Nod32removal.exe

Zango, formerly ePIPO, 180solutions and Hotbar, was a software company that provided users access to its partners’ videos, games, tools and utilities in exchange for viewing targeted advertising placed on their computers. In April 2009 Nod32removal.exe ceased trading after its banks foreclosed.

Zango’s consumer website asserted that the company was “committed to creating a content economy built on a foundation of safe and ethical practices by protecting consumer privacy while offering a fulfilling and high-value content experience. The videos have an installer embedded within them for the Zango Cash Toolbar. When users click on the video, they are directed to a copy of the video, which is hosted on a site called ‘Yootube. A more detailed analysis of this attack, according to one website, is that “Zango continues numerous practices likely to confuse, deceive, or otherwise harm typical users as well as practices specifically contrary to Zango’s obligations under its November 2006 settlement with the FTC. Zango software is listed as adware by Symantec. Keith and Ken Smith, the CEO and CTO respectively, founded ePIPO in 1999.

This business model paid users a minimal amount to surf the Internet while running an application that showed banner ads. Users could also make money by referring new users. After enjoying brief success, the pay-to-surf business model declined with the bursting of the dot-com bubble in 2001. To show pop-up ads rather than banner ads. To not have any visible GUI. To be bundled with other potentially valuable applications.

While these affiliates were required by the 180solutions contract and by law to obtain the permission of the user prior to software installation, many did not, resulting in millions of illegal non-consensual installs. 180solutions’ software showed pop-up ads while a user was surfing the Internet. 180solutions adware was typically hidden in an EULA, most users were unaware they were installing adware. In some cases 180solutions’ software was installed as a standalone install. In 2004, Benjamin Edelman, assistant professor at Harvard Business School and spyware researcher, analyzed the network behavior of 180solutions applications and claimed they redirected commissions to themselves that were properly due to affiliates, and additionally caused merchants to pay commissions when affected users clicked on merchant sites directly. In 2005, 180solutions implemented a number of initiatives to control the distribution of its software and eliminate non-consensual installs.

Despite the initiatives of 2005, 180solutions admitted that it was possible for malicious parties to hack their install routines and thus cause fraudulent installs. In early 2008, security researchers at Fortinet reported, incorrectly, that the rapidly spreading Facebook widget “Secret Crush” was enticing users to download Zango adware by promising to identify a secret admirer. Executive Vice President of Corporate Development York Baur, company co-founder Chief Technology Officer Ken Smith, and company co-founder Chief Information Officer Doug Hanhart also left. On January 23, 2006, a public advocacy group filed two official complaints with the Federal Trade Commission.

The same year, the Federal Trade Commission charged Zango with “Deceptive Failure to Disclose Adware”, “Unfair Installation of Adware”, and “Unfair Uninstall Practices” in violation of the Federal Trade Commission Act. Since the FTC ruling, security researchers continued to find Zango involved in problematic installs. In September 2005, attorney Shawn Collins filed a class action lawsuit against Zango on behalf of three plaintiffs, alleging that Zango deceptively installed spyware on more than 20 million personal computers. The company said its software was voluntarily installed by users who downloaded premium content in exchange for their consent to view advertisements relevant to what they searched for online. In 2005, Zango sued Zone Labs for labeling it as spyware.

Also in May 2007, Zango filed in the same court a similar lawsuit against Kaspersky Lab, accusing it of tortious interference, trade libel and unjust enrichment for blocking the installation of Zango software. Unusual methods of installation and operation have evolved as software such as Zango is targeted to run on a broader mix of applications and platforms. Zango has stated on their website that any Zango “application” can be completely uninstalled by using the Microsoft Windows “Add or Remove Programs” function. However, Zango may appear as a browser plug-in or in some other form which cannot be removed by the officially recommended procedure. Utilities exist for the purpose of detecting, and in some cases removing Zango and similar software. Some software advisers have recommended that people seeking to remove Zango-like software from their computers search for instructions specific to their particular platform, application, and installation.