Comments Off on What is iWebs? How to remove iWebs.site
November 8th, 2016 Browser hijacker
iWebs is a browser hijacker
|
If your browser is redirected to iWebs, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software. |
Name: iWebs
Type: Adware/Browser Hijacker
Danger Level: Low/Medium
Symptoms: browser opens www.iwebs.site, redirects to random websites, a lot of asnnoying ads
Distribution Method: iWebs browser hijacker is integrated into the installation package of various free programs
HijackThis may show infection:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iwebs.site/{param}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iwebs.site/{param}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.iwebs.site/{param}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.iwebs.site/{param}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.iwebs.site/{param}
FRST may show infection:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iwebs.site/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iwebs.site/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://www.iwebs.site/{param}
HKU\{clsid}\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
SearchScopes: HKU\{clsid} -> {clsid} URL = http://www.iwebs.site/{param}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.iwebs.site/{param}
CHR HomePage: Default -> www.iwebs.site/{param}
CHR DefaultSearchURL: Default -> http://www.iwebs.site/{param}
CHR DefaultSearchKeyword: Default -> www.iwebs.site
CHR DefaultSuggestURL: Default -> http://www.iwebs.site/{param}
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://www.iwebs.site"
iWebs removal: To remove iWebs browser hijacker follow the steps below.
- Scan your PC with a free software such as AdwCleaner myantispyware.com/download/adwcleaner and Malwarebytes Anti-malware myantispyware.com/download/malwarebytes-anti-malware.
- Reset Chrome settings by doing the following. Open Chrome menu, then click Settings. Scroll down and click “Show advanced settings”. Scroll down again and click “Reset settings”. Click Reset to confirm it.
- Reset IE setting by doing the following. Open IE menu. Click “Internet Options”, then “Advanced Tab”. Now click Reset button. Select “Delete personal settings ” and click Reset again.
- Reset Firefox setting by doing following. Open Firefox menu. Click Help button, next “Troubleshooting Information”. Here click “Refresh Firefox” and confirm it, click to “Refresh Firefox” again.
- Disinfect the browser’s shortcuts by doing (repeat the step for all your browsers). Right click to a browser shortcut, select Properties. Click Click inside the Target field, locate and remove “http://www.iwebs.site”. Press OK.
Comments Off on What is cryp1 ? How to recovery cryp1 files ?
May 30th, 2016 Ransomware
What is cryp1
cryp1 virus is a new ransomware from the family of CryptXXX. Once started, it will encrypt all personal files. When a file is encrypted, it’s extension will be changed to .cryp1.
cryp1 summary information |
Name |
cryp1 virus |
Type |
ransomware |
Danger Level |
High. Encrypts all personalr files and require pay a ransom to get a encrypt key) |
Symptoms |
Ransom screen, Slow PC, a lot of files with .cryp1 extension |
Distribution Method |
Spam em-mails with attach that infected with this virus |
Removal tool |
Kaspersky Virus Removal Tool, Malwarebytes Anti-malware |
Read the rest of this entry »
Comments Off on What is rlvknlg64.exe ? How to remove rlvknlg64.exe ?
September 16th, 2015 Service, Unwanted Programs
Comments Off on What is rlvknlg32.exe ? How to remove rlvknlg32.exe ?
September 16th, 2015 Service, Unwanted Programs
September 15th, 2015 Unwanted Programs
Navigate.eXE is a part of OverLook that is a unwanted program.
Read the rest of this entry »