McAfee > Theat Center > PUP Detail Page

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary

This is not a virus or a trojan. It is detected as a "potentially unwanted program". The installer belongs to Sherv.net and installs a product "EZ Emoticons 3.0" which is an emoticon add-on to MSN Messenger. However the product is bundled with potentially unwanted programs like WebHancer , ZangoSA and NDotNet . These potentially unwanted programs are responsible for monitoring user's web surfing behaviour and displaying advertisements.

Privacy

A EULA is displayed during installation.

Installation

File: 93e9d0b3.exe
Hash: 7a3cd09c86fba3c66d929537e1e8671d

Upon installation of this program, the following changes occur in the user's system.

System Changes

General defaults for typical environment variables (although they may be different, they usually are not):
%WinDir% = \WINDOWS (Windows 9x/ME/XP), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM32 (Windows 9x/ME/XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
%UserProfile% = C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
%AllUserProfile% = C:\Documents and Settings\All Users (Windows NT/2000/XP).

Files Added

• %ProgramFiles%\EZ Emoticons\EZ.exe
• %ProgramFiles%\EZ Emoticons\README.TXT
• %ProgramFiles%\EZ Emoticons\Uninstall.exe
• %ProgramFiles%\MediaGateway\MediaGateway.exe
• %ProgramFiles%\NewDotNet\newdotnet3_88.dll
• %ProgramFiles%\NewDotNet\readme.txt
• %ProgramFiles%\NewDotNet\uninstall3_88.exe
• %ProgramFiles%\webHancer\Programs\license.txt
• %ProgramFiles%\webHancer\Programs\sporder.dll
• %ProgramFiles%\webHancer\Programs\webhdll.dll
• %ProgramFiles%\webHancer\Programs\whAgent.exe
• %ProgramFiles%\webHancer\Programs\whAgent.ini
• %ProgramFiles%\webHancer\Programs\whiehlpr.dll
• %ProgramFiles%\webHancer\Programs\whinstaller.exe
• %ProgramFiles%\webHancer\Programs\whsurvey.exe
• %ProgramFiles%\webHancer\Programs\whSurvey.ini
• %ProgramFiles%\whInstall\license.txt
• %ProgramFiles%\whInstall\readme.txt
• %ProgramFiles%\whInstall\whAgent.inf
• %ProgramFiles%\whInstall\whAgent.ini
• %ProgramFiles%\whInstall\whInstaller.ini
• %ProgramFiles%\Zango\zango.exe
• %ProgramFiles%\Zango\zango_gdf.dat
• %ProgramFiles%\Zango\zango_hpk.dat
• %ProgramFiles%\Zango\zango_kyf_update.dat
• %ProgramFiles%\Zango\zangoau_update.dat
• %ProgramFiles%\Zango\zangohook.dll
• %WinDir%\svaxsf.exe
• %WinDir%\webhdll.dll
• %WinDir%\whAgent.inf
• %WinDir%\whInstaller.exe
• %WinDir%\whInstaller.ini
• %WinDir%\Downloaded Program Files\ClientAX.dll
• %AllUserProfile%\Start Menu\Programs\Zango\Uninstall Zango Instructions.lnk
• %AllUserProfile%\Start Menu\Programs\Zango\Zango Customer Support.url
• %AllUserProfile%\Start Menu\Programs\Zango\Zango.com.url
• %UserProfile%\Desktop\Sherv.NET - Animated Emoticons, Winks, Display Pics and more!.url
• %UserProfile%\Favorites\Free Weather Toolbar and Smileys!.url 
• %UserProfile%\Favorites\Get 100,000 Smileys and Emoticons.url
• %UserProfile%\Favorites\Sherv.NET - MSN Emoticons, Display Pics, Winks, and lots more!.url

Registry

• HKEY_CLASSES_ROOT\ClientAX.ClientInstaller
• HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1
• HKEY_CLASSES_ROOT\ClientAX.RequiredComponent
• HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1
• HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX
• HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1
• HKEY_CLASSES_ROOT\ClientAX.RequiredComponent
• HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX
• HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
• HKEY_CLASSES_ROOT\CLSID\{144B9C7E-235A-4316-9EB3-5E393714C77A}
• HKEY_CLASSES_ROOT\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}
• HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
• HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
• HKEY_CLASSES_ROOT\CLSID\{56F1D444-11BF-4879-A12B-79CF0177F038}
• HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
• HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}
• HKEY_CLASSES_ROOT\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}
• HKEY_CLASSES_ROOT\MediaGateway.Installer
• HKEY_CLASSES_ROOT\MediaGateway.LicenseInstaller
• HKEY_CLASSES_ROOT\MediaGateway.LicenseInstaller.1
• HKEY_CLASSES_ROOT\Tldctl2.URLLink
• HKEY_CLASSES_ROOT\Tldctl2.URLLink.1
• HKEY_CURRENT_USER\Software\Sherv.NET
• HKEY_CURRENT_USER\Software\Sherv.NET\EZ Emoticons
• HKEY_CURRENT_USER\Software\Sherv.NET\EZ Emoticons\Options
• HKEY_CURRENT_USER\Software\zango
• HKEY_LOCAL_MACHINE\SOFTWARE\New.net
• HKEY_LOCAL_MACHINE\SOFTWARE\webHancer
• HKEY_LOCAL_MACHINE\SOFTWARE\webHancer\CC
• HKEY_LOCAL_MACHINE\SOFTWARE\webHancer\ESO
• HKEY_LOCAL_MACHINE\SOFTWARE\zango
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\Uninstall\EZ Emoticons 3.0 for MSN Messenger
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\Uninstall\MediaGateway
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\Uninstall\New.net
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\Uninstall\webHancer Agent
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\Uninstall\whSurvey
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  CurrentVersion\Uninstall\zango

Removal

Aliases

Aliases

N/A