Tuesday, January 27, 2009

180Solutions.Zango Spyware

How To Remove 180Solutions.Zango?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
180Solutions.Zango is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.

180Solutions.Zango Symptoms:

Files:
[%DESKTOP%]\Viruz\npclntax.dll
[%PROFILE_TEMP%]\1801FC.mht
[%PROFILE_TEMP%]\18035E.mht
[%PROFILE_TEMP%]\1804.mht
[%PROFILE_TEMP%]\180520.mht
[%PROFILE_TEMP%]\18055D.mht
[%PROFILE_TEMP%]\180B.mht
[%PROFILE_TEMP%]\180E.mht
[%PROFILE_TEMP%]\temp.fr????\zanuhook.dll
[%PROFILE_TEMP%]\Upgrade.exe
[%PROFILE_TEMP%]\ZangoTBInstaller.exe
[%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll
[%PROFILE_TEMP%]\ToolbarUpgrade.exe
[%PROFILE_TEMP%]\ZangoClient.exe
[%DESKTOP%]\Viruz\npclntax.dll
[%PROFILE_TEMP%]\1801FC.mht
[%PROFILE_TEMP%]\18035E.mht
[%PROFILE_TEMP%]\1804.mht
[%PROFILE_TEMP%]\180520.mht
[%PROFILE_TEMP%]\18055D.mht
[%PROFILE_TEMP%]\180B.mht
[%PROFILE_TEMP%]\180E.mht
[%PROFILE_TEMP%]\temp.fr????\zanuhook.dll
[%PROFILE_TEMP%]\Upgrade.exe
[%PROFILE_TEMP%]\ZangoTBInstaller.exe
[%PROGRAM_FILES%]\Mozilla Firefox\plugins\npclntax.dll
[%PROFILE_TEMP%]\ToolbarUpgrade.exe
[%PROFILE_TEMP%]\ZangoClient.exe

Folders:
[%COMMON_PROGRAMS%]\Zango
[%PROGRAM_FILES%]\zango
[%PROGRAM_FILES%]\zango programs
[%PROGRAM_FILES%]\zangoclient
[%PROGRAMS%]\zango
[%PROGRAMS%]\zango programs

Registry Keys:
HKEY_CLASSES_ROOT\appid\zangotoolbar.dll
HKEY_CLASSES_ROOT\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}
HKEY_CLASSES_ROOT\appid\{f1f040d5-e8f8-4680-b101-9334e9773841}
HKEY_CLASSES_ROOT\clientax.zangoclientax
HKEY_CLASSES_ROOT\clientax.zangoclientax.1
HKEY_CLASSES_ROOT\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}
HKEY_CLASSES_ROOT\CLSID\{56F1D444-11BF-4879-A12B-79CF0177F038}
HKEY_CLASSES_ROOT\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}
HKEY_CLASSES_ROOT\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}
HKEY_CLASSES_ROOT\interface\{031cbf6a-c70e-4177-a0d4-c5268ee311fb}
HKEY_CLASSES_ROOT\interface\{dd469a88-316c-441d-b712-783d9b9a6707}
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}
HKEY_CLASSES_ROOT\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}
HKEY_CLASSES_ROOT\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}
HKEY_CURRENT_USER\software\zango
HKEY_CURRENT_USER\software\zanu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango
HKEY_LOCAL_MACHINE\software\zango
HKEY_LOCAL_MACHINE\software\zanu
HKEY_CLASSES_ROOT\clsid\{391b0aa4-1e17-485f-b635-0fe26219e87e}
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}
HKEY_CLASSES_ROOT\interface\{d5175f49-39e5-4af1-ba98-e2234869276d}
HKEY_CLASSES_ROOT\typelib\{15ea8944-438e-471e-860d-6743d4383a37}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{56f1d444-11bf-4879-a12b-79cf0177f038}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zanu
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{c1b52e99-7ee0-4217-a072-e4742850e517}

Registry Values:
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\gimmysmileys
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.EHY Trojan Removal instruction
Win32.AcidShiver Trojan Symptoms
Removing BootDr135 Trojan
prosearching.com Hijacker Removal instruction

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)