This program must be manually installed.
When the program is executed, it creates the following folders:
- %ProgramFiles%\Zwunzi
- C:\Documents and Settings\All Users\Application Data\Zwunzi
It drops the following files:
- %ProgramFiles%\Zwunzi\uninstall.exe
- %ProgramFiles%\Zwunzi\zwunzi.dll
- %ProgramFiles%\Zwunzi\zwunzi.exe
- C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi128.exe
Then, the program creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zwunzi\"DisplayName" = "Zwunzi 1.0 build 128"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zwunzi\"UninstallString" = "%ProgramFiles%\Zwunzi\uninstall.exe"
- HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Cid" = "466705c1534b4aee8c896579946b055f"
- HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"DllPath = "%ProgramFiles%\Zwunzi\zwunzi.dll"
- HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Initial" = "1"
- HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Partner" = "ZWUNZI128"
- HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Primary" = "f403"
- HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"ShowBarSign" = "0"
- HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"ShowToolbarButton" = "0"
- HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Src" = "zwunzi"
- HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Version" = "1001c"
The program creates a new service with the following characteristics:
Service Name: Zwunzi Service
Display Name: Zwunzi Service
Startup Type: Automatic
It registers the service by creating the following registry subkeys:
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZWUNZI_SERVICE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000\Control
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service\Enum
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service\Security
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWUNZI_SERVICE
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000\Control
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service\Enum
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service\Security
The program is installed as a Browser Search Plugin for Internet Explorer and Mozilla Firefox and redirects user searches to the following location:
zwunzi.com
