Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:ADWARE/Agent.Tango.c
Date discovered:16/02/2011
Type:Adware
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:946.176 Bytes
MD5 checksum:7a84469d4e9f204c4958e1d0a84c8d94
VDF version:7.10.08.215
IVDF version:7.11.03.121 - Wednesday, February 16, 2011

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Sophos: Troj/Agent-PXI
   •  Eset: Win32/Adware.Mirar.I


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Drops a file
   • Registry modification

 Files The following file is created:

%TEMPDIR%\dgd3.tmp

 Registry It registers a browser helper object (BHO) by adding the following key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{FE45BA47-B2A5-48F6-90D5-BF1342C6B9F4}]
   • "(Default)"="Tango"



The following registry key is added:

[HKCU\Software\Microsoft\Internet Explorer\Main]
   • "Search Bar"="http://www.tangosearch.com/?useie5=1&q="
   • "Use Custom Search URL"="dword:0x00000001"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
   {38FDF464-3B98-42DE-89CC-E9542285EC4E}]
   • "URL"="http://www.tangosearch.com/?q={searchTerms}&a=SEARCH"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
   • "Search Bar"="http://www.tangosearch.com/?useie5=1&q="
   • "Use Custom Search URL"="dword:0x00000001"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
   {38FDF464-3B98-42DE-89CC-E9542285EC4E}]
   • "URL"="http://www.tangosearch.com/?q={searchTerms}&a=SEARCH"

 File details Compilation date:
Date: 22/12/2010
Time: 19:59:34

Description inserted by Eric Burk on Friday, February 18, 2011
Description updated by Eric Burk on Friday, February 18, 2011

Back . . . .