Home / malwarePDF  

Adware:Win32/ZangoShoppingreports


First posted on 04 February 2009.
Source: SecurityHome

Aliases :

Adware:Win32/ZangoShoppingreports is also known as Also Known As:Win32/Adware.Toolbar.Shopper (ESET), AdWare.Win32.Shopper.k (Kaspersky), SmartShopper (McAfee), Adware.Hotbar (Symantec), Adware_Hotbar (Trend Micro), Adware:Win32/Hotbar.Shoppingreports (other).

Explanation :

Adware:Win32/ZangoShoppingreports displays targeted advertising to affected users while browsing the Internet, based on search terms entered into search engines.

Symptoms
System ChangesThe following system changes may indicate the presence of Adware:Win32/ZangoShoppingreports:

  • Presence of the following folders:
    %ProgramFiles%shoppingreport
    %APPDATA%shoppingreport
  • Presence of the following files:
    %ProgramFiles%shoppingreportcspersist.dbs
    %APPDATA%shoppingreportcspersist.dbs
  • Presence of the following registry modifications:
    HKEY_CLASSES_ROOTclsid{100EB1FD-D03E-47FD-81F3-EE91287F9465}
    HKEY_CLASSES_ROOTclsid{20EA9658-6BC3-4599-A87D-6371FE9295FC}
    HKEY_CLASSES_ROOTclsid{A16AD1E9-F69A-45AF-9462-B1C286708842}
    HKEY_CLASSES_ROOTclsid{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
    HKEY_CLASSES_ROOTclsid{C9CCBB35-D123-4A31-AFFC-9B2933132116}
    HKEY_CLASSES_ROOTclsid{D785C393-A164-8635-93C3-85D764A13586}
    HKEY_CLASSES_ROOTShoppingReport.HbAx
    HKEY_CLASSES_ROOTShoppingReport.HbAx.1
    HKEY_CLASSES_ROOTShoppingReport.HbInfoBand
    HKEY_CLASSES_ROOTShoppingReport.HbInfoBand.1
    HKEY_CLASSES_ROOTShoppingReport.IEButton
    HKEY_CLASSES_ROOTShoppingReport.IEButtonA
    HKEY_CLASSES_ROOTShoppingReport.IEButtonA.1
    HKEY_CLASSES_ROOTShoppingReport.IEButton.1
    HKEY_CLASSES_ROOTShoppingReport.RprtCtrl
    HKEY_CLASSES_ROOTShoppingReport.RprtCtrl.1
    HKEY_LOCAL_MACHINESoftwareShoppingReport
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{C5428486-50A0-4a02-9D20-520B59A9F9B2}
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{C5428486-50A0-4a02-9D20-520B59A9F9B3}
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{100EB1FD-D03E-47FD-81F3-EE91287F9465}
    HKEY_CURRENT_USERSoftwareShoppingReport
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExplorer Bars{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExtensionsCmdMapping{C5428486-50A0-4a02-9D20-520B59A9F9B2}
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExtensionsCmdMapping{C5428486-50A0-4a02-9D20-520B59A9F9B3}


    • Adware:Win32/ZangoShoppingreports displays targeted advertising to affected users while browsing the Internet, based on search terms entered into search engines.

    Installation
    When Adware:Win32/ZangoShoppingreports is installed on a computer, it may perform the following actions:
  • Creates the following folders:
    %ProgramFiles%shoppingreport
    %APPDATA%shoppingreport
  • Creates the following files:
    %ProgramFiles%shoppingreportcspersist.dbs
    %APPDATA%shoppingreportcspersist.dbs
  • Adds the following registry keys:
    HKEY_CLASSES_ROOTclsid{100EB1FD-D03E-47FD-81F3-EE91287F9465}
    HKEY_CLASSES_ROOTclsid{20EA9658-6BC3-4599-A87D-6371FE9295FC}
    HKEY_CLASSES_ROOTclsid{A16AD1E9-F69A-45AF-9462-B1C286708842}
    HKEY_CLASSES_ROOTclsid{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
    HKEY_CLASSES_ROOTclsid{C9CCBB35-D123-4A31-AFFC-9B2933132116}
    HKEY_CLASSES_ROOTclsid{D785C393-A164-8635-93C3-85D764A13586}
    HKEY_CLASSES_ROOTShoppingReport.HbAx
    HKEY_CLASSES_ROOTShoppingReport.HbAx.1
    HKEY_CLASSES_ROOTShoppingReport.HbInfoBand
    HKEY_CLASSES_ROOTShoppingReport.HbInfoBand.1
    HKEY_CLASSES_ROOTShoppingReport.IEButton
    HKEY_CLASSES_ROOTShoppingReport.IEButtonA
    HKEY_CLASSES_ROOTShoppingReport.IEButtonA.1
    HKEY_CLASSES_ROOTShoppingReport.IEButton.1
    HKEY_CLASSES_ROOTShoppingReport.RprtCtrl
    HKEY_CLASSES_ROOTShoppingReport.RprtCtrl.1
    HKEY_LOCAL_MACHINESoftwareShoppingReport
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{C5428486-50A0-4a02-9D20-520B59A9F9B2}
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{C5428486-50A0-4a02-9D20-520B59A9F9B3}
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{100EB1FD-D03E-47FD-81F3-EE91287F9465}
    HKEY_CURRENT_USERSoftwareShoppingReport
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExplorer Bars{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExtensionsCmdMapping{C5428486-50A0-4a02-9D20-520B59A9F9B2}
    HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExtensionsCmdMapping{C5428486-50A0-4a02-9D20-520B59A9F9B3}

    • Last update 04 February 2009

     

    TOP

    Malware :