Adware:​W32/Zwangi

Threat description

Details

Category: Spyware
Type: Adware
Platform: W32

Summary


This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

More information on scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details


Adware:W32/Zwangi displays popup advertisements on the infected machine.

Activity

Once launched, the program will also attempt to connect to the following sites:

  • https://weemi.com
  • https://www.usertrust.com
  • https://secure.comodo.net/[...]

File System Changes

Creates these files:

  • %cwd%\weemi.dll
  • %cwd%\weemi.exe

Registry Modifications

Sets these values:

  • HKLM\System\CurrentControlSet\Services\Weemi Service ImagePath = "C:\Documents and Settings\All Users\Application Data\Weemi\weemi117.exe" "weemi.dll" Service [Launchpoint: Service]

Creates these keys:

  • HKLM\Software\Weemi
  • HKLM\System\CurrentControlSet\Services\Weemi Service
  • HKLM\System\CurrentControlSet\Services\Weemi Service\Security




Description Created: 2009-09-30 06:29:31.0

Description Last Modified: 2009-09-30 06:43:51.0


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More