PUA

Win32:Zango-BA [PUP] removal guide

Malware Removal

The Win32:Zango-BA [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Zango-BA [PUP] virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to modify proxy settings

Related domains:

public.zangocash.com

How to determine Win32:Zango-BA [PUP]?



File Info:

crc32: 6F73EB91
md5: 35cadeacb173ef0af5e9fc412dc13846
name: supernova_setup.exe
sha1: 9b4fd0c12b6032b24ca8b2c4174b7d034d9f19fc
sha256: dde7ae2fbfd8dee0c94e0c102c295f66ffe7152d07ea33aaab3cf9e29c976da1
sha512: 5998a2d68c2debac451fae87f8452991ec66702e28a04bdf792d97db587ab8381e9478e1fcb4de59ba406986b07f58497397298a2003c3e1f3436ea157eb8e2f
ssdeep: 98304:edc1WwwwIHxb/694AW/7pna7oOTZaiNJ6DCfGd5:icIww5Hc94AWl8TZa6EDH5
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileDescription: 3D Supernova Screensaver Setup                              
FileVersion:                     
Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: 3Deep Space, Ltd                                            
Translation: 0x0409 0x04e4

Win32:Zango-BA [PUP] also known as:

CAT-QuickHealAdWare.WinAD.bo.n3 (Not a Virus)
VIPRETrojan.Win32.Generic!BT
K7GWAdware ( 0000559e1 )
K7AntiVirusAdware ( 0000559e1 )
AgnitumAdware.Istbar!nNmKXRgIwqg
F-ProtW32/Istbar.VR
SymantecAdware.ADH
ESET-NOD32a variant of Win32/Adware.WUpd
AvastWin32:Zango-BA [PUP]
Kasperskynot-a-virus:AdWare.Win32.WinAD.bq
NANO-AntivirusRiskware.Win32.WinAD.cvmrwf
RisingPE:Malware.Generic/QRS!1.9E2D [F]
ComodoApplicUnsaf.Win32.AdWare.WinAD.~B
F-SecureGen:Adware.Heur.imLfR8z7vbji
DrWebAdware.Winad
SophosMal/Behav-044
CyrenW32/Istbar.VJNG-2639
AviraADSPY/Winad.BE
Antiy-AVLSpyware[AdWare:not-a-virus]/Win32.WinAD
AVwareTrojan.Win32.Generic!BT
VBA32Adware.Winad
PandaGeneric Malware
Ikarusnot-a-virus:AdWare.Win32.WinAD
FortinetAdware/WinAd
AVGWin32/DHgVEkAw?

How to remove Win32:Zango-BA [PUP]?

Win32:Zango-BA [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment