Archive for the 'Threats' Category

What is iWebs? How to remove iWebs.site

Tuesday, November 8th, 2016

iWebs is a browser hijacker

iwebs-site browser hijacker
If your browser is redirected to iWebs, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

Name: iWebs
Type: Adware/Browser Hijacker
Danger Level: Low/Medium
Symptoms: browser opens www.iwebs.site, redirects to random websites, a lot of asnnoying ads
Distribution Method: iWebs browser hijacker is integrated into the installation package of various free programs
HijackThis may show infection:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iwebs.site/{param}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iwebs.site/{param}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.iwebs.site/{param}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.iwebs.site/{param}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.iwebs.site/{param}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.iwebs.site/{param}

FRST may show infection:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iwebs.site/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iwebs.site/{param}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = http://www.iwebs.site/{param}
HKU\{clsid}\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwebs.site/{param}
SearchScopes: HKU\{clsid} -> {clsid} URL = http://www.iwebs.site/{param}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.iwebs.site/{param}
CHR HomePage: Default -> www.iwebs.site/{param}
CHR DefaultSearchURL: Default -> http://www.iwebs.site/{param}
CHR DefaultSearchKeyword: Default -> www.iwebs.site
CHR DefaultSuggestURL: Default -> http://www.iwebs.site/{param}
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www.iwebs.site"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://www.iwebs.site"

iWebs removal: To remove iWebs browser hijacker follow the steps below.

  1. Scan your PC with a free software such as AdwCleaner myantispyware.com/download/adwcleaner and Malwarebytes Anti-malware myantispyware.com/download/malwarebytes-anti-malware.
  2. Reset Chrome settings by doing the following. Open Chrome menu, then click Settings. Scroll down and click “Show advanced settings”. Scroll down again and click “Reset settings”. Click Reset to confirm it.
  3. Reset IE setting by doing the following. Open IE menu. Click “Internet Options”, then “Advanced Tab”. Now click Reset button. Select “Delete personal settings ” and click Reset again.
  4. Reset Firefox setting by doing following. Open Firefox menu. Click Help button, next “Troubleshooting Information”. Here click “Refresh Firefox” and confirm it, click to “Refresh Firefox” again.
  5. Disinfect the browser’s shortcuts by doing (repeat the step for all your browsers). Right click to a browser shortcut, select Properties. Click Click inside the Target field, locate and remove “http://www.iwebs.site”. Press OK.

What is Loadstart.net? How to remove Loadstart.net

Friday, October 7th, 2016

Loadstart.net is a browser hijacker

loadstart-net
If your browser is redirected to Loadstart.net, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

(more…)

What is Yourconnectivity.net? How to remove Yourconnectivity.net

Wednesday, September 28th, 2016

Yourconnectivity.net is a browser hijacker

http://yourconnectivity.net/

http://yourconnectivity.net/

If your browser is redirected to Yourconnectivity.net, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

(more…)

Wizesearch.com (Info and Removal)

Saturday, August 20th, 2016

Wizesearch.com is a browser hijacker

wizesearch.com
If your browser is redirected to Wizesearch.com, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

(more…)

What is Need4search.com ? How to remove Need4search.com ?

Friday, August 19th, 2016

Need4search.com is a browser hijacker

Need4search.com
If your browser is redirected to Need4search.com, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

(more…)

Wzscnet.com/i/startm.html (Info and Removal)

Friday, August 19th, 2016

Wzscnet.com/i/startm.html is a browser hijacker

Wzscnet.com/i/startm.html
If your browser is redirected to Wzscnet.com/i/startm.html, then your computer is infected with a browser hijacker. You should immediately check your PC using an antivirus or antispyware software.

(more…)

What is cryp1 ? How to recovery cryp1 files ?

Monday, May 30th, 2016

What is cryp1

cryp1 virus is a new ransomware from the family of CryptXXX. Once started, it will encrypt all personal files. When a file is encrypted, it’s extension will be changed to .cryp1.

cryp1 summary information
Name cryp1 virus
Type ransomware
Danger Level High. Encrypts all personalr files and require pay a ransom to get a encrypt key)
Symptoms Ransom screen, Slow PC, a lot of files with .cryp1 extension
Distribution Method Spam em-mails with attach that infected with this virus
Removal tool Kaspersky Virus Removal Tool, Malwarebytes Anti-malware

(more…)

What is rlvknlg64.exe ? How to remove rlvknlg64.exe ?

Wednesday, September 16th, 2015

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

(more…)

What is rlvknlg32.exe ? How to remove rlvknlg32.exe ?

Wednesday, September 16th, 2015

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

(more…)

What is Navigate.eXE ? How to remove Navigate.eXE ?

Tuesday, September 15th, 2015

Navigate.eXE is a part of OverLook that is a unwanted program.

remove It is an unwanted program. You should immediately remove it manually or using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

(more…)