What is Yourconnectivity.net? How to remove Yourconnectivity.net

Comments Off on What is Yourconnectivity.net? How to remove Yourconnectivity.net
September 28th, 2016 Browser hijacker

Yourconnectivity.net is a browser hijacker

http://yourconnectivity.net/

http://yourconnectivity.net/

If your browser is redirected to Yourconnectivity.net, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

Name: Yourconnectivity.net
Type: Adware/Browser Hijacker
Danger Level: Low/Medium
Symptoms: browser opens yourconnectivity.net, redirects to random websites, a lot of asnnoying ads
Distribution Method: Yourconnectivity.net browser hijacker is integrated into the installation package of various free programs
HijackThis may show infection:

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yourconnectivity.net/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yourconnectivity.net/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yourconnectivity.net/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://yourconnectivity.net/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourconnectivity.net/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yourconnectivity.net/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yourconnectivity.net/{param}
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://yourconnectivity.net/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://yourconnectivity.net/{param}
O4 – HKCU\..\Run: [xxx] explorer.exe http://yourconnectivity.net/{param}

FRST may show infection:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourconnectivity.net/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://yourconnectivity.net/{param}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yourconnectivity.net/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yourconnectivity.net/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://yourconnectivity.net/{param}
HKU\{clsid}\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourconnectivity.net/{param}
SearchScopes: HKU\{clsid} -> {clsid} URL = http://yourconnectivity.net/{param}
StartMenuInternet: IEXPLORE.EXE – C:\Program Files\Internet Explorer\iexplore.exe http://yourconnectivity.net/{param}
CHR HomePage: Default -> yourconnectivity.net/{param}
CHR DefaultSearchURL: Default -> http://yourconnectivity.net/{param}
CHR DefaultSearchKeyword: Default -> yourconnectivity.net
CHR DefaultSuggestURL: Default -> http://yourconnectivity.net/{param}
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> “hxxp://yourconnectivity.net”
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> “hxxp://yourconnectivity.net”

How to remove Yourconnectivity.net: To remove the browser hijacker follow the steps below.

  1. Scan your PC with a free software such as AdwCleaner and Malwarebytes Anti-malware.
  2. Reset Chrome settings by doing the following. Open Chrome menu, then click Settings. Scroll down and click “Show advanced settings”. Scroll down again and click “Reset settings”. Click Reset to confirm it.
  3. Reset IE setting by doing the following. Open IE menu. Click “Internet Options”, then “Advanced Tab”. Now click Reset button. Select “Delete personal settings ” and click Reset again.
  4. Reset Firefox setting by doing following. Open Firefox menu. Click Help button, next “Troubleshooting Information”. Here click “Refresh Firefox” and confirm it, click to “Refresh Firefox” again.
  5. Disinfect the browser’s shortcuts by doing the following (repeat this step for all your browsers). Right click to a browser shortcut, select Properties. Click inside the Target field, locate and remove “http://URL”. Press OK.

Wizesearch.com (Info and Removal)

Comments Off on Wizesearch.com (Info and Removal)
August 20th, 2016 Browser hijacker, O4, Run

Wizesearch.com is a browser hijacker

wizesearch.com
If your browser is redirected to Wizesearch.com, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

Name: Wizesearch.com
Type: Adware/Browser Hijacker
Danger Level: Low/Medium
Symptoms: browser opens wizesearch.com, redirects to random websites, a lot of asnnoying ads
Distribution Method: Wizesearch.com browser hijacker is integrated into the installation package of various free programs
HijackThis may show infection:

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wizesearch.com/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wizesearch.com/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://wizesearch.com/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://wizesearch.com/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wizesearch.com/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wizesearch.com/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://wizesearch.com/{param}
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://wizesearch.com/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://wizesearch.com/{param}
O4 – HKCU\..\Run: [xxx] explorer.exe http://wizesearch.com/{param}

FRST may show infection:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wizesearch.com/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://wizesearch.com/{param}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wizesearch.com/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wizesearch.com/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://wizesearch.com/{param}
HKU\{clsid}\Software\Microsoft\Internet Explorer\Main,Start Page = http://wizesearch.com/{param}
SearchScopes: HKU\{clsid} -> {clsid} URL = http://wizesearch.com/{param}
StartMenuInternet: IEXPLORE.EXE – C:\Program Files\Internet Explorer\iexplore.exe http://wizesearch.com/{param}
CHR HomePage: Default -> wizesearch.com/{param}
CHR DefaultSearchURL: Default -> http://wizesearch.com/{param}
CHR DefaultSearchKeyword: Default -> wizesearch.com
CHR DefaultSuggestURL: Default -> http://wizesearch.com/{param}

Detection and removal: To remove Wizesearch.com browser hijacker use a free software such as AdwCleaner and Malwarebytes Anti-malware.

What is Need4search.com ? How to remove Need4search.com ?

Comments Off on What is Need4search.com ? How to remove Need4search.com ?
August 19th, 2016 Browser hijacker

Need4search.com is a browser hijacker

Need4search.com
If your browser is redirected to Need4search.com, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

Name: Need4search.com
Type: Adware/Browser Hijacker
Danger Level: Low/Medium
Symptoms: browser opens need4search.com, redirects to random websites, a lot of asnnoying ads
Distribution Method: Need4search.com browser hijacker is integrated into the installation package of various free programs
HijackThis may show infection:

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://need4search.com/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://need4search.com/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://need4search.com/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://need4search.com/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://need4search.com/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://need4search.com/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://need4search.com/{param}
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://need4search.com/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://need4search.com/{param}
O4 – HKCU\..\Run: [xxx] explorer.exe http://need4search.com/{param}

FRST may show infection:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://need4search.com/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://need4search.com/{param}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://need4search.com/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://need4search.com/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://need4search.com/{param}
HKU\{clsid}\Software\Microsoft\Internet Explorer\Main,Start Page = http://need4search.com/{param}
SearchScopes: HKU\{clsid} -> {clsid} URL = http://need4search.com/{param}
StartMenuInternet: IEXPLORE.EXE – C:\Program Files\Internet Explorer\iexplore.exe http://need4search.com/{param}
CHR HomePage: Default -> need4search.com/{param}
CHR DefaultSearchURL: Default -> http://need4search.com/{param}
CHR DefaultSearchKeyword: Default -> need4search.com
CHR DefaultSuggestURL: Default -> http://need4search.com/{param}

Detection and removal: To remove Need4search.com browser hijacker use a free software such as AdwCleaner and Malwarebytes Anti-malware.

Wzscnet.com/i/startm.html (Info and Removal)

Comments Off on Wzscnet.com/i/startm.html (Info and Removal)
August 19th, 2016 Browser hijacker

Wzscnet.com/i/startm.html is a browser hijacker

Wzscnet.com/i/startm.html
If your browser is redirected to Wzscnet.com/i/startm.html, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

Name: Wzscnet.com/i/startm.html
Type: Adware/Browser Hijacker
Danger Level: Low/Medium
Symptoms: browser opens wzscnet.com/i/startm.html, redirects to random websites, a lot of asnnoying ads
Distribution Method: Wzscnet.com/i/startm.html browser hijacker is integrated into the installation package of various free programs
HijackThis may show infection:

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wzscnet.com/i/startm.html/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wzscnet.com/i/startm.html/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://wzscnet.com/i/startm.html/{param}
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://wzscnet.com/i/startm.html/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wzscnet.com/i/startm.html/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wzscnet.com/i/startm.html/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://wzscnet.com/i/startm.html/{param}
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://wzscnet.com/i/startm.html/{param}
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://wzscnet.com/i/startm.html/{param}
O4 – HKCU\..\Run: [xxx] explorer.exe http://wzscnet.com/i/startm.html/{param}

FRST may show infection:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wzscnet.com/i/startm.html/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://wzscnet.com/i/startm.html/{param}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wzscnet.com/i/startm.html/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wzscnet.com/i/startm.html/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://wzscnet.com/i/startm.html/{param}
HKU\{clsid}\Software\Microsoft\Internet Explorer\Main,Start Page = http://wzscnet.com/i/startm.html/{param}
SearchScopes: HKU\{clsid} -> {clsid} URL = http://wzscnet.com/i/startm.html/{param}
StartMenuInternet: IEXPLORE.EXE – C:\Program Files\Internet Explorer\iexplore.exe http://wzscnet.com/i/startm.html/{param}
CHR HomePage: Default -> wzscnet.com/i/startm.html/{param}
CHR DefaultSearchURL: Default -> http://wzscnet.com/i/startm.html/{param}
CHR DefaultSearchKeyword: Default -> wzscnet.com/i/startm.html
CHR DefaultSuggestURL: Default -> http://wzscnet.com/i/startm.html/{param}

Detection and removal: To remove Wzscnet.com/i/startm.html browser hijacker use a free software such as AdwCleaner and Malwarebytes Anti-malware.

What is cryp1 ? How to recovery cryp1 files ?

Comments Off on What is cryp1 ? How to recovery cryp1 files ?
May 30th, 2016 Ransomware

What is cryp1

cryp1 virus is a new ransomware from the family of CryptXXX. Once started, it will encrypt all personal files. When a file is encrypted, it’s extension will be changed to .cryp1.

cryp1 summary information
Name cryp1 virus
Type ransomware
Danger Level High. Encrypts all personalr files and require pay a ransom to get a encrypt key)
Symptoms Ransom screen, Slow PC, a lot of files with .cryp1 extension
Distribution Method Spam em-mails with attach that infected with this virus
Removal tool Kaspersky Virus Removal Tool, Malwarebytes Anti-malware

How to recovery cryp1 files

1. Use the removal tools above to clean your computer from cryp1 virus.
2. Use ShadowExplorer and PhotoRec to try to restore all encrypted files.

What is rlvknlg64.exe ? How to remove rlvknlg64.exe ?

Comments Off on What is rlvknlg64.exe ? How to remove rlvknlg64.exe ?
September 16th, 2015 Service, Unwanted Programs

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rlvknlg64
Filename: rlvknlg64.exe
Command: %PROGRAMFILES%\RelevantKnowledge\rlvknlg64.exe
Startup Type: Service
Description: rlvknlg64.exe is a part of Relevant Knowledge also known as PUP.RelevantKnowledge and Spyware.Marketscore

How to remove: use the rlvknlg64 removal instructions.

What is rlvknlg32.exe ? How to remove rlvknlg32.exe ?

Comments Off on What is rlvknlg32.exe ? How to remove rlvknlg32.exe ?
September 16th, 2015 Service, Unwanted Programs

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: rlvknlg32
Filename: rlvknlg32.exe
Command: %PROGRAMFILES%\RelevantKnowledge\rlvknlg32.exe
Startup Type: Service
Description: rlvknlg32.exe is a part of RelevantKnowledge (that is an unwanted program)

How to remove: use rlvknlg32 removal steps.

What is Navigate.eXE ? How to remove Navigate.eXE ?

September 15th, 2015 Unwanted Programs

Navigate.eXE is a part of OverLook that is a unwanted program.

remove It is an unwanted program. You should immediately remove it manually or using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Navigate.eXE associated files and folders:

%LocalAppData%\%CLSID%\Navigate\
%LocalAppData%\%CLSID%\Navigate\Navigate.eXE
%LocalAppData%\%CLSID%\Navigate\pdf.dll
%LocalAppData%\%CLSID%\Navigate\PepperFlash\
%LocalAppData%\%CLSID%\Navigate\PepperFlash\manifest.json
%LocalAppData%\%CLSID%\Navigate\PepperFlash\pepflashplayer.dll
%LocalAppData%\%CLSID%\Navigate\ppGoogleNaClPluginChrome.dll
%LocalAppData%\%CLSID%\Navigate\resources.pak
%LocalAppData%\%CLSID%\Navigate\SecondaryTile.png
%LocalAppData%\%CLSID%\Navigate\wow_helper.exe
%LocalAppData%\%CLSID%\Runner.exe
%LocalAppData%\%CLSID%\uninstall.exe
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Updater for Analytic Tool
C:\Windows\System32\Tasks\Worker for Analytic Tool

Core filename: Navigate.eXE
Command: command

%LocalAppData%\%CLSID%\Navigate\Navigate.eXE

How to remove: use OverLook, Runner.exe and Navigate.eXE removal steps

What is System Care Antivirus. How to remove System Care Antivirus

April 10th, 2013 Rogue Antispyware/Antivirus

System Care Antivirus is a harmful program.

remove It is a fake security program, you should immediately remove it using an antivirus or antispyware program.
If that does not help, then ask us for help in the System Care Antivirus removal forum.

System Care Antivirus associated files and folders:

%CommonAppData%\[RANDOM]
%CommonAppData%\[RANDOM]\[RANDOM].exe
%CommonAppData%\[RANDOM]\[RANDOM].ico

System Care Antivirus associated registry keys and values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Internet Security Essentials

Core filename: [RANDOM].exe
Command: %CommonAppData%\[RANDOM]\[RANDOM].exe
HijackThis shows System Care Antivirus:

04 – HKCU\..\RunOnce: [RANDOM] %CommonAppData%\[RANDOM]\[RANDOM].exe

Description: rogue antispyware program

How to remove: use the System Care Antivirus removal instructions or the steps below.

1. Reboot your computer in “Safe mode with networking”.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Download TDSSKiller from here and unzip to your desktop. Run and follow the prompts.

4. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is winxn.exe, How to remove winxn.exe

December 5th, 2011 Malware, O4, Run

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winxn
Filename: winxn.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WinXn

Command: %Temp%\winxn.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [WinXn] %Temp%\winxn.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“WinXn”=%Temp%\winxn.exe

Description: malware

How to remove: use HijackThis + Kaspersky virus removal tool