Why Norton Internet Security could not prevent infection of adware.ZangoSearch?

Ihis is a serious question. Why Norton Internet Security could not prevent my WIndows Vista-based computer from infection by adware.ZangoSearch?

My new Asus computer is pre-installed Windows Vista. After Windows activation and installation of the network connection software, I started the scan from Norton Internet Security (also pre-installed). Four adware.ZangoSearch adwares have been found. iexplore.exe and many other applications have been affected. The Norton Internet Security recommended "ignore" because removal of such adware might cease certain programs from running.

I do not satisfy with the Norton Internet Security report.

First of all, Norton Internet Security did not trace the course of infection and tell me when and how the adware entered my computer, so that I can be alert of it next time. I even don't know if the adware.ZangoSearch has been bundled with Windows Vista or come in during the installation of the netwrok connection software.

If adware.ZangoSearch entered my computer AFTER Norton Interest Security was installed and ran, why Norton Interest Security couldn't prevent it from happening?

Any one can tell me the answers?

 

Hi IvanH
My guess (others here might give you a better answer) is with all OEM machines, HP, Dell....
Come with bundled software, WildTangent games, Vongo and other stuff, this is done to keep the price down on PC's. These people "pay" to have their stuff on the machine so it will then cost the consumer less to buy one.

I would guess that some software that came with the machine had zango bundled with it.

Geri

 

The first thing users need to realize is there is no software which is bullet proof. Regardless of how much you spend, or how innocent the threat is.

They have all failed at one point or another.

The second thing users need to know, is that security software, any security software can produce false\positives.

I'd like to know exactly what it was that Norton found to be Adware.ZangoSearch. Was it a cookie? A registry key, a file or folder? By giving us just 'iexplore.exe' as a lone indicator, it could have been a legitimate application using the file, and of no threat.

Condemning an application without researching is not the best way to learn. At least you thought to post into a security forum.

Give us more details so we can find out what, if any infection you have.

 

Hi TeMerc and Geri,

Here it comes part the adware report for your reference. (due to the size, I have deleted 2/3 of the lines in the report.

Scan Stats:
Scan Time: 2318
Scan Options:
Scan Targets: C:, D:
Counts:
Total items scanned: 278242
- Files & Directories: 273729
- Registry Entries: 155
- Processes & Start-up Items: 4289
- Network & Browser Items: 48
- Potential Unknown Threats: 16
- Other: 5

Total security risks detected: 4
Total items resolved: 0
Total items that require attention: 4

Resolved Threats:


Unresolved Threats:
Adware.ZangoSearch
Virus ID: 4294906905
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Medium Performance, Low Privacy)
Categories: Adware
State: Not Attempted
-----------
289 Registry Entries
HKEY_USERS\S-1-5-19\Software\tzl4 - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\tzl4 - No action taken
HKEY_USERS\S-1-5-20\Software\tzl4 - No action taken
HKEY_USERS\.DEFAULT\Software\tzl4 - No action taken
HKEY_USERS\S-1-5-19\Software\tzl3 - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\tzl3 - No action taken
HKEY_USERS\S-1-5-20\Software\tzl3 - No action taken
HKEY_USERS\.DEFAULT\Software\tzl3 - No action taken
HKEY_USERS\S-1-5-19\SOFTWARE\tzl2 - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\SOFTWARE\tzl2 - No action taken
HKEY_USERS\S-1-5-20\SOFTWARE\tzl2 - No action taken
HKEY_USERS\.DEFAULT\SOFTWARE\tzl2 - No action taken
HKEY_USERS\S-1-5-19\SOFTWARE\bmrg - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\SOFTWARE\bmrg - No action taken
HKEY_USERS\S-1-5-20\SOFTWARE\bmrg - No action taken
HKEY_USERS\.DEFAULT\SOFTWARE\bmrg - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - No action taken
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} - No action taken
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} - No action taken
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} - No action taken
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} - No action taken
HKEY_USERS\S-1-5-19\SOFTWARE\sac - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\SOFTWARE\sac - No action taken
HKEY_USERS\S-1-5-20\SOFTWARE\sac - No action taken
HKEY_USERS\.DEFAULT\SOFTWARE\sac - No action taken
HKEY_USERS\S-1-5-19\SOFTWARE\zango - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\SOFTWARE\zango - No action taken
HKEY_USERS\S-1-5-20\SOFTWARE\zango - No action taken
HKEY_USERS\.DEFAULT\SOFTWARE\zango - No action taken
HKEY_USERS\S-1-5-19\SOFTWARE\ZangoToolbar - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\SOFTWARE\ZangoToolbar - No action taken
HKEY_USERS\S-1-5-20\SOFTWARE\ZangoToolbar - No action taken
HKEY_USERS\.DEFAULT\SOFTWARE\ZangoToolbar - No action taken
HKEY_USERS\S-1-5-19\SOFTWARE\zanu - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\SOFTWARE\zanu - No action taken
HKEY_USERS\S-1-5-20\SOFTWARE\zanu - No action taken
HKEY_USERS\.DEFAULT\SOFTWARE\zanu - No action taken
HKEY_USERS\S-1-5-19\Software\www.zango - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\www.zango - No action taken
HKEY_USERS\S-1-5-20\Software\www.zango - No action taken
HKEY_USERS\.DEFAULT\Software\www.zango - No action taken
HKEY_USERS\S-1-5-19\Software\seekmo - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\seekmo - No action taken
HKEY_USERS\S-1-5-20\Software\seekmo - No action taken
HKEY_USERS\.DEFAULT\Software\seekmo - No action taken
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx - No action taken
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 - No action taken
HKEY_CLASSES_ROOT\seekmohook.SABHO - No action taken
HKEY_CLASSES_ROOT\seekmohook.SABHO.1 - No action taken
HKEY_CLASSES_ROOT\HbCoreSrv.DynamicProp.1 - No action taken
HKEY_CLASSES_ROOT\HbCoreSrv.DynamicProp - No action taken
HKEY_CLASSES_ROOT\ZangoToolbar.ZbCommBand.1 - No action taken
HKEY_CLASSES_ROOT\ZbCoreSrv.LfgAx.1 - No action taken
HKEY_CLASSES_ROOT\ZbCoreSrv.ZbCoreServices.1 - No action taken
HKEY_CLASSES_ROOT\ZbCoreSrv.ZbCoreServices - No action taken
HKEY_CLASSES_ROOT\ZbHostIE.Bho.1 - No action taken
HKEY_CLASSES_ROOT\ZbHostIE.Bho - No action taken
HKEY_CLASSES_ROOT\ZbSrv.ZbCoreServices.1 - No action taken
HKEY_CLASSES_ROOT\ZbSrv.ZbCoreServices - No action taken
HKEY_CLASSES_ROOT\ZbToolbar.ZbHtmlMenuUI.1 - No action taken
HKEY_CLASSES_ROOT\ZbToolbar.ZbHtmlMenuUI - No action taken
HKEY_CLASSES_ROOT\ZbToolbar.ZbToolbarCtl.1 - No action taken
HKEY_CLASSES_ROOT\ZbToolbar.ZbToolbarCtl - No action taken
HKEY_CLASSES_ROOT\ZbTools.HbMain.1 - No action taken
HKEY_CLASSES_ROOT\ZbTools.HbMain - No action taken
HKEY_CLASSES_ROOT\Wallpaper.WallpaperManager.1 - No action taken
HKEY_CLASSES_ROOT\Wallpaper.WallpaperManager - No action taken
HKEY_CLASSES_ROOT\AppID\ZangoToolbar.DLL - No action taken
HKEY_CLASSES_ROOT\AppID\ZangoTB.DLL - No action taken
HKEY_CLASSES_ROOT\AppID\{F1F040D5-E8F8-4680-B101-9334E9773841} - No action taken
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 - No action taken
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller - No action taken
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX - No action taken
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 - No action taken
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 - No action taken
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent - No action taken
HKEY_CLASSES_ROOT\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} - No action taken
HKEY_CLASSES_ROOT\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94} - No action taken
HKEY_CLASSES_ROOT\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334} - No action taken
HKEY_CLASSES_ROOT\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1} - No action taken
HKEY_CLASSES_ROOT\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB} - No action taken
HKEY_CLASSES_ROOT\Interface\{195EF37C-0FF4-4AEF-B51B-47D326F01978} - No action taken
HKEY_CLASSES_ROOT\Interface\{1D5DF418-73EA-4B20-B0D1-5F9C6C949CB0} - No action taken
HKEY_CLASSES_ROOT\Interface\{30022029-2C17-4A99-87D2-A382C674A19D} - No action taken
HKEY_CLASSES_ROOT\Interface\{3A6691EA-C844-46F2-9237-1386A85CE119} - No action taken
HKEY_CLASSES_ROOT\ZangoToolbar.ZbCommBand - No action taken
HKEY_CLASSES_ROOT\ZbCoreSrv.LfgAx - No action taken
HKEY_CLASSES_ROOT\ncmyb.SABHO.1 - No action taken
HKEY_CLASSES_ROOT\ncmyb.SABHO - No action taken
HKEY_CLASSES_ROOT\zangohook.SABHO.1 - No action taken
HKEY_CLASSES_ROOT\zangohook.SABHO - No action taken
HKEY_CLASSES_ROOT\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251} - No action taken
HKEY_CLASSES_ROOT\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E} - No action taken
HKEY_CLASSES_ROOT\TypeLib\{7586A473-7A57-4641-8155-E87135D0E2F4} - No action taken
HKEY_CLASSES_ROOT\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2} - No action taken
HKEY_CLASSES_ROOT\ZangoInstaller.ZangoInstaller.1 - No action taken
HKEY_CLASSES_ROOT\ZangoInstaller.ZangoInstaller - No action taken
HKEY_CLASSES_ROOT\ZangoToolbar.ZCToolBand.1 - No action taken
HKEY_CLASSES_ROOT\ZangoToolbar.ZCToolBand - No action taken
HKEY_CLASSES_ROOT\Installer\Features\3C44C9E989F309840BA2E6526337DF6B - No action taken
HKEY_CLASSES_ROOT\Installer\Products\3C44C9E989F309840BA2E6526337DF6B - No action taken
HKEY_CLASSES_ROOT\Installer\Features\30FE0945E3556D244A73B9BF074C2513 - No action taken
HKEY_CLASSES_ROOT\Installer\Products\30FE0945E3556D244A73B9BF074C2513 - No action taken
HKEY_CLASSES_ROOT\Installer\Features\99E25B1C0EE771240A274E4782055E71 - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\bmrg - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\dvelapmj - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar->{EA0D26BD-9029-431A-86E0-83152D67828A} - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Explorer Bars\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Explorer Bars\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} - No action taken
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->zanu - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->zango - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Library of the Ages\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Library of the Ages\images\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Library of the Ages\picts\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Documents and Settings\All Users\Start Menu\Programs\Zango Programs\Library of the Ages\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\WINDOWS\Installer\{9E9C44C3-3F98-4890-B02A-6E253673FDB6}\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Common\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Common\Libraries\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Zango Grab & Burn\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Zango TV\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Zango TV Times\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Zango TV\images\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Program Files\Zango Programs\Zango TV\picts\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Documents and Settings\All Users\Start Menu\Programs\Zango Programs\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Documents and Settings\All Users\Start Menu\Programs\Zango Programs\Zango Grab & Burn\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Documents and Settings\All Users\Start Menu\Programs\Zango Programs\Zango TV\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\Documents and Settings\All Users\Start Menu\Programs\Zango Programs\Zango TV Times\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders->C:\WINDOWS\Installer\{5490EF03-553E-42D6-A437-9BFB70C45231}\ - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\013290A449121B746B576944655A3555 - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\093F9D2C6DEEEB745B206BE78CFD6D68 - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094->A31D49F10E27C7E44A7D0D266ADFF3AA - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13A54A65D02DF2B469A4A509039DDB61 - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1537BD859D267CF4F9834CC129507143 - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F9B25AAA3D1A594A998A48799FB72D8->A31D49F10E27C7E44A7D0D266ADFF3AA - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BAE2D2E40C6EF94295FC12E43F5CE5E - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5678ED8F70B85904B86034E628FAF8FE - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F4608E3610F2B94D8BEF5B796B9D499 - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\30FE0945E3556D244A73B9BF074C2513 - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A31D49F10E27C7E44A7D0D266ADFF3AA - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9E9C44C3-3F98-4890-B02A-6E253673FDB6} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F94D13A-72E0-4E7C-A4D7-D062A6FD3FAA} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bmrg - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sac - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango Toolbar - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zanu - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango Grab & Burn - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango Muncher - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Air Hockey - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Checkers - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Foosball - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango Messenger - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\seekmo - No action taken
HKEY_USERS\S-1-5-19\AppEvents\EventLabels\EMMSG_ContactOnline - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\AppEvents\EventLabels\EMMSG_ContactOnline - No action taken
HKEY_USERS\S-1-5-20\AppEvents\EventLabels\EMMSG_ContactOnline - No action taken
HKEY_USERS\.DEFAULT\AppEvents\EventLabels\EMMSG_ContactOnline - No action taken
HKEY_USERS\S-1-5-19\AppEvents\EventLabels\EMMSG_NewMail - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\AppEvents\EventLabels\EMMSG_NewMail - No action taken
HKEY_USERS\S-1-5-20\AppEvents\EventLabels\EMMSG_NewMail - No action taken
HKEY_USERS\.DEFAULT\AppEvents\EventLabels\EMMSG_NewMail - No action taken
HKEY_USERS\S-1-5-19\AppEvents\EventLabels\EMMSG_NewMessage - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\AppEvents\EventLabels\EMMSG_NewMessage - No action taken
HKEY_USERS\S-1-5-20\AppEvents\EventLabels\EMMSG_NewMessage - No action taken
HKEY_USERS\.DEFAULT\AppEvents\EventLabels\EMMSG_NewMessage - No action taken
HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\EMMSGS - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\AppEvents\Schemes\Apps\EMMSGS - No action taken
HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\EMMSGS - No action taken
HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\EMMSGS - No action taken
HKEY_USERS\S-1-5-19\Software\Zango Messenger - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Zango Messenger - No action taken
HKEY_USERS\S-1-5-20\Software\Zango Messenger - No action taken
HKEY_USERS\.DEFAULT\Software\Zango Messenger - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\sac - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Zango - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\ZangoToolbar - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Zango Programs - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\zanu - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/Zango Games/AirHockey/INSTALL.LOG - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/Zango Games/Foosball/INSTALL.LOG - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/Zango Applications/Zango Grab & Burn/INSTALL.LOG - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/Zango Games/Checkers/INSTALL.LOG - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\TG Byte Software\Setup\CurrentVersion\unInstall Specialist->Easy Guitar Tab Maker Pro@v1.5 (Visaid Development) - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\RAS Autodial\Control->LoginSessionDisable:0 - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Microsoft\RAS Autodial\Control->LoginSessionDisable:0 - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\RAS Autodial\Control->LoginSessionDisable:0 - No action taken
HKEY_USERS\.DEFAULT\Software\Microsoft\RAS Autodial\Control->LoginSessionDisable:0 - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Easy Guitar Tab Maker Pro 1.5 - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\David vs Goliath - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Chess - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/Zango Games/Chess/INSTALL.LOG\ - No action taken
HKEY_USERS\S-1-5-19\Software\Lantern Games\Chess - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Lantern Games\Chess - No action taken
HKEY_USERS\S-1-5-20\Software\Lantern Games\Chess - No action taken
HKEY_USERS\.DEFAULT\Software\Lantern Games\Chess - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E291693-CFD5-43AF-868C-C6FFCE1D2D32} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs->C:\Program Files\Zango\ZangoTV\Uninstall.exe - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Zango Applications - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Zango Applications - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Zango Applications - No action taken
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Zango Applications - No action taken
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Zango Programs - No action taken
HKEY_USERS\S-1-5-21-4060696653-1052488212-1705522622-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Zango Programs - No action taken
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Zango Programs - No action taken
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Zango Programs - No action taken
HKEY_CLASSES_ROOT\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F} - No action taken
HKEY_CLASSES_ROOT\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A} - No action taken
HKEY_CLASSES_ROOT\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109FD3D-D891-4f80-8339-50A4913ACE6F} - No action taken
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90B5A95A-AFD5-4d11-B9BD-A69D53D22226} - No action taken
25 Files
c:\Users\Ivan\limewireshared\05 track 5.wma - No action taken
C:\Users\Public\Desktop\Zango Grab & Burn.lnk - No action taken
C:\Users\Public\Desktop\Zango TV.lnk - No action taken
C:\Users\Ivan\Local Settings\Temp\Bidulator.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\windows\downloaded program files\clientax.inf - No action taken
C:\Windows\Downloaded Program Files\clientax.inf - No action taken
C:\Users\Ivan\Desktop\Air Hockey.lnk - No action taken
C:\Users\Ivan\Desktop\Zango Messenger.lnk - No action taken
C:\Users\Ivan\Desktop\Foosball.lnk - No action taken
C:\Users\Ivan\Desktop\Zango Grab & Burn.lnk - No action taken
C:\Users\Ivan\Desktop\Checkers.lnk - No action taken
C:\Users\Ivan\Desktop\Zango Muncher.lnk - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\mozilla firefox\components\npclntax.xpt - No action taken
C:\Program Files\Mozilla Firefox\components\npclntax.xpt - No action taken
C:\Users\Ivan\Desktop\David vs Goliath.lnk - No action taken
C:\Users\Ivan\Desktop\Chess.lnk - No action taken
C:\Users\Ivan\Desktop\ZangoTV.lnk - No action taken
C:\Users\Public\Desktop\Zango TV times.lnk - No action taken
C:\Users\Public\Desktop\Library of the Ages.lnk - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\windows\downloaded program files\zangoinstaller.dll - No action taken
C:\Windows\Downloaded Program Files\ZangoInstaller.dll - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\windows\downloaded program files\zangoinstaller.inf - No action taken
C:\Windows\Downloaded Program Files\ZangoInstaller.inf - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\windows\downloaded program files\zangolib.dll - No action taken
C:\Windows\Downloaded Program Files\ZangoLib.dll - No action taken
16 Processes
C:\Users\Ivan\AppData\Local\virtualstore\program files\internet explorer\iexplore.exe - No action taken
C:\Program Files\Internet Explorer\iexplore.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\zango games\jade shadow\jade.exe - No action taken
C:\Program Files\Zango Games\Jade Shadow\jade.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\zango games\library of ages\library.exe - No action taken
C:\Program Files\Zango Games\Library of Ages\library.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\internet explorer\iexplore.exe - No action taken
C:\Program Files\Internet Explorer\iexplore.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\zango games\jade shadow\jade.exe - No action taken
C:\Program Files\Zango Games\Jade Shadow\jade.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\zango games\jade shadow\jade.exe - No action taken
C:\Program Files\Zango Games\Jade Shadow\jade.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\zango games\library of ages\library.exe - No action taken
C:\Program Files\Zango Games\Library of Ages\library.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\zango games\library of ages\library.exe - No action taken
C:\Program Files\Zango Games\Library of Ages\library.exe - No action taken
1 Browser Cache

1 System Action



c:\users\public\music\omer simeon - clarinet - new orlean 01 track 1.wma - No action taken
c:\users\public\music\omer simeon - clarinet - new orlean 01 track 1 (2).wma - No action taken
C:\Users\Public\Desktop\Zango Grab & Burn.lnk - No action taken
C:\Users\Public\Desktop\Zango TV.lnk - No action taken
C:\Users\Ivan\Local Settings\Temp\Bidulator.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\windows\downloaded program files\clientax.inf - No action taken
C:\Windows\Downloaded Program Files\clientax.inf - No action taken
C:\Users\Ivan\Desktop\Air Hockey.lnk - No action taken
C:\Users\Ivan\Desktop\Zango Messenger.lnk - No action taken
C:\Users\Ivan\Desktop\Foosball.lnk - No action taken
C:\Users\Ivan\Desktop\Zango Grab & Burn.lnk - No action taken
C:\Users\Ivan\Desktop\Checkers.lnk - No action taken
C:\Users\Ivan\Desktop\Zango Muncher.lnk - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\mozilla firefox\components\npclntax.xpt - No action taken
C:\Program Files\Mozilla Firefox\components\npclntax.xpt - No action taken
C:\Users\Ivan\Desktop\David vs Goliath.lnk - No action taken
C:\Users\Ivan\Desktop\Chess.lnk - No action taken
C:\Users\Ivan\Desktop\ZangoTV.lnk - No action taken
C:\Users\Public\Desktop\Zango TV times.lnk - No action taken
C:\Users\Public\Desktop\Library of the Ages.lnk - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\windows\downloaded program files\zangoinstaller.dll - No action taken
C:\Windows\Downloaded Program Files\ZangoInstaller.dll - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\windows\downloaded program files\zangoinstaller.inf - No action taken
C:\Windows\Downloaded Program Files\ZangoInstaller.inf - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\windows\downloaded program files\zangolib.dll - No action taken
C:\Windows\Downloaded Program Files\ZangoLib.dll - No action taken
12 Processes
C:\Users\Ivan\AppData\Local\virtualstore\program files\internet explorer\iexplore.exe - No action taken
C:\Program Files\Internet Explorer\iexplore.exe - No action taken
C:\Users\Ivan\AppData\Local\virtualstore\program files\internet explorer\iexplore.exe - No action taken
C:\Program Files\Zango Games\Library of Ages\library.exe - No action taken
1 Browser Cache

1 System Action


1 Browser Cache

1 System Action

 

And this system is brand new? Never been online except for the last day or so??

With that much Zango content, it must have been pre-installed by the OEM installer as Geri mentioned.

Did you get an XP install disk, one which does not contain all the extra crapware that is on the system now? If not you may have to resort to some other cleaning method.

There is the PC Decrapifier which is supposed to work wonders. But to be honest, I'd be calling up whomever I bought the PC from and complain vehemently about the inclusion of such software.

I'm curious to see a HijackThis! log file.

Please download HijackThis! SetUp from here. Save the file to your desktop.

Double-click the HijackThis! SetUp icon to begin the installation. Follow the prompts for the default install location of:'C:\Program Files\HijackThis'. Tick the 'Create a desktop' button when the option appears. Select next, then allow HijackThis! to start.

Then press the [Scan] button. You will notice the [Scan] button will turn into a [Save Log] button. Click the [Save Log] button and notepad will open up with the contents of the scan. Right-click in the saved log, and select 'copy'. Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed. Do not make any modifications to the log or perform any 'fixes' until told to do so.

 

Pretty Lucky its that clean - or did you miss the Limewire?

 

Hi Rockster2U,

Thanks for your hints. Perhaps I forgot to "off-line" during LimeWire installation and configuration to turn off the "sharing" function. It's the first time I installed the LimeWire in order to understand it's risk. It's really risky! And adware comes in during that few minutes. But I forgot to mention that the Windows Defender should be active together with Norton Internet Security. But Windows Defender couldn't detect the adware.ZangoSearch.

I'll try HijackThis soon.

 

As I suspected, this isn't really a matter of failed protection so much as an unsafe user doing unsafe things. I'd almost be willing to bet had you not had Norton and Defender in place, the infection would have been far worse.

 

Hi TeMerc,

When I installed LimeWire, Notron and Defender had already in place. Does it mean that these security software protect only operating PC but not during installation? I remember not long ago (I mean a few years), we have to turn off the security software before installation. Now we don't need to do so. So, from a user view, whenever a computer is turned on and security software is running, full protection will be expected. Well, at least this is what a consumer paid for. Of course, I should be responsible for choosing the software from the market. Anyway, I took reasonable steps already and I think it has been the best any ordinary user will do.

Back to the business, I have prepared the HijackThis log file. How do I upload it to you? Regards.

 

The NIS 2007 does not have a spyware module in it, just anti-spam and av along with firewall. Assuming this is NIS 2006. And Defender certainly is not enough, obviously. As it appears you are well aware of Limewire's potential for infections, I'd think you would have more than one app to try and stay clean. I bet Norton's firewall prevented more from being installed, tho, at the same time, I bet you got several alerts to allow the Limewire connections out to the Net too.

All you have to do is paste the log file from the HJT report and someone will get a look at it. Not likely to be me however, as I'm swamped with working on preparing my home for sale and don't have the time to invest in any logs at the moment.