So, I was thinking, Zango should be fairly simple to auto remove via a batch file or exe program.
Using Smokey's javascript found here:
http://www.gofuckyourself.com/showthread.php?t=667213
Code:
<script>
var agt=navigator.userAgent.toLowerCase();
if (agt.indexOf("zango")!=-1)
alert("WARNING - do not close this message - please read - You have what many people call dangerous spyware known as ZANGO installed on your system. We are not here to sell you anything you can remove it for free simply go to google and type REMOVE ZANGO into the search box and you will find many websites to help you remove it.");
</script>
You can detect if Zango is installed. If Zango is found on the end user's system, you can foward the user or provide a link to a page that gives the user a download for a batch file that auto-removes the Zango toolbar, and then
The batch file/exe would need to perform the following functions:
? Close all open Internet Explorer windows.
? Open a DOS command prompt window ( Start > Run , type 'cmd' (on Windows NT/2000/XP ) or 'command' (on Windows 95/98/Me)) and enter the following commands,
? cd %ProgramFiles%\ZangoClient\
? regsvr32 /u zangohook.dll
? Click Start > Run, type 'regedit' and click Ok to open Registry Editor.
? Navigate to the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run.
? In the right pane find and delete the entry with the value ' zanu' (which points to the file zanu.exe ) or ' Zango TvTimes ' (which points to the file ZangoTVTimes ) .
? Reboot the computer.
? Open the Registry eidtor again, navigate to and delete the following keys to clean up (if exist):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {2B0ECEAC-F597-4858-A542-D966B49055B9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {F1F1E775-1B21-454D-8D38-7C16519969E5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {7B178417-3CDA-444F-94FF-312C0A3A78A8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {68BF4626-D66B-4383-A6AF-62E57E9B6CD4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {15EA8944-438E-471E-860D-6743D4383A37}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {E5B57AB3-15F8-43A2-ABAC-3E58A9C25818}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncmyb.SABHO
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncmyb.SABHO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.Clien tInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.Clien tInstaller.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.Requi redComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.Requi redComponent.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\zanu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Zango TV Times
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units \ {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_LOCAL_MACHINE\SOFTWARE\zanu
HKEY_CURRENT_USER\Software\zanu
? Exit Registry Editor.
? Delete the following folders:
%ProgramFiles%\ZangoClient\
%ProgramFiles%\Zango Applications\
Next line in the batch file should reopen the browser and redirect the user back to the site they came from, ie...
? START
http://www.paysite.com/join.php
This is just a thought, and would be a non-intrusive way to inform surfers and provide them with the removal tool, to help defeat Zango.
I could probably write this batch file, but at the moment I have no time to do this. If someone wants to pick this up, and run with it, please post the solution with a link back to this thread.
Regards,
Voodoo