Internet explorer popups, missed links: Zango?

[lovepuppy885]

I had stupidly installed a new software called zango (zanga?) the other day. Only moments after, did I notice that my internet explorer had become popups galore. Also, the connection speed had slowed down. Not only that, but about a day later when I attempted to fix this computer using bleeping computer and hijackthis, the links to get me to those websites were down. So basically, I was stuck with no solution on how to fix this. Fortunately, I came across techspot and managed to get a hijackthis log in order to fix this. here it is:


All help would be greatly appreciated

 

[rf6647]

Please, please favor us with an edit to your post. Use an attachment for the HJT log. A log posted in the thread reduces the effectiveness of searches & following progress.

• Following the Guide: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions creates a common beginning for an initial assessment.
  
  
• Seeing is believing - complaining of no access to websites with tools -
  • Without supporting logs, anything caught by HJT is used to suggest changes.
  • However, the MBAM and/or SAS logs will improve diagnosis of this threat.
    
    
  • Scan with HJT. Tick & Fix. Restart the computer.

  O2 - BHO: (no name) - {BFC9F235-5D4D-4760-9414-0FF90F1CF744} - C:\WINDOWS\system32\iifgFWMg.dll
  O2 - BHO: {f1e12390-de36-30bb-9564-91b53f69599c} - {c99596f3-5b19-4659-bb03-63ed09321e1f} - C:\WINDOWS\system32\hslsho.dll
  O4 - HKLM\..\Run: [b8f53f82] rundll32.exe "C:\WINDOWS\system32\sikpgrmk.dll",b
  O4 - HKUS\S-1-5-21-3676412369-2807070534-2254394044-1008\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto (User 'Jackie')
  O4 - HKUS\S-1-5-21-3676412369-2807070534-2254394044-1008\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\Jackie\LOCALS~1\Temp\nyyxnh.dll",run (User 'Jackie')
  O4 - HKUS\S-1-5-21-3676412369-2807070534-2254394044-1008\..\Run: [b8f53f82] rundll32.exe "C:\DOCUME~1\Jackie\LOCALS~1\Temp\ntcwawqi.dll",b (User 'Jackie')
  O20 - AppInit_DLLs: hslsho.dll
  O20 - Winlogon Notify: jkkICuTj - C:\WINDOWS\SYSTEM32\jkkICuTj.dll

Delete files / folder
C:\WINDOWS\SYSTEM32\jkkICuTj.dll
C:\WINDOWS\SYSTEM32\ hslsho.dll
C:\WINDOWS\system32\sikpgrmk.dll
C:\WINDOWS\system32\iifgFWMg.dll
C:\DOCUME~1\Jackie\LOCALS~1\Temp\
C:\Program Files\Zango\

 

[Bobbye]

A bit more on the Zango download here:
http://www.pchell.com/support/zango.shtml

And you'll read this:

The site is free to all users, but is paid for by advertisements. Visitors are presented with an end user license agreement that they accept before downloading any content.

Zango does display popup advertisements and such to pay for the games and videos.

 

[lovepuppy885]

it's not letting me get to that link.

 

[Bobbye]

t's not letting me get to that link.

What happens when you try?

 

[lovepuppy885]

As I said before, many things that help me to stop zango, or get rid of popups, are a dead link. Internet Explorer says that they cannot open the page. it's now giving me a fake antivirus software telling me to download it to rid of malware.

 

[lovepuppy885]

What happens when you try?

As i said before, the link is dead and internet explorer says it can't open. the pc is blocking off most resources to get rid of zango and the popups and telling me to install fake malware software.

 

[rf6647]

The exploit to frustrate reaching anti-malware sites is not understood by me at this time. 3 methods have been used recently. The second method references the third.

Since you are discribing a case of difficulty. attempt this method (follow link for 'How To')

• Use this method to stop any 'non-plug and play' driver you find.
• Please report its name for changes to the method

For infections that have more severe symptoms, Unable to run or update via TechSpot 8 Steps or manually run MBAM or SAS


Message #3 - link to 'fixit download' has demonstrated its effectiveness in many cases. Go to message # 3 'fixit download'

 

[Bobbye]

The page I left for you about Zango should not be influenced by the fact that you have Zango. I don't know why you can't open it- even phishing filters wouldn't prevent it.