Adware:W32/Zwangi

GO TO: Summary | Removal | Technical Details

Classification

Category:

Spyware

Type:

Adware

Platform:

W32

Aliases:

-

Summary

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.

Removal

Automatic action

Based on the settings of your F-Secure security product, it may block the file from running, move it to the quarantine where it cannot spread or cause harm, or ask you to select an action.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Adware:W32/Zwangi displays popup advertisements on the infected machine.

Activity

Once launched, the program will also attempt to connect to the following sites:

  • https://weemi.com
  • https://www.usertrust.com
  • https://secure.comodo.net/[...]

File System Changes

Creates these files:

  • %cwd%\weemi.dll
  • %cwd%\weemi.exe

Registry Modifications

Sets these values:

  • HKLM\System\CurrentControlSet\Services\Weemi Service ImagePath = "C:\Documents and Settings\All Users\Application Data\Weemi\weemi117.exe" "weemi.dll" Service [Launchpoint: Service]

Creates these keys:

  • HKLM\Software\Weemi
  • HKLM\System\CurrentControlSet\Services\Weemi Service
  • HKLM\System\CurrentControlSet\Services\Weemi Service\Security

Date Created: 2009-09-30 06:29:31.0

Date Last Modified: 2009-09-30 06:43:51.0