Zango

[Terry]

This was some nasty stuff to get rid of.

I think AdAware from safe mode fixed it after using F Secure and AVG.

I hope the company folds.

http://seattletimes.nwsource.com/html/businesstechnology/2003356631_zango04.html

 

[David H. Lipman]

From: "Terry" <[email protected]>

| This was some nasty stuff to get rid of.
|
| I think AdAware from safe mode fixed it after using F Secure and AVG.
|
| I hope the company folds.
|
| http://seattletimes.nwsource.com/html/businesstechnology/2003356631_zango04.html

They are still actively pushing their malware.

They are publishing MWV files that are exploiting the windows media Player DRM. Some anti
malware scanners will call this a Wimad trojan. The play the video which either is crappy
or little or no content, it will download a SETUP.EXE file from Zango to install their
malware.

This was actively spammed on MySpace and off and on is being spammed in the alt.binaries.*
hierarchy.

 

[Leythos]

They are publishing MWV files that are exploiting the windows media Player DRM. Some anti
malware scanners will call this a Wimad trojan. The play the video which either is crappy
or little or no content, it will download a SETUP.EXE file from Zango to install their
malware.

Symantec Corporate Edition 10.x catches it, I've seen it caught and
quarantined on several machines.

 

[Terry]

Symantec Corporate Edition 10.x catches it, I've seen it caught and
quarantined on several machines.

I went to Symantec's site. They sometimes have an individual fix for
a virus. Zango is not one of them.

I use F Secure and it works most of the time.

I spoke too soon about getting rid of Zango.

Adware found it and reported that it fixed it.

I can now run Adware and nothing is found, but when I load IE I get 3
browser hijack attempt warnings.

This only happens when I first reboot. It will happen again each
reboot.

 

[Leythos]

I went to Symantec's site. They sometimes have an individual fix for
a virus. Zango is not one of them.

I use F Secure and it works most of the time.

I spoke too soon about getting rid of Zango.

Adware found it and reported that it fixed it.

I can now run Adware and nothing is found, but when I load IE I get 3
browser hijack attempt warnings.

This only happens when I first reboot. It will happen again each
reboot.

You should run Multi-AV, after full updates for all products in it, then
reboot in safe mode and run it again.

One other thing - Spy Bot Search and Destroy has an Advanced mode, where
it will show you broken registry entries and also registry entries that
it may or may not agree with. I use it many times to clean up crap like
you are trying to get rid of (sometimes it's quicker than hand editing
the registry). Try the advanced mode in SBS&D.

 

[PowerUser]

The funniest thing is the way the website tells you that Zango's policy is
to be absolutely open as far as its spyware / malware activities are
concerned (or something like that).

They are banking on the psychology of reciprocation. By extending a favor
to the unsuspecting masses who want to see those videos, and being open
about their 'activities' they are actually attracting people to install
their stuff, which is a counter favor, which some don't seem to mind
reciprocating with.

 

[David H. Lipman]

From: "Leythos" <[email protected]>

|
| Symantec Corporate Edition 10.x catches it, I've seen it caught and
| quarantined on several machines.
|

Yes. They do handle it well.