Adware.Zwunzi

Adware.Zwunzi is a browser hijacker object affecting Internet Explorer and Firefox, redirecting searches.

Updated: December 3, 2009
Discovery Date: December 2, 2009
Systems at Risk: Windows Based Operating Systems
Aliases: AdWare.Win32.Zwangi.ac, Adware.OneStep

Associated MD5's
22925C0136C490D25AFCB9A330C56CB1
21E6282042F5FC2A0E47E5324708B6E8
B79F0ACFDFDA46CC083AEACD3075E2F0
6603DC295EC68736E02EA173B93E1F5F

 

The following files are created when Adware.Zwunzi runs.
[zwunzi###.exe - Changes based on the version. ###]

  • %ProgramFiles%\Zwunzi
  • %homedrive%\Documents and Settings\All Users\Application Data\Zwunzi
  • %ProgramFiles%\Zwunzi\uninstall.exe
  • %ProgramFiles%\Zwunzi\zwunzi.dll
  • %ProgramFiles%\Zwunzi\zwunzi.exe
  • %CommonAppData%\Zwunzi\zwunzi119.exe
  • %CommonAppData%\Zwunzi\zwunzi128.exe

The following registry entries are created.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zwunzi\"DisplayName" = "Zwunzi 1.0 build 128"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zwunzi\"DisplayName" = "Zwunzi 1.0 build 119"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zwunzi\"UninstallString" = "%ProgramFiles%\Zwunzi\uninstall.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Cid" = "466705c1534b4aee8c896579946b055f"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"DllPath = "%ProgramFiles%\Zwunzi\zwunzi.dll"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Initial" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Partner" = "ZWUNZI128"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Primary" = "f403"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"ShowBarSign" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"ShowToolbarButton" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Src" = "zwunzi"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Version" = "1001c"
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZWUNZI_SERVICE
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWUNZI_SERVICE
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service\Security

Add this page to your favorite Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Free and Open Source Software News Google! Live! Facebook! StumbleUpon! TwitThis Joomla Free PHP
< Prev   Next >

Last Updated ( Thursday, 03 December 2009 13:03 )