Category Archives: Browser hijacker

What is iWebs? How to remove iWebs.site

iWebs is a browser hijacker

iwebs-site browser hijacker
If your browser is redirected to iWebs, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

Name: iWebs
Type: Adware/Browser Hijacker
Danger Level: Low/Medium
Symptoms: browser opens www.iwebs.site, redirects to random websites, a lot of asnnoying ads
Distribution Method: iWebs browser hijacker is integrated into the installation package of various free programs
HijackThis may show infection:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iwebs.site/{param}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iwebs.site/{param}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.iwebs.site/{param}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.iwebs.site/{param}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.iwebs.site/{param}

FRST may show infection:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iwebs.site/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iwebs.site/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://www.iwebs.site/{param}
HKU\{clsid}\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
SearchScopes: HKU\{clsid} -> {clsid} URL = http://www.iwebs.site/{param}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.iwebs.site/{param}
CHR HomePage: Default -> www.iwebs.site/{param}
CHR DefaultSearchURL: Default -> http://www.iwebs.site/{param}
CHR DefaultSearchKeyword: Default -> www.iwebs.site
CHR DefaultSuggestURL: Default -> http://www.iwebs.site/{param}
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://www.iwebs.site"

iWebs removal: To remove iWebs browser hijacker follow the steps below.

  1. Scan your PC with a free software such as AdwCleaner myantispyware.com/download/adwcleaner and Malwarebytes Anti-malware myantispyware.com/download/malwarebytes-anti-malware.
  2. Reset Chrome settings by doing the following. Open Chrome menu, then click Settings. Scroll down and click “Show advanced settings”. Scroll down again and click “Reset settings”. Click Reset to confirm it.
  3. Reset IE setting by doing the following. Open IE menu. Click “Internet Options”, then “Advanced Tab”. Now click Reset button. Select “Delete personal settings ” and click Reset again.
  4. Reset Firefox setting by doing following. Open Firefox menu. Click Help button, next “Troubleshooting Information”. Here click “Refresh Firefox” and confirm it, click to “Refresh Firefox” again.
  5. Disinfect the browser’s shortcuts by doing (repeat the step for all your browsers). Right click to a browser shortcut, select Properties. Click Click inside the Target field, locate and remove “http://www.iwebs.site”. Press OK.

What is Antispyway.com, How to remove Antispyway.com

Antispyway.com is a malicious website

remove The site was created to spread Antivirus Action. If your browser is redirected to Antispyway.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 93.174.88.136
Site addess: Antispyway.com
Description: Antispyway.com is not related with legit security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Action.

How to remove: use the antispyway.com removal instructions in order to remove this infection.

What is antispytag.com, How to remove antispytag.com

Antispytag.com is a malicious website

remove The site was created to spread Antivirus Action. If your browser is redirected to antispytag.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 93.174.88.136
Site addess: antispytag.com
Description: antispytag.com is not related with legitimate security company and can only be seen on infected computers. The site used to promote the rogue antispyware program called Antivirus Action.

How to remove: use the antispytag removal instructions or the steps below in order to remove this infection.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is antivirpwr.com, How to remove antivirpwr.com

Antivirpwr.com is a malicious website

remove The site was created to spread Security Suite. If your browser is redirected to antivirpwr.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.205
Site addess: antivirpwr.com
Description: antivirpwr.com is not related with legit security company and can be seen on infected computers. The site used to promote the rogue antispyware program called Security Suite.

How to remove: use these antivirpwr removal instructions or the steps below in order to remove this infection.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is antivircat.com, How to remove antivircat.com

Antivircat.com is a malicious website

remove The site was created to spread Security Suite. If your browser is redirected to antivircat.com, then you should immediately check your PC using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

IP Address: 79.135.152.205
Site addess: antivircat.com
Description: antivircat.com is not related with legitimate security company and can be seen on infected computers. The site used to promote the rogue antispyware program called Security Suite.

How to remove: use these antivircat removal instructions or the steps below in order to remove this infection.

1. Reboot your computer in Safe mode with networking.

2. Reset proxy settings of your browser (this malware hijacked them) by doing: run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and click OK again.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).