Zwangie.com
Zwangie.com is one of many websites that are promoted by Zwangi-based browser hijackers, which are often installed as programs that bear the name of the site they're configured to promote (such as Zwangie). Zwangie.com has also been noted to install its application without your consent and may use drive-by-download exploits for this purpose. Although Zwangie.com claims to have a viable policy to protect your privacy and makes a pretense of providing useful search results, results from Zwangie.com shouldn't, in general, be considered significantly more trustworthy than Zwangie.com itself. SpywareRemove.com malware researchers recommend that you use dedicated anti-malware tools to remove Zwangie-related PC threats, since using included deletion tools is unlikely to remove everything that's been installed.
Zwangie.com – Reshipping Rotten Searches with Brand New Labels
Zwangie.com tries to look like a safe search engine, but multiple sources have confirmed that Zwangie.com will attempt to install its add-on without your consent and doesn't provide the same kinds of safe or relevant search results that are offered by reputable search engines. Because Zwangie.com doesn't request your permission before Zwangie.com attempts to install its browser-hijacking add-on, you should not visit Zwangie.com and use strong security settings on your web browser, in addition to possessing good anti-malware software, to evade any possibility of acquiring a Zwangie.com-based PC threat.
SpywareRemove.com malware researchers have also observed that other sites from Zwangie.com's family, such as WyeKe.com, Zinkzo.com, Zinkwink.com, Winkzink.com, Zwankysearch.com, BrowserQuery.com, Browserseek.com and Browserzinc.com and Browserquest.com, have been known to promote fake security software or scamware. Any contact with Zwangie.com should be a direct indication to be cautious over possible fake alerts and errors messages that are often used in scamware installation scams.
How to Tell Zwangie.com 'No Thanks' to a Browser Redirect
Browser hijackers for Zwangie.com, which are identified by the names BrowserModifier:Win32/Zwangi, Mal/BHO-S, TR/BHO.Zwangi.391 or Spyware.Screenspy, are, in most cases, named after Zwangie.com or an identical site that they're promoting with redirect attacks. They may include normal-looking components such as a search toolbar or a removal tool, but SpywareRemove.com malware experts warn that you should treat any software that's linked to Zwangie.com to be just as harmful as a Trojan or virus. Besides forcing your browser to load Zwangie.com, Win32/Zwangi may also block sites, such as search engines or anti-malware domains.
Browser hijackers and other PC threats that are related to Zwangie.com can, however, be removed by scans from reputable anti-malware programs, which will also put a stop to browser redirects and other symptoms of contact with Zwangie.com. However, SpywareRemove.com malware experts recommend that you make sure that all of your web browser's settings have been returned to normal before you attempt to use it again, since accidental contact with Zwangie.com may result in a new infection.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%[trojan name]toolbarversion.xml
File name: %AppData%[trojan name]toolbarversion.xmlMime Type: unknown/xml
%Temp%[trojan name]toolbar-manifest.xml
File name: %Temp%[trojan name]toolbar-manifest.xmlMime Type: unknown/xml
%AppData%[trojan name]toolbarcouponsmerchants2.xml
File name: %AppData%[trojan name]toolbarcouponsmerchants2.xmlMime Type: unknown/xml
%AppData%[trojan name]toolbardtx.ini
File name: %AppData%[trojan name]toolbardtx.iniMime Type: unknown/ini
%AppData%[trojan name]toolbarcouponscategories.xml
File name: %AppData%[trojan name]toolbarcouponscategories.xmlMime Type: unknown/xml
%AppData%[trojan name]toolbarcouponsmerchants.xml
File name: %AppData%[trojan name]toolbarcouponsmerchants.xmlMime Type: unknown/xml
%AppData%[trojan name]toolbarguid.dat
File name: %AppData%[trojan name]toolbarguid.datFile type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbarlog.txt
File name: %AppData%[trojan name]toolbarlog.txtMime Type: unknown/txt
%AppData%[trojan name]toolbarpreferences.dat
File name: %AppData%[trojan name]toolbarpreferences.datFile type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbaruninstallIE.dat
File name: %AppData%[trojan name]toolbaruninstallIE.datFile type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbaruninstallStatIE.dat
File name: %AppData%[trojan name]toolbaruninstallStatIE.datFile type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbarstat.log
File name: %AppData%[trojan name]toolbarstat.logMime Type: unknown/log
%AppData%[trojan name]toolbarstats.dat
File name: %AppData%[trojan name]toolbarstats.datFile type: Data file
Mime Type: unknown/dat
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "[trojan name]IEHelper.UrlHelper"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBar[trojan name]dtx.dll"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "[trojan name]IEHelper.UrlHelper.1"HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVerHKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCLSIDHKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar "[trojan name] Toolbar"HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.