Techies: Please Help!

[tw]

Zango sounds similar to spyware programs made intentionally undeleteable so that information on your machine is constantly sent to a third party computer, et al.

Files to look for:
clientax21.exe
animer.exe
mediagateway.exe
installer.exe
gimmysmile.exe
fev.exe
180sainstalleradperform.exe
mt-uninstaller.exe
sac186.exe
qpij.exe
setup.exe
updater.exe
sv.exe
zangomesse.exe
zangotbuninstaller.exe
zangotbinstaller.exe
zangoinstaller.exe
%program_files%\zango\zango.exe
zanu.exe
180sainstalleradperform.exe
180solutions.cab
a7f284ec20.dll
animer.exe
clientax21.exe
fev.exe
gimmysmile.exe
installer.exe
mediagatew.ex_
18014.mht
18018.mht
mediagateway.exe
mt-uninstaller.exe
npclntax.dll
open library.url
qpij.exe
res12.tmp
sac186.exe
saix.dll
setup.exe
sv.exe
uninstall zango instructions.lnk
updater.exe
zango customer support.url
zango.com.url
zango.exe
zango.ico
zango_kyf.dat
zangoau.dat
zangohook.dll
zangoinstaller.exe
zangomesse.exe
zangotb.dll
zangotbinstaller.exe
%program_files%\zango\zangohook.dll
%programs%\zango programs\zango.com.url
%programs%\zango\uninstall zango instructions.lnk
%programs%\zango\zango customer support.url
%programs%\zango\zango.com.url
zanu.exe
zanu_kyf.dat
zanuau.dat
zanuhook.dll
%common_programs%\zango\open library.url
%common_programs%\zango\uninstall zango instructions.lnk
%common_programs%\zango\zango customer support.url
%common_programs%\zango\zango.com.url
zangotbuninstaller.exe
%program_files%\zango programs\common\libraries\cryptoapi.dll
%program_files%\zango programs\common\zango.ico
%program_files%\zango\zango.exe
%program_files%\zango\zango_gdf.dat
%program_files%\zango\zango_hpk.dat
%program_files%\zango\zango_kyf.dat
%program_files%\zango\zango_kyf_update.dat
%program_files%\zango\zangoau.dat

Registry entries (execte REGEDIT to find these):
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zanu
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zango
HKEY_CLASSES_ROOT\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}
HKEY_CLASSES_ROOT\appid\{f1f040d5-e8f8-4680-b101-9334e9773841}
HKEY_CLASSES_ROOT\appid\zangotoolbar.dll
HKEY_CLASSES_ROOT\appid\zangotoolbar.dll appid
HKEY_CLASSES_ROOT\clientax.zangoclientax
HKEY_CLASSES_ROOT\clientax.zangoclientax.1
HKEY_CLASSES_ROOT\clientax.zangoclientax.1\clsid
HKEY_CLASSES_ROOT\clientax.zangoclientax\clsid
HKEY_CLASSES_ROOT\clientax.zangoclientax\curver
HKEY_CLASSES_ROOT\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}
HKEY_CLASSES_ROOT\clsid\{391b0aa4-1e17-485f-b635-0fe26219e87e}
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\control
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\inprocserver32 threadingmodel
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\miscstatus
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\miscstatus\1
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\progid
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\programmable
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\toolboxbitmap32
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\typelib
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\version
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\versionindependentprogid
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\control
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\inprocserver32 threadingmodel
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\miscstatus
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\miscstatus\1
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\progid
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\programmable
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\toolboxbitmap32
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\version
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\versionindependentprogid
HKEY_CLASSES_ROOT\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a} appid
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\inprocserver32 threadingmodel
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\progid
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\programmable
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\typelib
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\versionindependentprogid
HKEY_CLASSES_ROOT\interface\{d5175f49-39e5-4af1-ba98-e2234869276d}
HKEY_CLASSES_ROOT\interface\{dd469a88-316c-441d-b712-783d9b9a6707}
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\0
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\0\win32
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\flags
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\helpdir
HKEY_CLASSES_ROOT\typelib\{15ea8944-438e-471e-860d-6743d4383a37}
HKEY_CLASSES_ROOT\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}
HKEY_CLASSES_ROOT\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}
HKEY_CURRENT_USER\software\zango
HKEY_CURRENT_USER\software\zango actionurl_current_version
HKEY_CURRENT_USER\software\zango actionurl_last_full_version
HKEY_CURRENT_USER\software\zango cdata
HKEY_CURRENT_USER\software\zango geourl_current_version
HKEY_CURRENT_USER\software\zango geourl_last_full_version
HKEY_CURRENT_USER\software\zango keyword_current_version
HKEY_CURRENT_USER\software\zango keyword_last_chunk
HKEY_CURRENT_USER\software\zango keyword_last_full_version
HKEY_CURRENT_USER\software\zango keyword_updating_ver
HKEY_CURRENT_USER\software\zango last_conn_h
HKEY_CURRENT_USER\software\zango last_conn_l
HKEY_CURRENT_USER\software\zango timeoffset
HKEY_CURRENT_USER\software\zango we
HKEY_CURRENT_USER\software\zanu
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1 expdescription
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar {ea0d26bd-9029-431a-86e0-83152d67828a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\zango
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{56f1d444-11bf-4879-a12b-79cf0177f038}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\documents and settings\all users\start menu\programs\zango programs\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\common\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\common\libraries\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\zango tv times\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zango
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zanu
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\mediagatewayx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{c1b52e99-7ee0-4217-a072-e4742850e517}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zanu
HKEY_LOCAL_MACHINE\software\zango
HKEY_LOCAL_MACHINE\software\zango cvf
HKEY_LOCAL_MACHINE\software\zango duid
HKEY_LOCAL_MACHINE\software\zango partner_id
HKEY_LOCAL_MACHINE\software\zango product_id
HKEY_LOCAL_MACHINE\software\zango umt
HKEY_LOCAL_MACHINE\software\zanu


Variations of above summaries will exist. If malware, some registry and file entries would be deleted only to reappear. NY State Attorney General is suing some companies for doing software
"which advertised "free" software available for download, including screensavers, screen cursors and games. The Attorney General found that along with these programs, Intermix secretly downloaded a number of ad-delivery programs. One such program was called "KeenValue" and it delivered pop-up ads to its unsuspecting users. Another program, "IncrediFind," redirected web addresses to Intermix's proprietary search engine. Other programs placed advertising "toolbars" on users' screens".

Search for special software dedicated to only removing that malware. Without that software, history says - your fried. Your computer integrity remains way too dangerous to use for anything secure - ie bank account, Amazon, credit cards, etc.

Last time I fixed one of these computers, it was sending information to computers in Ukraine and Russia.