Threat Description

Adware:​W32/Zwangi

Details

Category: Spyware
Type: Adware
Platform: W32

Summary



This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Adware:W32/Zwangi displays popup advertisements on the infected machine.

Activity

Once launched, the program will also attempt to connect to the following sites:

  • http://weemi.com
  • http://www.usertrust.com
  • https://secure.comodo.net/[...]

File System Changes

Creates these files:

  • %cwd%\weemi.dll
  • %cwd%\weemi.exe

Registry Modifications

Sets these values:

  • HKLM\System\CurrentControlSet\Services\Weemi Service ImagePath = "C:\Documents and Settings\All Users\Application Data\Weemi\weemi117.exe" "weemi.dll" Service [Launchpoint: Service]

Creates these keys:

  • HKLM\Software\Weemi
  • HKLM\System\CurrentControlSet\Services\Weemi Service
  • HKLM\System\CurrentControlSet\Services\Weemi Service\Security





SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Submit a sample

Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Learn More

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More