1. Symantec/
  2. Security Response/
  3. Adware.Zwunzi

Adware.Zwunzi

Updated:
December 3, 2009 12:59:34 AM
Type:
Adware
Name:
Zwunzi
Version:
1.0 build 128
Publisher:
zwunzi.com
Risk Impact:
High
Systems Affected:
Windows
This program must be manually installed.

When the program is executed, it creates the following folders:

  • %ProgramFiles%\Zwunzi
  • C:\Documents and Settings\All Users\Application Data\Zwunzi


It drops the following files:

  • %ProgramFiles%\Zwunzi\uninstall.exe
  • %ProgramFiles%\Zwunzi\zwunzi.dll
  • %ProgramFiles%\Zwunzi\zwunzi.exe
  • C:\Documents and Settings\All Users\Application Data\Zwunzi\zwunzi128.exe


Then, the program creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zwunzi\"DisplayName" = "Zwunzi 1.0 build 128"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zwunzi\"UninstallString" = "%ProgramFiles%\Zwunzi\uninstall.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Cid" = "466705c1534b4aee8c896579946b055f"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"DllPath = "%ProgramFiles%\Zwunzi\zwunzi.dll"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Initial" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Partner" = "ZWUNZI128"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Primary" = "f403"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"ShowBarSign" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"ShowToolbarButton" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Src" = "zwunzi"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\"Version" = "1001c"


The program creates a new service with the following characteristics:
Service Name: Zwunzi Service
Display Name: Zwunzi Service
Startup Type: Automatic

It registers the service by creating the following registry subkeys:

  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZWUNZI_SERVICE
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWUNZI_SERVICE
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZWUNZI_SERVICE\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service\Security


The program is installed as a Browser Search Plugin for Internet Explorer and Mozilla Firefox and redirects user searches to the following location:
zwunzi.com
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube