zango Programs
HKEY_LOCAL_MACHINE\SOFTWARE\zango