Threat Description

Adware:W32/Zwangi

Details

Category: Spyware
Type: Adware
Platform: W32

Summary


This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.


Removal


Automatic action

Once detected, the F-Secure security product will automatically quarantine the suspect file and prompt the user to select a further desired action.

Quarantine is a safe repository for files that may be harmful. A quarantined file can be restored or, if you decide so, deleted.


Excluding a file from scanning

If you are aware of and accept any potential risk associated with this program, you can configure the F-Secure security product to exclude it from scanning.

Suspect a False Alarm?

If you suspect a file has been incorrectly identified as malicious, (that is, it is a False Alarm or a False Positive), please first ensure your F-Secure security program is up-to-date with the latest detection database updates, then rescan the suspect file.

If you continue to suspect a False Alarm, you may submit a sample of the suspect file to our Security Labs for further analysis via the Submit A Sample (SAS) page.

More scanning & removal options

More information on scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details


Adware:W32/Zwangi displays popup advertisements on the infected machine.

Activity

Once launched, the program will also attempt to connect to the following sites:

  • https://weemi.com
  • https://www.usertrust.com
  • https://secure.comodo.net/[...]

File System Changes

Creates these files:

  • %cwd%\weemi.dll
  • %cwd%\weemi.exe

Registry Modifications

Sets these values:

  • HKLM\System\CurrentControlSet\Services\Weemi Service ImagePath = "C:\Documents and Settings\All Users\Application Data\Weemi\weemi117.exe" "weemi.dll" Service [Launchpoint: Service]

Creates these keys:

  • HKLM\Software\Weemi
  • HKLM\System\CurrentControlSet\Services\Weemi Service
  • HKLM\System\CurrentControlSet\Services\Weemi Service\Security


Description Created: 2009-09-30 06:29:31.0

Description Last Modified: 2009-09-30 06:43:51.0


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More