Thread: GreenguyandJim Fighting Zango
View Single Post
Old 2006-10-26, 04:52 AM   #21
zman
A woman is like beer. They look good, they smell good, and you'd step over your own mother just to get one!
 
zman's Avatar
 
Join Date: Sep 2005
Posts: 53
Send a message via ICQ to zman
I've made quite a bit of research the last couple of days and this is what I came up with.
It's a batch file I wrote which is intended to totally remove Zango from the surfers computer.
It basically does the same thing as Jim's tutorial says plus a few things like removing Zango start menu shortcuts,
Zango cookies, windows prefetch data and all the registry entries I could find were created by it.

Code:
@echo off
cls

set TMPF1=%TEMP%\dzf.tmp
set Prefetch=%WinDir%\Prefetch

echo 1. Terminating known Zango processes.
taskkill /f /im "zanu.exe" /im "zango.exe" > nul 2>&1
echo.

echo 2. Searching for and unregistering Zango DLL's.
for /r "%ProgramFiles%\" %%i in (*zangohook.dll *ZbAds.dll *ZbCoreSrv.dll *ZbHostIE.dll *ZbToolbar.dll) do (regsvr32 /u /s "%%i"
echo    "%%i" - OK)
echo.

echo 3. Locating and deleting Zango files and folders.
echo    This may take a while... Please be patient.
if exist %TMPF1% del %TMPF1%
pushd %ProgramFiles%\
for /f "delims=" %%i in ('dir /ad /o /b /s ^| find /i "zango" ^| sort /r') do (
dir "%%i\" /a-d /b >> %TMPF1% 2> nul
rmdir /s /q "%%i\")
echo    %ProgramFiles%\ - OK
popd

pushd %AllUsersProfile%\
for /f "delims=" %%i in ('dir /ad /o /b /s ^| find /i "zango" ^| sort /r') do (rmdir /s /q "%%i\")
for /f "delims=" %%i in ('dir /a /b /s ^| find /i "zango"') do (del /f /q "%%i")
echo    %AllUsersProfile%\ - OK)
popd

pushd %UserProfile%\
for /f "delims=" %%i in ('dir /ad /o /b /s ^| find /i "zango" ^| sort /r') do (rmdir /s /q "%%i\")
for /f "delims=" %%i in ('dir /a /b /s ^| find /i "zango"') do (del /f /q "%%i")
echo    %UserProfile%\ - OK
popd

if exist %TMPF1% for /f "delims=" %%i in ('find /i ".exe" %TMPF1% ^| find /i /v "%TMPF1%"') do (
del /f /q "%Prefetch%\%%i*" >nul 2>&1)
del /f /q "%Prefetch%\*zango*" >nul 2>&1
del /f /q "%TMPF1%" >nul 2>&1
echo    %Prefetch%\ - OK
echo.

echo 4. Cleaning up known Zango registry entries.
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "zanu" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "zango" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Zango TvTimes" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\CLSID\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\Interface\{7B178417-3CDA-444F-94FF-312C0A3A78A8}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\TypeLib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\TypeLib\{E5B57AB3-15F8-43A2-ABAC-3E58A9C25818}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\ncmyb.SABHO" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Classes\ncmyb.SABHO.1" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jade Shadow" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zango TV Times" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zanu" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\ZangoToolbar" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\zango" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\zanu" /f >nul 2>&1
echo    HKEY_LOCAL_MACHINE - OK
reg delete "HKCR\ZbSrv.ZbCoreServices" /f >nul 2>&1
reg delete "HKCR\ZbSrv.ZbCoreServices.1" /f >nul 2>&1
reg delete "HKCR\Typelib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}" /f >nul 2>&1
reg delete "HKCR\Typelib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}" /f >nul 2>&1
reg delete "HKCR\LMgr180.WMDRMAx" /f >nul 2>&1
reg delete "HKCR\LMgr180.WMDRMAx.1" /f >nul 2>&1
reg delete "HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}" /f >nul 2>&1
reg delete "HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}" /f >nul 2>&1
reg delete "HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}" /f >nul 2>&1
reg delete "HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}" /f >nul 2>&1
reg delete "HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}" /f >nul 2>&1
reg delete "HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}" /f >nul 2>&1
reg delete "HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}" /f >nul 2>&1
reg delete "HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}" /f >nul 2>&1
reg delete "HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}" /f >nul 2>&1
reg delete "HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}" /f >nul 2>&1
reg delete "HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}" /f >nul 2>&1
reg delete "HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}" /f >nul 2>&1
reg delete "HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}" /f >nul 2>&1
reg delete "HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}" /f >nul 2>&1
reg delete "HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}" /f >nul 2>&1
reg delete "HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}" /f >nul 2>&1
reg delete "HKCR\ClientAX.ClientInstaller" /f >nul 2>&1
reg delete "HKCR\ClientAX.ClientInstaller.1" /f >nul 2>&1
reg delete "HKCR\ClientAX.RequiredComponent" /f >nul 2>&1
reg delete "HKCR\ClientAX.RequiredComponent.1" /f >nul 2>&1
reg delete "HKCR\ClientAX.ZangoClientAX" /f >nul 2>&1
reg delete "HKCR\ClientAX.ZangoClientAX.1" /f >nul 2>&1
reg delete "HKCR\ZbSrv.ZbCoreServices" /f >nul 2>&1
reg delete "HKCR\ZbSrv.ZbCoreServices.1" /f >nul 2>&1
reg delete "HKCR\Typelib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}" /f >nul 2>&1
reg delete "HKCR\Typelib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}" /f >nul 2>&1
reg delete "HKCR\LMgr180.WMDRMAx" /f >nul 2>&1
reg delete "HKCR\LMgr180.WMDRMAx.1" /f >nul 2>&1
reg delete "HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}" /f >nul 2>&1
reg delete "HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}" /f >nul 2>&1
reg delete "HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}" /f >nul 2>&1
reg delete "HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}" /f >nul 2>&1
reg delete "HKCR\Interface\{BD31DF26-7178-41F4-88DD-F16B82D827CA}" /f >nul 2>&1
reg delete "HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}" /f >nul 2>&1
reg delete "HKCR\Interface\{89D36231-6BD9-4E20-BBA0-FD28C3A83C40}" /f >nul 2>&1
reg delete "HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}" /f >nul 2>&1
reg delete "HKCR\Interface\{72FEEB09-BB27-46D3-A06D-930D4D544227}" /f >nul 2>&1
reg delete "HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}" /f >nul 2>&1
reg delete "HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}" /f >nul 2>&1
reg delete "HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}" /f >nul 2>&1
reg delete "HKCR\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}" /f >nul 2>&1
reg delete "HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}" /f >nul 2>&1
reg delete "HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}" /f >nul 2>&1
reg delete "HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}" /f >nul 2>&1
reg delete "HKCR\ClientAX.ClientInstaller" /f >nul 2>&1
reg delete "HKCR\ClientAX.ClientInstaller.1" /f >nul 2>&1
reg delete "HKCR\ClientAX.RequiredComponent" /f >nul 2>&1
reg delete "HKCR\ClientAX.RequiredComponent.1" /f >nul 2>&1
reg delete "HKCR\ClientAX.ZangoClientAX" /f >nul 2>&1
reg delete "HKCR\ClientAX.ZangoClientAX.1" /f >nul 2>&1
echo    HKEY_CLASSES_ROOT - OK
reg delete "HKCU\Software\zanu" /f >nul 2>&1
reg delete "HKCU\SOFTWARE\ZangoToolbar" /f >nul 2>&1
reg delete "HKCU\SOFTWARE\zango" /f >nul 2>&1
reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" /f >nul 2>&1
reg add "HKCU\Software\Microsoft\RAS Autodial\Control" /v "LoginSessionDisable" /t REG_DWORD /d 0 /f >nul 2>&1
echo    HKEY_CURRENT_USER - OK
echo.
echo All Done!
pause
I believe it would be much easier for the surfer to double-click a file and get rid of that Zango crap than to manually delete all
those registry entries and files.

The downside of this batch file is that it does not run under Win95/98/Me because some of the commands I've used are
only available under Win2k and later. I've tested this on Windows XP Pro with Service Pack 2 and it worked flawlessly.

If there's anybody out there who could test it on other OS's and let me know I would appreciate it.
Attached Files
File Type: zip remove-zango.zip (1.9 KB, 237 views)
zman is offline   Reply With Quote