Wednesday, December 28, 2011

Remove Ciipsearch.net and Mystart.incredibar.com redirects as a bad habit of your PC

Ciipsearch.net and Mystart.incredibar.com repeats its appearances at a frequency that drives people mad. It is getting even worse, if these are made instead of loading your favorite sites such as search engines you prefer.
The routine is established thanks to the invasion of browser helper object. It is a helper for its remote controller, tricky hacker, while for user of a compromised machine it is an annoying infection that considerably deteriorates the q1uality of personal computer use.
There is no way to part with the above website but removal of Ciipsearch.net and Mystart.incredibar.com hijackers or malicious helper agents for web-browsers. The infections keeps every browser addicted to the tricky url.
To get rid of Ciipsearch.net and Mystart.incredibar.com as a bad habits of your operating system, click here to run free scan that ensures identification and extermination of every threat.

Ciipsearch.net and Mystart.incredibar.com screnshots:


Ciipsearch.net and Mystart.incredibar.com domain details:

    Whois Record
    Site Profile
    Registration
    Server Stats
    My Whois

Registrar History:
1 registrar
NS History:
4 changes on 3 unique name servers over 0 year.
IP History:
6 changes on 4 unique IP addresses over 0 years.
Whois History:
8 records have been archived since 2011-05-26 .
Reverse IP:
44 other sites hosted on this server.
Log In or Create a FREE account to start monitoring this domain name

Domain cipsearch.net

Date Registered: 2011-5-25
Date Modified: 2011-11-21
Expiry Date: 2012-5-25

DNS1: ns-canada.topdns.com
DNS2: ns-uk.topdns.com
DNS3: ns-usa.topdns.com

Registrant
    Private Whois cipsearch.net
    Private Whois cipsearch.net 
    *******PLEASE DO NOT SEND LETTERS******
    ****Contact the owner by email only****
    c/o cipsearch.net
    N4892 Nassau
    Bahamas
    Tel: +852.81720004

Administrative Contact
    Private Whois cipsearch.net
    Private Whois cipsearch.net 
    *******PLEASE DO NOT SEND LETTERS******
    ****Contact the owner by email only****
    c/o cipsearch.net
    N4892 Nassau
    Bahamas
    Tel: +852.81720004

Technical Contact
    Private Whois cipsearch.net
    Private Whois cipsearch.net 
    *******PLEASE DO NOT SEND LETTERS******
    ****Contact the owner by email only****
    c/o cipsearch.net
    N4892 Nassau
    Bahamas
    Tel: +852.81720004




Registrant:
   IncrediMail Ltd.

   Domain Name: INCREDIBAR.COM

   Domain servers in listed order:
      NS1P.INCREDIZONE.COM
      NS1S.INCREDIZONE.COM
      NS2P.INCREDIZONE.COM
      NS2S.INCREDIZONE.COM
      NS3.INCREDIZONE.COM




Monday, December 26, 2011

Searchqu.com/406

Searchqu.com/406 (Searchqu.com/405 ) is a typical search engine hijacker and redirector (it  corrupts Google, Yahoo and Bing search engines). If your homepage\searches are redirected to http://searchqu.com/406, it might be that your PC is seriously infected by rootkit that spreads through malicious downloads and e-mail spam We recommend to use Spyware Doctor with antivirus to remove searchqu.com/406 homepage replacer \ Google redirect virus.



Searchqu.com/406 domain ans server details:
Registrant:
   Domains By Proxy, LLC

   Domain Name: SEARCHQU.COM

   Domain servers in listed order:
      DNS.NETVISION.NET.IL
      NYPOP.NETVISION.NET.IL




Sunday, December 25, 2011

83.69.233.121 - Strathclyde Police Virus

83.69.233.121 is the IP adress of virtual server that hosts malicious rootkit and show Strathclyde Police Ukash fake alert (ransomware) to scare users and force them to pay 100 pounds to hackers. To remove 83.69.233.121 redirections download Spyware Doctor and start full computer anti-malware scan.


83.69.233.121 screenshot:

83.69.233.121 details:
inetnum:         83.69.233.0 - 83.69.233.255
netname:         AWAX-HOSTING-NET
descr:           "LTD AWAX Telecom"
remarks:         ********************************************
remarks:         *   Contact                     *
remarks:         *   for  spam or other abuse matters.            *
remarks:         ********************************************
country:         RU
admin-c:         AVG6-RIPE
admin-c:         SVG217-RIPE
tech-c:          AVG6-RIPE
tech-c:          SVG217-RIPE
status:          ASSIGNED PA
mnt-by:          AWAX-MNT
source:          RIPE # Filtered

person:          Andrei V Gasov
address:         LTD AWAX Telecom
address:         Moscow, Orlovo-Davydovsky per., 2/5 str
address:         129110 Moscow
address:         Russia
phone:           +7 495 6264747
fax-no:          +7 495 6264747
e-mail:         
nic-hdl:         AVG6-RIPE
mnt-by:          AWAX-MNT
source:          RIPE # Filtered

person:          Sergey V Grenivetskiy
address:         LTD AWAX Telecom
address:         Moscow, Orlovo-Davydovsky per., 2/5 str.
address:         129110 Moscow
address:         Russia
phone:           +7 495 6264747
fax-no:          +7 495 6264747
e-mail:         
nic-hdl:         SVG217-RIPE
mnt-by:          AWAX-MNT
source:          RIPE # Filtered

route:          83.69.232.0/21
descr:          NOC
origin:         AS28762
mnt-by:         AWAX-MNT
source:         RIPE # Filtered

route:          83.69.233.0/24
descr:          NOC
origin:         AS28762
mnt-by:         AWAX-MNT
source:         RIPE # Filtered

Friday, December 23, 2011

Mediashifting.com

Mediashifting.com is the latest ClickSystem homepage hijacker and redirector. This domain was registered only 4 days (!!!) ago and have estimate traffic nearly 30000 visitors\hour. This is the result of rootkits and trojan horses activity, that replaces Google and Yahoo search results with Mediashifting.com bogus search ad's. We recommend to download Spyware Doctor in order to eliminate Mediashifting virus and other trojans ans spyware.



Mediashifting.com domain and server details:
Registration Service Provided By: HIGH HOSTING ENTERPRISES, INC
Contact: +001.8503682092
Website: http://highhosting.net

Domain Name: MEDIASHIFTING.COM

Registrant:
    MarkToner
    Mark Toner        ()
    Red Sqear
    Moscow
    Moscow,000105
    RU
    Tel. +7.79254443322

Creation Date: 19-Dec-2011 
Expiration Date: 19-Dec-2012

Domain servers in listed order:
    ns1.sitelutions.com
    ns2.sitelutions.com
    ns3.sitelutions.com
    ns4.sitelutions.com

Administrative Contact:
    MarkToner
    Mark Toner        ()
    Red Sqear
    Moscow
    Moscow,000105
    RU
    Tel. +7.79254443322

Technical Contact:
    MarkToner
    Mark Toner        ()
    Red Sqear
    Moscow
    Moscow,000105
    RU
    Tel. +7.79254443322

Billing Contact:
    MarkToner
    Mark Toner        ()
    Red Sqear
    Moscow
    Moscow,000105
    RU
    Tel. +7.79254443322

Status:LOCKED

Thursday, December 22, 2011

Whatsinnews.com, Thenightrain.com and others

Whatsinnews.com, Thenightrain.com and others are malicious hijackers that uses trojan horse and rootkit to replace your homepage and hijack search results. We recommend to use strong and safe antimalware kit to get rid of search engine \ homepage hijacker. Download Spyware Doctor to get rid of:


Thenewstoday.net
Thewebtimes.net
Newsranch.net
Frontwebpage.net
Thenightrain.com
Thewebplane.com
Thealltimes.com
101news.net
Businessite.net
Bywill.net
Goingonearth.com
Webplains.net
Whatsinnews.com
Whatsinstores.net


Thenewstoday.net domain details:

Email Search:
is associated with about 247,981 domains
Registrar History:
1 registrar
NS History:
1 change on 2 unique name servers over 1 year.
IP History:
2 changes on 2 unique IP addresses over 1 years.
Whois History:
16 records have been archived since 2010-06-27 .
Reverse IP:
3 other sites hosted on this server.
Log In or Create a FREE account to start monitoring this domain name

Registrant:
 Contact Privacy Inc. Customer 0124189567
 96 Mowat Ave
 Toronto, ON M6K 3M1
 CA

 Domain name: WHATSINNEWS.COM

 Administrative Contact:
    Contact Privacy Inc. Customer 0124189567,  
    96 Mowat Ave
    Toronto, ON M6K 3M1
    CA
    +1.4165385457
 Technical Contact:
    Contact Privacy Inc. Customer 0124189567,  
    96 Mowat Ave
    Toronto, ON M6K 3M1
    CA
    +1.4165385457

 Registration Service Provider:
    Hover,
    416.538.5498
    http://help.hover.com

 Registrar of Record: TUCOWS, INC.
 Record last updated on 02-Sep-2011.
 Record expires on 26-Jun-2012.
 Record created on 26-Jun-2010.

 Registrar Domain Name Help Center:
    http://tucowsdomains.com

 Domain servers in listed order:
    NS2.HOVER.COM  
    NS1.HOVER.COM  

 Domain status: clientTransferProhibited
                clientUpdateProhibited

This domain's privacy is protected by contactprivacy.com. To reach the domain contacts, please
go to http://www.contactprivacy.com and follow the instructions.



Wednesday, December 21, 2011

Blueseek.com

Blueseek.com is the typical hijacker landing page that uses trojan horses and rootkits to redirect searches to www.blueseek.com. To get rid of this nasty malware and related trojans - download Spyware Doctor.

Blueseek.com screenshot:


Blueseek.com domain details:
Registrar History:
2 registrars
NS History:
4 changes on 4 unique name servers over 7 years.
IP History:
5 changes on 4 unique IP addresses over 7 years.
Whois History:
655 records have been archived since 2006-02-09 .
Reverse IP:
147 other sites hosted on this server.
Log In or Create a FREE account to start monitoring this domain name

Domain Services Provided By:
      Success inc.,
      http://www.thriftys.com

Registrant:
   c/o BLUESEEK.COM
   P.O. Box 821650
   Vancouver, WA  98682
   US

   Registrar: DOTSTER
   Domain Name: BLUESEEK.COM
      Created on: 07-AUG-02
      Expires on: 08-AUG-12
      Last Updated on: 19-JUL-11

   Administrative Contact:
     
      c/o BLUESEEK.COM
      P.O. Box 821650
      Vancouver, WA  98682
      US
      +1.360-449-5933

   Technical Contact:
     
      c/o BLUESEEK.COM
      P.O. Box 821650
      Vancouver, WA  98682
      US
      +1.360-449-5933

   Domain servers in listed order:
      NS1.SPONSORONE.COM
      NS2.SPONSORONE.COM

Weeklycontestwinner.org

Weeklycontestwinner.org is the latest scam web-site that informs users that they won prizes (iPad's, money, gift certificates e.t.c). Weeklycontestwinner.org uses rootkits and mieleading mechanisms to drive traffic to internal landing pages. Some trojan horses may hijack your browser and redirect all searches to http://weeklycontestwinner.org scam page. We recommend to use Spyware Doctor in order to get rid of this nasty hijacker.

Weeklycontestwinner.org domain and server details:


Domain ID:D161304040-LROR
Domain Name:WEEKLYCONTESTWINNER.ORG
Created On:24-Jan-2011 23:58:25 UTC
Last Updated On:26-Mar-2011 03:51:00 UTC
Expiration Date:24-Jan-2012 23:58:25 UTC
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:55c71c29917ddc73
Registrant Name:Whois  Agent
Registrant Organization:Whois Privacy Protection Service, Inc.
Registrant Street1:PMB 368, 14150 NE 20th St - F1
Registrant Street2:
Registrant Street3:
Registrant City:Bellevue
Registrant State/Province:WA
Registrant Postal Code:98007
Registrant Country:US
Registrant Phone:+1.4252740657
Registrant Phone Ext.:
Registrant FAX:+1.4259744730
Registrant FAX Ext.:
Registrant Email:
Admin ID:55c71c29917ddc73
Admin Name:Whois  Agent
Admin Organization:Whois Privacy Protection Service, Inc.
Admin Street1:PMB 368, 14150 NE 20th St - F1
Admin Street2:
Admin Street3:
Admin City:Bellevue
Admin State/Province:WA
Admin Postal Code:98007
Admin Country:US
Admin Phone:+1.4252740657
Admin Phone Ext.:
Admin FAX:+1.4259744730
Admin FAX Ext.:
Admin Email:
Tech ID:55c71c29917ddc73
Tech Name:Whois  Agent
Tech Organization:Whois Privacy Protection Service, Inc.
Tech Street1:PMB 368, 14150 NE 20th St - F1
Tech Street2:
Tech Street3:
Tech City:Bellevue
Tech State/Province:WA
Tech Postal Code:98007
Tech Country:US
Tech Phone:+1.4252740657
Tech Phone Ext.:
Tech FAX:+1.4259744730
Tech FAX Ext.:
Tech Email:
Name Server:DNS1.NAME-SERVICES.COM
Name Server:DNS2.NAME-SERVICES.COM
Name Server:DNS3.NAME-SERVICES.COM
Name Server:DNS4.NAME-SERVICES.COM
Name Server:DNS5.NAME-SERVICES.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

Monday, December 19, 2011

Mydomainadvisor.com hijacker \ redirector

Mydomainadvisor.com boosters do not consult opinion of most of its visitors whether they want to see the page repeatedly. Instead,they have concocted generic malware that breaks through weak PC protection mechanisms primarily targeting Windows computers. Once entering into attacked machine the infection creates registry startup values to run independently and be able to launch browser at infected PC.
Its payload is focused on redirecting user to the above webpage. In response, most of the people suffering of the redirect are struggling to remove Mydomainadvisor.com by changing, adjusting favorite browser etc. All they actually need is to get rid of Mydomainadvisor.com related virus (the program described above).
Click here to eliminate bad habit of your browser(s) grafted by cyber disease that is subject to elimination on completing free scan; simply order removal of all the threats as disclosed by free scanner.


Mydomainadvisor.com domain and server details:
Registrant:
 Visicom Media inc.
 6200 Boul Taschereau
 Office 304
 Brossard, Quebec J4W 3J8
 CA
 450-672-0401
Fax:450-672-9586

Domain Name: MYDOMAINADVISOR.COM

Administrative Contact:
 Tremblay, Dominique
 6200 Taschereau blvd. #304
 Brossard, Quebec J4W 3J8
 CA
 450-672-0401x229
Fax:450-672-9586

Technical Contact:
 Khettaf, Mohamed
 6200 Taschereau
 suite 304
 Brossard, quebec j4w 3j8
 CA
 450-672-0401

Record expires on 02-03-2012
Record created on 02-03-2011

Domain servers in listed order:
        NS1.NATIONAL-NET.COM        216.201.81.254
        NS2.NATIONAL-NET.COM        66.115.136.4

Friday, December 16, 2011

Lightssearch.net and other search redirection web-sites

Lightssearch.net is the typical search engine redirection web-site. It might use trojan horses to replace google\yahoo\bing search and redirect you to this non-informative web-site with lots of ad's. We discovered that the same person who register lightssearch.net domain, registered also dozens of other domains to drive search redirections traffic on it. We strongly recommend to provide full PC scan using Spyware Doctor and remove lightssearch.net and it's variants.

Lightssearch.net variants:
alfsearch.net, allertsearch.net, ballsearch.net, basic-search.net, billysearch.net, boksearch.net, cipsearch.net, clipssearch.net, coldsearch.net, cutsearch.net, farsearch.net, flagsearch.net, funclipsearch.net, funcsearch.net, funssearch.net, gladsearch.net, good4usearch.net, goodasksearch.net, goodtasksearch.net, kisssearch.net, lessearch.net, liedersearch.net, lightssearch.net, macsearch.net, midllesearch.net, njksearch.net, nobelsearch.net, noodsearch.net, noysearch.net, pensearch.net, poolsearch.net, risksearch.net, searchbif.net, searchdoom.net, searchdynamic.net, searchfog.net, searchgas.net, searchorder.net, searchput.net, searchsuport.net, supersearchport.net, supersearchs.net, supsearch.net, villasearch.net, yokosearch.net





Thursday, December 15, 2011

Searchclass.com and PrimoSearch.com

Searchclass.com and PrimoSearch.com are typical hijacker that uses misleading shemes to infect your PC and redirect to it's landing pages. Use Spyware Doctor anti-virus and anti-malware to completely remove all search engine redirections, including Searchclass.com and  PrimoSearch.com malware websites.

Searchclass.com screenshot:


PrimoSearch.com domain details:

 Domain Services Provided By:
      Success inc.,
      http://www.thriftys.com

Registrant:
   c/o PRIMOSEARCH.COM
   P.O. Box 821650
   Vancouver, WA  98682
   US

   Registrar: DOTSTER
   Domain Name: PRIMOSEARCH.COM
      Created on: 26-AUG-02
      Expires on: 26-AUG-12
      Last Updated on: 06-AUG-11

   Administrative Contact:
     
      c/o PRIMOSEARCH.COM
      P.O. Box 821650
      Vancouver, WA  98682
      US
      +1.360-449-5933

   Technical Contact:
     
      c/o PRIMOSEARCH.COM
      P.O. Box 821650
      Vancouver, WA  98682
      US
      +1.360-449-5933

   Domain servers in listed order:
      NS1.SPONSORONE.COM
      NS2.SPONSORONE.COM



Tuesday, December 6, 2011

Superiorcheckingonline.com

Superiorcheckingonline.com is the typical search results hijacker and redirector. It use trojan horse to install itself on your PC. Download Spyware Doctor to get rid of www.superiorcheckingonline.com virus.

Superiorcheckingonline.com domain details:
Registrant:
   Heng Tan

   Domain Name: SUPERIORCHECKINGONLINE.COM

   Domain servers in listed order:
      NS71.DOMAINCONTROL.COM
      NS72.DOMAINCONTROL.COM

www.todaysnews10.com

www.todaysnews10.com is the scam-website that copies NBC Online news-page. Hackers can promode todaysnews10.com through different misleading schemes such as spam, rootkits, trojan horse installations. Todaysnews10.com leads you to fake Job-At-Home web-site that will give you nothing but problems. Use StopZilla to scan your computer for free and remove Todaysnews10.com browser hijacker and related threats.



Todaysnews10.com domain and server details:

Registrant Contact:
   bai hong
   hong bai 
   +86.2133651254 fax: +86.2133651254
   Shang Hai zha Bei Distract
   Shang hai Shanghai 200085
   cn

Administrative Contact:
   hong bai 
   +86.2133651254 fax: +86.2133651254
   Shang Hai zha Bei Distract
   Shang hai Shanghai 200085
   cn

Technical Contact:
   hong bai 
   +86.2133651254 fax: +86.2133651254
   Shang Hai zha Bei Distract
   Shang hai Shanghai 200085
   cn

Billing Contact:
   hong bai 
   +86.2133651254 fax: +86.2133651254
   Shang Hai zha Bei Distract
   Shang hai Shanghai 200085
   cn

DNS:
ns1.dnsrw.com
ns2.dnsrw.com

Created: 2011-09-12
Expires: 2012-09-12

Saturday, December 3, 2011

Yellowise.com removal

Yellowise.com (Search.yellowise.com) is the typical search hijacker \redirector that uses deceptive schemes (rootkit infections) to install itself, replace your homepage and redirect Google\Yahoo searches to own landing pages. Use Spyware Doctor to get rid of yellowise.com malware.

Yellowise.com screenshot:


Yellowise.com technical details:

Registrant:
   Inuvo

   Domain Name: YELLOWISE.COM

   Domain servers in listed order:
      NS10.OZLINE.NET
      NS11.OZLINE.NET
      NS15.INUVO.COM
      NS16.INUVO.COM



Friday, December 2, 2011

Removal of Startsearcher.com browser hijacker

Startsearcher.com captures browsers through special agent. The agent follows the instructions on the method of interference into browser processes.
As a rule, the agent is programmed to detect instances of Google and similar engines opening. Then it switch on a re-routing scheme, closing the requested url and presenting the one specified in this post. Remove Startsearcher.com browser capturer for the sake of free access to the websites you prefer.
The infection targets the root of computer system, which makes it extremely difficult to detect and contain. The point is that a rootkit is a kind of infection that enjoys ultimate powers similar to that of genuine computer system. Click the free scan link to get rid of Startsearcher.com browser capturer applying advanced anti-rootkit and browser cleanup technologies.


Technical details:
Registration Service Provided By: Namecheap.com
Contact:
Visit: http://namecheap.com
       
Domain name: startsearcher.com


Registrant Contact:
   Objectify Media, Inc.
   David Jeffries ()
  
   Fax:
   1099 Sunset Dr.
   441
   Kelowna, S V1Y9Z2
   CA


Administrative Contact:
   Objectify Media, Inc.
    Jeffries ()
   +1.6046135608
   Fax: +1.5555555555
   1099 Sunset Dr.
   441
   Kelowna, S V1Y9Z2
   CA


Technical Contact:
   Objectify Media, Inc.
   David Jeffries ()
   +1.6046135608
   Fax: +1.5555555555
   1099 Sunset Dr.
   441
   Kelowna, S V1Y9Z2
   CA


Status: Locked


Name Servers:
   ns12.zoneedit.com
   ns13.zoneedit.com
   ns9.zoneedit.com
  
Creation date: 16 Jun 2010 22:59:00
Expiration date: 16 Jun 2016 17:59:00