Zango Adware

Zango description:
Zango Category:Adware,Hijacker,Toolbar
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Detection Zango :

Zango Files:
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbCoreSrv.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbHostIE.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbSrv.exe
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbToolbar.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbCoreSrv.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbSrv.exe
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbToolbar.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbWallpaper.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbCoreSrv.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbHostIE.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbSrv.exe
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.2.0\ZbToolbar.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbCoreSrv.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbSrv.exe
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbToolbar.dll
[%PROGRAM_FILES%]\ZangoToolbar\Bin\4.8.3.0\ZbWallpaper.dll

Zango Folders:
[%APPDATA%]\ZangoToolbar
[%PROGRAM_FILES%]\ZangoToolbar

Zango Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c}
HKEY_CLASSES_ROOT\clsid\{37e5d130-e81c-43e5-a2ad-9c155467f334}
HKEY_CLASSES_ROOT\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}
HKEY_CLASSES_ROOT\clsid\{7585af6a-6d68-4896-a1a1-f23aa8fcf9f1}
HKEY_CLASSES_ROOT\clsid\{8109fd3d-d891-4f80-8339-50a4913ace6f}
HKEY_CLASSES_ROOT\clsid\{97ce9a1f-672e-4cf4-b483-9de6bcb4cb1e}
HKEY_CLASSES_ROOT\clsid\{ac17d2fb-6c7a-47b7-bb3d-ec879bc3c911}
HKEY_CLASSES_ROOT\clsid\{cf1a5756-f372-463e-bc20-1d3d58f4b9af}
HKEY_CLASSES_ROOT\clsid\{d318484f-1800-441a-8661-a1dea5f8800e}
HKEY_CLASSES_ROOT\interface\{06784c15-b640-40f8-aee8-3c1a3c7a899c}
HKEY_CLASSES_ROOT\interface\{195ef37c-0ff4-4aef-b51b-47d326f01978}
HKEY_CLASSES_ROOT\interface\{1d5df418-73ea-4b20-b0d1-5f9c6c949cb0}
HKEY_CLASSES_ROOT\interface\{30022029-2c17-4a99-87d2-a382c674a19d}
HKEY_CLASSES_ROOT\interface\{3a6691ea-c844-46f2-9237-1386a85ce119}
HKEY_CLASSES_ROOT\interface\{3d2e7662-85fb-4cc1-875c-a624b1aa5d96}
HKEY_CLASSES_ROOT\interface\{610e0e95-8f2f-4b71-966e-f91701d4dc2c}
HKEY_CLASSES_ROOT\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64}
HKEY_CLASSES_ROOT\interface\{72feeb09-bb27-46d3-a06d-930d4d544227}
HKEY_CLASSES_ROOT\interface\{736918fe-2349-4230-ba9a-1f23649e32ad}
HKEY_CLASSES_ROOT\interface\{85e06077-c824-43d0-a8dc-5efb17bc348a}
HKEY_CLASSES_ROOT\interface\{89d36231-6bd9-4e20-bba0-fd28c3a83c40}
HKEY_CLASSES_ROOT\interface\{972bc913-312c-44b7-aa91-4ae3ec2e264b}
HKEY_CLASSES_ROOT\interface\{a0ba9f0f-bcef-49cf-8a8e-d87e19e066f3}
HKEY_CLASSES_ROOT\interface\{a53762b6-30f7-469f-ba92-13d63cf09a93}
HKEY_CLASSES_ROOT\interface\{b24ff4f6-d327-4208-8840-68ccef7d6125}
HKEY_CLASSES_ROOT\interface\{bd31df26-7178-41f4-88dd-f16b82d827ca}
HKEY_CLASSES_ROOT\interface\{c4db76d5-b430-4652-8599-7cd2c8fe6cc6}
HKEY_CLASSES_ROOT\interface\{e4662b0a-da6b-4408-a73b-5a2bbb2b0cc8}
HKEY_CLASSES_ROOT\interface\{e775c662-85d0-438e-82f0-6bce20a8e154}
HKEY_CLASSES_ROOT\interface\{e977de7c-34ea-4876-b333-207c4504589e}
HKEY_CLASSES_ROOT\typelib\{049b9813-c417-4a47-a893-604fad16b251}
HKEY_CLASSES_ROOT\typelib\{4dbe6b29-59fc-400c-915b-fb57a5cd533e}
HKEY_CLASSES_ROOT\typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34}
HKEY_CLASSES_ROOT\typelib\{7586a473-7a57-4641-8155-e87135d0e2f4}
HKEY_CLASSES_ROOT\typelib\{dc92ee2e-df2d-4a80-a48b-17377c81cfc2}
HKEY_CLASSES_ROOT\zangohook.sabho
HKEY_CLASSES_ROOT\zangohook.sabho.1
HKEY_CLASSES_ROOT\zangotoolbar.zbcommband
HKEY_CLASSES_ROOT\zangotoolbar.zctoolband
HKEY_CLASSES_ROOT\zangotoolbar.zctoolband.1
HKEY_CLASSES_ROOT\zbcoresrv.lfgax
HKEY_CLASSES_ROOT\zbcoresrv.zbcoreservices
HKEY_CLASSES_ROOT\zbhostie.bho
HKEY_CLASSES_ROOT\zbsrv.zbcoreservices
HKEY_CLASSES_ROOT\zbtoolbar.zbhtmlmenuui
HKEY_CLASSES_ROOT\zbtoolbar.zbtoolbarctl
HKEY_CLASSES_ROOT\zbtools.hbmain
HKEY_CURRENT_USER\software\zangotoolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools
HKEY_LOCAL_MACHINE\software\zango programs
HKEY_LOCAL_MACHINE\software\zangotoolbar
HKEY_CLASSES_ROOT\clsid\{5cbe2611-c31b-401f-89bc-4cbb25e853d7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5cbe2611-c31b-401f-89bc-4cbb25e853d7}

Zango Registry Values:
HKEY_CLASSES_ROOT\interface\{06784c15-b640-40f8-aee8-3c1a3c7a899c}\typelib
HKEY_CLASSES_ROOT\interface\{195ef37c-0ff4-4aef-b51b-47d326f01978}\typelib
HKEY_CLASSES_ROOT\interface\{1d5df418-73ea-4b20-b0d1-5f9c6c949cb0}\typelib
HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zangotoolbarwebtools
HKEY_CURRENT_USER\software\microsoft\internet explorer\explorer bars\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c}, barsize=23,01,00,00,00,00,00
HKEY_LOCAL_MACHINE\software\fdlgyaph
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar

Removing Zango:

you can run trial version of ExterminateIt, or remove Zango manually.

---

To completely manually remove Zango malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Zango.

---

Also Be Aware of the Following Threats:
SpywareAnnihilatorPro Ransomware Symptoms
VB Trojan Symptoms
MsWin.A Trojan Symptoms
Remove HMToolbar Toolbar
Borlander Downloader Removal instruction