Home / malware Adware:Win32/ZangoShoppingreports.A
First posted on 24 April 2009.
Source: SecurityHomeAliases :
Adware:Win32/ZangoShoppingreports.A is also known as Also Known As:AdWare.Win32.Shopper.q (Kaspersky), Adware.Hotbar (Symantec).
Explanation :
Adware:Win32/ZangoShoppingreports.A is potentially unwanted software that may have been installed without user consent, and possibly accompanied by third-party programs or applications.
Symptoms
System ChangesThe following system changes may indicate the presence of Adware:Win32/ZangoShoppingreports.A:Presence of these files:
installerhelperplugin.dll
install.dll
shoppingreport.dll
uninst.dllPresence of this registry key: With value: 1000001010In subkey: HKEY_CURRENT_USERSoftwareShoppingReport
Key: InstallAffid
Adware:Win32/ZangoShoppingreports.A is potentially unwanted software that may have been installed without user consent, and possibly accompanied by third-party programs or applications.
Installation
This component may be installed by a third-party program. The installer may drop these files onto the computer:installerhelperplugin.dllinstall.dllshoppingreport.dlluninst.dll During installation, a remote Web site may be contacted and two certificate files retrieved from the following locations:crl.verisign.com/pca3.crl
csc3-2004-crl.verisign.com/CSC3-2004.crl Additionally, the program adds the following registry key and values:Adds key: InstallAffidWith value: 1000001010In subkey: HKEY_CURRENT_USERSoftwareShoppingReportAdds key: PendingFileRenameOperationsWith value: %Temp%
sy2.tmpinstall.dllIn subkey: ..RegistryMachineSystemCurrentControlSetControlSession ManagerAdditional InformationWe received reports that some users may have encountered this program after installing a Web application add-on named 'My Admirer', for the Web community Facebook:
Analysis by SubratamLast update 24 April 2009
