ZipZapPromos Adware
Not much is known about the Adware Program called ZipZapPromos. It delivers pop-up advertising for select companies. It is assumed that it infects computers through peer to peer (P2P) file sharing, as some associated registry keys involve P2P file sharing autostart programs. The most frequently cited P2P file sharing site for ZipZapPromos infections is kazaa.com. Kazaa is notorious for including adware as part of their software bundles.
If you have been infected with ZipZapPromos, it is probably from P2P file sharing. This is generally considered to be an unsafe browsing practice, and should be avoided if possible. You should also tighten up your browser’s security settings. This can prevent most adware and spyware infections.
SpyZooka can quickly and easily remove ZipZapPromos.
Associated Files:
P2P Networking.exe, hupstlqk.exe, idctup20.exe, wmnshl.exe, msedpb.exe
Registry Files:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:7900
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.a.websponsors.com; *.cdn.clickagents.com; *.images .trafficmp.com; *.mezi2.hit-logo-ringtone.com; *.zipzappromos.com; 64.136.29.30; 64.13 6.21.30;64.136.29.34; a.websponsors.com; cdn.clickagents.com; images.trafficmp.com; mezi2.hit-logo-ringtone.com; searchap.untd.com; 127.0.0.1; localhost ; *windowsupdate.microsoft.com; *windowsupdate.com; *wustat.windows.com; *.pogo.com; *test-speed.com; liveupdate.symantecliveupdate.com; liveup date.symantec.com; service1.symantec.com; *.nai.com; *.networkassociates.com; zipzappromos.com; <local>
O4 – HKLM\..\Run: [plhsqcmfizwt] D:\WINNT\system32\hupstlqk.exe
O4 – HKLM\..\Run: [P2P Networking] D:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 – HKLM\..\Run: [ivrrzbomqu] D:\WINNT\System32\hupstlqk.exe
O4 – HKLM\..\Run: [intdctrr] D:\WINNT\system32\idctup20.exe
O4 – HKCU\..\Run: [ZwpFRXc5R] wmnshl.exe
O4 – HKCU\..\Run: [msmc] D:\WINNT\system32\msedpb.exe