Batch file Zango removal

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Voodoo
    ♥ ♦ ♣ ♠
    • Sep 2002
    • 10600

    #1

    Batch file Zango removal

    So, I was thinking, Zango should be fairly simple to auto remove via a batch file or exe program.
    Using Smokey's javascript found here:
    http://www.gofuckyourself.com/showthread.php?t=667213

    Code:
    <script>
    var agt=navigator.userAgent.toLowerCase();
    if (agt.indexOf("zango")!=-1)
    alert("WARNING - do not close this message - please read - You have what many people call dangerous spyware known as ZANGO installed on your system. We are not here to sell you anything you can remove it for free simply go to google and type REMOVE ZANGO into the search box and you will find many websites to help you remove it.");
    </script>
    You can detect if Zango is installed. If Zango is found on the end user's system, you can foward the user or provide a link to a page that gives the user a download for a batch file that auto-removes the Zango toolbar, and then

    The batch file/exe would need to perform the following functions:

    ? Close all open Internet Explorer windows.
    ? Open a DOS command prompt window ( Start > Run , type 'cmd' (on Windows NT/2000/XP ) or 'command' (on Windows 95/98/Me)) and enter the following commands,

    ? cd %ProgramFiles%\ZangoClient\
    ? regsvr32 /u zangohook.dll

    ? Click Start > Run, type 'regedit' and click Ok to open Registry Editor.
    ? Navigate to the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run.

    ? In the right pane find and delete the entry with the value ' zanu' (which points to the file zanu.exe ) or ' Zango TvTimes ' (which points to the file ZangoTVTimes ) .

    ? Reboot the computer.
    ? Open the Registry eidtor again, navigate to and delete the following keys to clean up (if exist):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {99410CDE-6F16-42ce-9D49-3807F78F0287}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {2B0ECEAC-F597-4858-A542-D966B49055B9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {F1F1E775-1B21-454D-8D38-7C16519969E5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\ {7B178417-3CDA-444F-94FF-312C0A3A78A8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {68BF4626-D66B-4383-A6AF-62E57E9B6CD4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {15EA8944-438E-471E-860D-6743D4383A37}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {E5B57AB3-15F8-43A2-ABAC-3E58A9C25818}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncmyb.SABHO
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncmyb.SABHO.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.Clien tInstaller
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.Clien tInstaller.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.Requi redComponent
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.Requi redComponent.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\zanu
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Zango TV Times
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units \ {99410CDE-6F16-42ce-9D49-3807F78F0287}
    HKEY_LOCAL_MACHINE\SOFTWARE\zanu
    HKEY_CURRENT_USER\Software\zanu

    ? Exit Registry Editor.

    ? Delete the following folders:

    %ProgramFiles%\ZangoClient\
    %ProgramFiles%\Zango Applications\

    Next line in the batch file should reopen the browser and redirect the user back to the site they came from, ie...
    ? START http://www.paysite.com/join.php


    This is just a thought, and would be a non-intrusive way to inform surfers and provide them with the removal tool, to help defeat Zango.

    I could probably write this batch file, but at the moment I have no time to do this. If someone wants to pick this up, and run with it, please post the solution with a link back to this thread.

    Regards,
    Voodoo

    "I'm selflessly supporting the common good, but only coincidentally looking out for No.1."
  • RawAlex
    So Fucking Banned
    • Oct 2003
    • 9465

    #2
    Voodoo, the problem is that Zango (in it's infinite wisdom) varies it's installs, and leaves little legacy files around that allow it to bootstrap back to full strength (much like a virus). The only removal tool that works completely (aside from reformatting your drive) is Zango's own uninstall, but even that is apparently a minefield of trap doors and "saves" to try to keep people in the game.

    Comment

    • Voodoo
      ♥ ♦ ♣ ♠
      • Sep 2002
      • 10600

      #3
      Originally posted by RawAlex
      Voodoo, the problem is that Zango (in it's infinite wisdom) varies it's installs, and leaves little legacy files around that allow it to bootstrap back to full strength (much like a virus). The only removal tool that works completely (aside from reformatting your drive) is Zango's own uninstall, but even that is apparently a minefield of trap doors and "saves" to try to keep people in the game.


      Definitely sucks-ass. Well, it was a good idea... gone down in flames.

      "I'm selflessly supporting the common good, but only coincidentally looking out for No.1."

      Comment

      • smutx
        Confirmed User
        • Jan 2004
        • 1190

        #4
        bump ....

        icq: 236148465

        Comment

        • 96ukssob
          So Fucking Banananananas
          • Mar 2003
          • 12991

          #5
          Originally posted by RawAlex
          Voodoo, the problem is that Zango (in it's infinite wisdom) varies it's installs, and leaves little legacy files around that allow it to bootstrap back to full strength (much like a virus). The only removal tool that works completely (aside from reformatting your drive) is Zango's own uninstall, but even that is apparently a minefield of trap doors and "saves" to try to keep people in the game.
          that sucks

          im sure there is a way to "override" Zango when it changes the ref code. Anyone tried to reverse engineer this program yet?
          Email: Clicky on Me

          Comment

          • SmokeyTheBear
            ►SouthOfHeaven
            • Jun 2004
            • 28609

            #6
            Originally posted by bossku69
            that sucks

            im sure there is a way to "override" Zango when it changes the ref code. Anyone tried to reverse engineer this program yet?
            this is easy as pie to do on the sponsor level..

            all they have to di is change the cookie rewrite rules for a day every month and it would pinpoint all ref code stealers. accounts that suddenly got zero signups would be zango users or the ilk .
            hatisblack at yahoo.com

            Comment

            • dirtysouth
              Confirmed User
              • Jul 2003
              • 2613

              #7
              bump

              8chars
              no sig

              Comment

              • Tempest
                Too lazy to set a custom title
                • May 2004
                • 10217

                #8
                There was already one written but I haven't checked it out and not sure if it's still up to date... I think the guys nick on here was Heywood.. I know he was also over on the green guy board.

                Comment

                • Scootermuze
                  Confirmed User
                  • Dec 2001
                  • 4513

                  #9
                  Originally posted by RawAlex
                  Voodoo, the problem is that Zango (in it's infinite wisdom) varies it's installs, and leaves little legacy files around that allow it to bootstrap back to full strength (much like a virus). The only removal tool that works completely (aside from reformatting your drive) is Zango's own uninstall, but even that is apparently a minefield of trap doors and "saves" to try to keep people in the game.

                  The FTC charged that Zango?s failure to disclose that downloading the free content and software would result in installation of the adware was deceptive, and that its failure to provide consumers with a reasonable and effective means to identify, locate, and remove the adware from their computers was unfair, in violation of the FTC Act.

                  ..... It requires that Zango identify its ads and establish, implement, and maintain user-friendly mechanisms consumers can use to complain, stop its pop-ups, and uninstall its adware.


                  So they're still doing it after that?

                  Comment

                  • 96ukssob
                    So Fucking Banananananas
                    • Mar 2003
                    • 12991

                    #10
                    Originally posted by SmokeyTheBear
                    this is easy as pie to do on the sponsor level..

                    all they have to di is change the cookie rewrite rules for a day every month and it would pinpoint all ref code stealers. accounts that suddenly got zero signups would be zango users or the ilk .
                    thats the major problem, is its at the sponsor level

                    we need to be able to implement something on our sites to override that, or not allow the zango toolbar to load. Im guessing you can hack up the code to redirect zango to open a new window with no toolbar being displayed. not sure, but ill ask some programming buddies
                    Email: Clicky on Me

                    Comment

                    Working...