If I send the file (from virus chest) detected as Zango to Alwil team will they make a definition for it as my other antispyware package detected it on a manual scan. Is Alwil team not choosing to detect Zango or is it due to this being a different variant?
just send the file to virus[at]avast[dot]com and we’ll analyse it
I have sent it via the chest e-mail function (is there a way you can see if you have received it)
ps why does Avast not detect Zango I thought it was known as far back as 2006 and is nasty piece of work please help by adding more definitions for these nasties, please
i’ll ask misak (Alwil team member) for further analysis of the Zango variants
the file was called setup.exe on my desktop my antispyware only detected two cases of it one on the desktop and one in system restore no processes were found though so it may not have run, but I think it was a drive-by download
ps I would be grateful (if possible, I know your busy) if you could let me know where Alwil team stand in regards to Zango being classed as malware and if they have recived my file, thanks
ook… we want to make more detections for non-traditional malware (such as spyware, adware), but it is not easy sometimes (the authors of adware or PUP asking us to remove their SW from detections and blah blah blah, you know…)… so, we’ll see
Thanks for looking into this mate, I just hope that Alwil team make a stand against these PUP’s as they can be pretty dangerous and invade privacy.
ps did they receive my file as I didnt know if I had sent it right?
it’s sunday, so i can’t tell it to you now… misak is offline
I dont know whether you can pm me with whats happening or post here next week ONLY if its not to much trouble for you though
again thanks for all your help
the problem with zango is more complex than i thinked last time… it seems to have new variant and we’re looking for more samples of it… the detection should not collide with some company wishes, cause it’s really spyware related thing…
so if Avast covers some forms of Zango how come its built in database doesnt mention it or is it under a different name than Zango?
did they mention when they will start releasing definitions for it?
it could be detected as Spyware-gen
so the reason there is no specific defintion is because Alwil team are trying to gather more intel on it?
so spyware-gen is just a general wide spectrum definition until Zango can be pinned down?
Zango, formerly 180solutions and Hotbar, is a virus that comes with adware and spyware typically required to access partner’s games. The latest version installs automaticly the weather client (malware) and send people to malicious websites. And it is often there that non knowledgeble users often get in real problems. “You’re system is infected, click here to download blah blah blah”.
Removal instructions:
1] Disable the harmfull processes in taskmanager (or boot in safe mode)
2] Delete the weather client & zango from add/remove programs in control panel
3] Cleanup the registry thoroughly (CCleaner can do that)
4] Run a boot scan with Avast!
That was all there was needed to remove the latest version. (last wednesday)
Eddy, you know as you said run a boot time scan with Avast does that mean then Avast can detect (at least some) variants of Zango?
Avast sure detects the weather client that Zango installs and also detects many other things that Zango tries to install (or did try to install in the past) as well as many malwares that sites are trying to " push" to you(r system) when you gonna use it.
so the zango infection I have could have been due to a new variant then and thats why it wasnt detected?
yes, most probably… some malware families are evolved frequently…
Rabbits ! Rabbits! They are like rabbits ;D
consulted today again with Misak… we’ve detected some older files, but had to remove the detections, cause zango.com contacted us with this request… the newer variants are also “clean” themselves, but could be bundled with a strange downloader someway… the downloaded files could be treated as spyware (or unwanted apps) then… anyway, this topic remains open :-\