1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Adware:W32/Zwangi

Adware:W32/Zwangi

Name : Adware:W32/Zwangi
Detection Names : AdWare.Win32.Zwangi
Application.Generic.222362
Category:Spyware
Type:Adware
Platform:W32

Summary

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.

Details


File System Changes
Creates these files:

  • %cwd%\weemi.dll
  •  %cwd%\weemi.exe



    • Registry Modifications
    Sets these values:

      • HKLM\System\CurrentControlSet\Services\Weemi Service ImagePath = "C:\Documents and Settings\All Users\Application Data\Weemi\weemi117.exe" "weemi.dll" Service [Launchpoint: Service]


    Creates these keys:

      • HKLM\Software\Weemi
  •  HKLM\System\CurrentControlSet\Services\Weemi Service
  •  HKLM\System\CurrentControlSet\Services\Weemi Service\Security


    • Additional Details

    Adware:W32/Zwangi displays popup advertisements on the infected machine.


    Activity

    Once launched, the program will also attempt to connect to the following sites:

      • http://weemi.com
  •  http://www.usertrust.com
  •  https://secure.comodo.net/[...]