TechSpot

Internet explorer popups, missed links: Zango?

By lovepuppy885
Jan 2, 2009
  1. I had stupidly installed a new software called zango (zanga?) the other day. Only moments after, did I notice that my internet explorer had become popups galore. Also, the connection speed had slowed down. Not only that, but about a day later when I attempted to fix this computer using bleeping computer and hijackthis, the links to get me to those websites were down. So basically, I was stuck with no solution on how to fix this. Fortunately, I came across techspot and managed to get a hijackthis log in order to fix this. here it is:


    All help would be greatly appreciated:)
     
  2. rf6647

    rf6647 TS Maniac Posts: 829

    Please, please favor us with an edit to your post. Use an attachment for the HJT log. A log posted in the thread reduces the effectiveness of searches & following progress.

    • Following the Guide: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions creates a common beginning for an initial assessment.

    • Seeing is believing - complaining of no access to websites with tools -
      • Without supporting logs, anything caught by HJT is used to suggest changes.
      • However, the MBAM and/or SAS logs will improve diagnosis of this threat.

      • Scan with HJT. Tick & Fix. Restart the computer.
      Code:
      O2 - BHO: (no name) - {BFC9F235-5D4D-4760-9414-0FF90F1CF744} - C:\WINDOWS\system32\iifgFWMg.dll
      O2 - BHO: {f1e12390-de36-30bb-9564-91b53f69599c} - {c99596f3-5b19-4659-bb03-63ed09321e1f} - C:\WINDOWS\system32\hslsho.dll
      O4 - HKLM\..\Run: [b8f53f82] rundll32.exe "C:\WINDOWS\system32\sikpgrmk.dll",b
      O4 - HKUS\S-1-5-21-3676412369-2807070534-2254394044-1008\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto (User 'Jackie')
      O4 - HKUS\S-1-5-21-3676412369-2807070534-2254394044-1008\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\Jackie\LOCALS~1\Temp\nyyxnh.dll",run (User 'Jackie')
      O4 - HKUS\S-1-5-21-3676412369-2807070534-2254394044-1008\..\Run: [b8f53f82] rundll32.exe "C:\DOCUME~1\Jackie\LOCALS~1\Temp\ntcwawqi.dll",b (User 'Jackie')
      O20 - AppInit_DLLs: hslsho.dll
      O20 - Winlogon Notify: jkkICuTj - C:\WINDOWS\SYSTEM32\jkkICuTj.dll
       


    Delete files / folder
    C:\WINDOWS\SYSTEM32\jkkICuTj.dll
    C:\WINDOWS\SYSTEM32\ hslsho.dll
    C:\WINDOWS\system32\sikpgrmk.dll
    C:\WINDOWS\system32\iifgFWMg.dll
    C:\DOCUME~1\Jackie\LOCALS~1\Temp\
    C:\Program Files\Zango\
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    A bit more on the Zango download here:
    http://www.pchell.com/support/zango.shtml

    And you'll read this:
     
  4. lovepuppy885

    lovepuppy885 TS Rookie Topic Starter

    it's not letting me get to that link.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What happens when you try?
     
  6. lovepuppy885

    lovepuppy885 TS Rookie Topic Starter

    As I said before, many things that help me to stop zango, or get rid of popups, are a dead link. Internet Explorer says that they cannot open the page. it's now giving me a fake antivirus software telling me to download it to rid of malware.
     
  7. lovepuppy885

    lovepuppy885 TS Rookie Topic Starter

    As i said before, the link is dead and internet explorer says it can't open. the pc is blocking off most resources to get rid of zango and the popups and telling me to install fake malware software.
     
  8. rf6647

    rf6647 TS Maniac Posts: 829

    The exploit to frustrate reaching anti-malware sites is not understood by me at this time. 3 methods have been used recently. The second method references the third.

    Since you are discribing a case of difficulty. attempt this method (follow link for 'How To')
    • Use this method to stop any 'non-plug and play' driver you find.
    • Please report its name for changes to the method

    For infections that have more severe symptoms, Unable to run or update via TechSpot 8 Steps or manually run MBAM or SAS


    Message #3 - link to 'fixit download' has demonstrated its effectiveness in many cases. Go to message # 3 'fixit download'
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The page I left for you about Zango should not be influenced by the fact that you have Zango. I don't know why you can't open it- even phishing filters wouldn't prevent it.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...