Adware

How to remove “Adware.Zango.1 (B)”?

Malware Removal

The Adware.Zango.1 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware.Zango.1 (B) virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Enumerates physical drives
  • Attempted to write directly to a physical drive
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Adware.Zango.1 (B)?


File Info:

name: 990B1ACA6FD4AAB96DC1.mlw
path: /opt/CAPEv2/storage/binaries/742e89f2950c5e1308ec835afaebee539ed3718a04b3b4ef355f571f53ba373e
crc32: 3F1BC256
md5: 990b1aca6fd4aab96dc14acd98c3895e
sha1: 53787e7a74485161b93d666ebe86af1465418fdc
sha256: 742e89f2950c5e1308ec835afaebee539ed3718a04b3b4ef355f571f53ba373e
sha512: 08ef121e81ce6ce3d942f2ef684a869d03f4cdd6efe821c955236aae5bb81a229f3976359afc0060526e643740353f4188b36a1eed402e7a2f5c4d09bc3d7cb7
ssdeep: 6144:FS+QH6yN8wfRe3q+2ZYbO2PY/eQanlrU/fnzCP/PvDRaeQdyVRlj1FO:JE6y66e3N272PYXZ/ePfDseQIVRlJc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T188642340C3141D71E59105B4EBD7E9058A0AF218CBEEA2429BA4C5D7BEFA3D297D370B
sha3_384: 98fddad0298b8f5f768caf0bb061ea1076347d2be675eab7ce0fa9d09c662cc84170fd469cd63348ec107747e7f07c69
ep_bytes: 60be00a046008dbe0070f9ff57eb0b90
timestamp: 2012-11-30 23:40:12

Version Info:

FileDescription: Setup
FileVersion: 3.0.112.6
ProductVersion: 3.0.112.6
Translation: 0x0409 0x04b0

Adware.Zango.1 (B) also known as:

BkavW32.AIDetectMalware
LionicAdware.Win32.ScreenSaver.lr65
AVGWin32:Zango-AQ [PUP]
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Adware.Zango.1
FireEyeGeneric.mg.990b1aca6fd4aab9
CAT-QuickHealPUA.Appbundler.Gen
SkyhighAdware-HotBar.d
ALYacGen:Variant.Adware.Zango.1
Cylanceunsafe
ZillyaAdware.AgentCRT.Win32.48
SangforPUA.Win32.Sign.a
AlibabaAdWare:Win32/ScreenSaver.fdd542c3
K7GWAdware ( 00314f2c1 )
K7AntiVirusAdware ( 00314f2c1 )
VirITPUP.Win32.AppBundler.A
SymantecAdware.Clkpotato!gen3
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Adware.HotBar.L
CynetMalicious (score: 99)
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Adware.Agent-1541594
Kasperskynot-a-virus:AdWare.Win32.ScreenSaver.e
BitDefenderGen:Variant.Adware.Zango.1
NANO-AntivirusTrojan.Win32.cwpj.dvtojy
AvastWin32:Zango-AQ [PUP]
TencentAdware.Win32.Agent.aae
EmsisoftGen:Variant.Adware.Zango.1 (B)
BaiduWin32.Adware.Agent.b
F-SecureTrojan.TR/Banach.A
DrWebAdware.Hotbar.700
VIPREGen:Variant.Adware.Zango.1
TrendMicroPossible_HOTBAR.UNP
Trapminemalicious.high.ml.score
SophosHotbar (PUA)
IkarusTrojan.SuspectCRC
JiangminAdWare/ScreenSaver.qi
WebrootW32.Adware.Gen
VaristW32/HotBar.O.gen!Eldorado
AviraTR/Banach.A
Antiy-AVLGrayWare[AdWare]/Win32.ScreenSaver
KingsoftWin32.Troj.Agent.cks
MicrosoftAdware:Win32/Hotbar
XcitiumApplicUnwnt.Win32.AdWare.ScreenSaver.DI@4t0hrx
ArcabitTrojan.Adware.Zango.1
ViRobotAdware.HotBar.337072.BAO
ZoneAlarmnot-a-virus:AdWare.Win32.ScreenSaver.e
GDataGen:Variant.Adware.Zango.1
GoogleDetected
AhnLab-V3Adware/Win32.ScreenSaver.R22944
Acronissuspicious
McAfeeAdware-HotBar.d
TACHYONTrojan-Clicker/W32.ScreenSaver.732336
VBA32BScope.Adware.ScreenSaver
MalwarebytesGeneric.Malware.AI.DDS
TrendMicro-HouseCallPossible_HOTBAR.UNP
RisingTrojan.Win32.Generic.13ADAF8E (C64:YzY0Ot1XFQ5SbRHf)
YandexTrojan.GenAsa!ZoRco6P4FCQ
MAXmalware (ai score=98)
MaxSecureAdware.AdWare.WIN32.ScreenSaver.e_214905
FortinetAdware/Hotbar
DeepInstinctMALICIOUS

How to remove Adware.Zango.1 (B)?

Adware.Zango.1 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment