Threat Description

Adware:​W32/Zwangi

Details

Category: Spyware
Type: Adware
Platform: W32

Summary


This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.



Technical Details


Adware:W32/Zwangi displays popup advertisements on the infected machine.

Activity

Once launched, the program will also attempt to connect to the following sites:

  • https://weemi.com
  • https://www.usertrust.com
  • https://secure.comodo.net/[...]

File System Changes

Creates these files:

  • %cwd%\weemi.dll
  • %cwd%\weemi.exe

Registry Modifications

Sets these values:

  • HKLM\System\CurrentControlSet\Services\Weemi Service ImagePath = "C:\Documents and Settings\All Users\Application Data\Weemi\weemi117.exe" "weemi.dll" Service [Launchpoint: Service]

Creates these keys:

  • HKLM\Software\Weemi
  • HKLM\System\CurrentControlSet\Services\Weemi Service
  • HKLM\System\CurrentControlSet\Services\Weemi Service\Security


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More