The Mysterious Tango Toolbar
- Friday, June 18, 2010, 1:19
- Threat Research
For a month or so now, support sites and Question / Answer services such as social.answers.microsoft and Yahoo Questions have been looking like this:
Two common themes: nobody seems to know where they get it from, and nobody can uninstall it. Out of all the threads posted, there seems to be only one that potentially gives some specifics with regards a possible source. If you don’t want to read his long ramble, here is his post in a nutshell:
“Went looking for Limewire, downloaded a version and now I have Tango Toolbar”.
So either he grabbed a cracked version which comes with the toolbar, or he downloaded something from P2P land which came with a few surprises. Regardless of infection route, it took a while to find the file in question because “It’s called Tango Toolbar and there’s a picture of a red hat on it” doesn’t really help much. The search was made more annoying by virtue of there being lots and lots of programs, skins and other things called Tango (or Tango Toolbar) that had nothing to do with this.
Things picked up a bit with this HijackThis log, listing a URL in the file which allowed me to grab a report (continue reading...)
When I booted up today I had a scan result from Stopzilla that had detected tango on my system.I let Stopzilla kill it. I ran some scans with spyware doctor and malewarebytes they came up clean. Stopzilla was able to find this mcnasty.