Tuesday, January 31, 2012

Vipsearchs.net

Vipsearchs.net is the latest search engine redirector and browser hijacker related to TDSS and Zeroaccess rootkits, that opens security holes on your PC and redirects to different malicious web-sites. So, Vipsearchs.net belongs to this malware family. We recommend to use Spyware Doctor in order to detect and remove rootkits that causes redirections to Vipsearchs.net and other shady sites.

Vipsearchs.net screenshot:


Vipsearchs.net domain details:
Domain vipsearchs.net

Date Registered: 2011-7-13
Date Modified: 2011-7-13
Expiry Date: 2012-7-13

DNS1: ns-canada.topdns.com
DNS2: ns-uk.topdns.com
DNS3: ns-usa.topdns.com

Registrant
 Private Whois vipsearchs.net
 Private Whois vipsearchs.net
 *******PLEASE DO NOT SEND LETTERS******
 ****Contact the owner by email only****
 c/o vipsearchs.net
 N4892 Nassau
 Bahamas
 Tel: +852.81720004

Administrative Contact
 Private Whois vipsearchs.net
 Private Whois vipsearchs.net
 *******PLEASE DO NOT SEND LETTERS******
 ****Contact the owner by email only****
 c/o vipsearchs.net
 N4892 Nassau
 Bahamas
 Tel: +852.81720004

Technical Contact
 Private Whois vipsearchs.net
 Private Whois vipsearchs.net
 *******PLEASE DO NOT SEND LETTERS******
 ****Contact the owner by email only****
 c/o vipsearchs.net
 N4892 Nassau
 Bahamas
 Tel: +852.81720004

Registrar: Internet.bs Corp.
Registrar's Website : http://www.internetbs.net/

Monday, January 30, 2012

Zinkzo.com

Zinkzo.com is the latest search engine hijacker and redirector. This web-site is related to dozens of others, with the same design and similiar domain details. TDSS rootkit use this sites to redirect your searches from Google \ Bing \ Yahoo and show commercial ad's. We strongly recommend to remove Zinkzo.com redirector using Spyware Doctor (it will also remove the rootkit).

Zinkzo.com screenshot:

Zinkzo.com domain \ server details:
Registrant:
 Corporation Service Company
 Domain Registrar
 2711 Centerville Road Suite 400
 Wilmington, DE 19808
 US
 Email:

 Registrar Name....: CORPORATE DOMAINS, INC.
 Registrar Whois...: whois.corporatedomains.com
 Registrar Homepage: www.cscprotectsbrands.com

 Domain Name: zinkzo.com

 Created on..............: Wed, Sep 02, 2009
 Expires on..............: Sun, Sep 02, 2012
 Record last updated on..: Sun, Feb 13, 2011

 Administrative,Technical Contact:
 Corporation Service Company
 Domain Registrar
 2711 Centerville Road Suite 400
 Wilmington, DE 19808
 US
 Phone: +1.3026365400
 Email:

 DNS Servers:

 dpns2.dnsnameserver.org
 dpns1.dnsnameserver.org
 dpns4.dnsnameserver.org
 dpns3.dnsnameserver.org

Sunday, January 29, 2012

Ahmedriad75.jeeran.com

Ahmedriad75.jeeran.com is a typical redirector landing page that uses dozens of redirects to lead you to other web-sites that may be infected by malicious scripts. Some trojan horses and rootkits may popup ads that leads to ahmedriad75.jeeran.com. Sometimes this web-site may redirect your search queries. We recommend to use Spyware Doctor in order to remove ahmedriad75.jeeran.com hijacker and related infections.

ahmedriad75.jeeran.com screenshots:




Vkernel.org

Vkernel.org is the latest malicious web-site (that use misleading schemes to hijack your browser \ redirect searches) with fake browser update. Don't download this update - your computer will be seriously infected by dangerous trojan horse \ rootkit. Use Spyware Doctor antimalware to remove Vkernel.org redirects and related trojan infections

Vkernel.org screenshots:


Vkernel.org domain details:
Domain ID:D164425595-LROR
Domain Name:VKERNEL.ORG
Created On:18-Jan-2012 14:56:36 UTC
Last Updated On:18-Jan-2012 14:56:36 UTC
Expiration Date:18-Jan-2013 14:56:36 UTC
Sponsoring Registrar:Bizcn.com, Inc. (R1248-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:orgpl26898594625
Registrant Name:Henry Nguyen Gong
Registrant Organization:Privacy-Protect.cn
Registrant Street1:26 Rue Jean Reboul
Registrant Street2:
Registrant Street3:
Registrant City:Nimes
Registrant State/Province:Languedoc-Roussillon
Registrant Postal Code:30900
Registrant Country:FR
Registrant Phone:+33.466583875
Registrant Phone Ext.:
Registrant FAX:+33.466583875
Registrant FAX Ext.:
Registrant Email:
Admin ID:orgpl26898595079
Admin Name:Henry Nguyen Gong
Admin Organization:Privacy-Protect.cn
Admin Street1:26 Rue Jean Reboul
Admin Street2:
Admin Street3:
Admin City:Nimes
Admin State/Province:Languedoc-Roussillon
Admin Postal Code:30900
Admin Country:FR
Admin Phone:+33.466583875
Admin Phone Ext.:
Admin FAX:+33.466583875
Admin FAX Ext.:
Admin Email:
Tech ID:orgpl26898595543
Tech Name:Henry Nguyen Gong
Tech Organization:Privacy-Protect.cn
Tech Street1:26 Rue Jean Reboul
Tech Street2:
Tech Street3:
Tech City:Nimes
Tech State/Province:Languedoc-Roussillon
Tech Postal Code:30900
Tech Country:FR
Tech Phone:+33.466583875
Tech Phone Ext.:
Tech FAX:+33.466583875
Tech FAX Ext.:
Tech Email:
Name Server:NS3.CNMSN.COM
Name Server:NS4.CNMSN.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned


Friday, January 27, 2012

Clkpop.com

Clkpop.com is a malicious web-site that can redirect your searches to it's internal pages and generate tonns of popup ads using rrealted trojan horses. We recommend to remove clkpop.com using Spyware Doctor (free scan).

Domain and server details:
Domain Name: clkpop.com
Registrar: Name.com LLC

Protected Domain Services Customer ID: NCR-3754561

Expiration Date: 2013-01-06 13:00:53
Creation Date: 2012-01-06 13:00:53

Name Servers:
 ns1.adleet.com
 ns2.adleet.com

Domain privacy provided by Protected Domain Services. For more information see
www.protecteddomainservices.com

REGISTRANT CONTACT INFO
Protected Domain Services - Customer ID: NCR-3754561
P.O. Box 6197
Denver
CO
80206
US
Phone: +1.7202492374
Email Address:

ADMINISTRATIVE CONTACT INFO
Protected Domain Services - Customer ID: NCR-3754561
P.O. Box 6197
Denver
CO
80206
US
Phone: +1.7202492374
Email Address:

TECHNICAL CONTACT INFO
Protected Domain Services - Customer ID: NCR-3754561
P.O. Box 6197
Denver
CO
80206
US
Phone: +1.7202492374
Email Address:

BILLING CONTACT INFO
Protected Domain Services - Customer ID: NCR-3754561
P.O. Box 6197
Denver
CO
80206
US
Phone: +1.7202492374
Email Address: 


Thursday, January 19, 2012

Star.feedmixer.org

hxxp://Star.feedmixer.org is the latest search redirection\ hijacker web-site. Use Spyware Doctor to remove it and prevent further Google\Bing redirections and home page replacements.


 Domain and server details:
Domain ID:D159272038-LROR
Domain Name:FEEDMIXER.ORG
Created On:26-May-2010 11:30:40 UTC
Last Updated On:24-May-2011 07:20:25 UTC
Expiration Date:26-May-2012 11:30:40 UTC
Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:CR48823637
Registrant Name:Cem Dulda
Registrant Street1:Seref Efendi Sk. No 38 Nuruosmaniye
Registrant Street2:
Registrant Street3:
Registrant City:Istanbul
Registrant State/Province:Fatih
Registrant Postal Code:34120
Registrant Country:TR
Registrant Phone:+90.5322126088
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:
Admin ID:CR48823642
Admin Name:Cem Dulda
Admin Street1:Seref Efendi Sk. No 38 Nuruosmaniye
Admin Street2:
Admin Street3:
Admin City:Istanbul
Admin State/Province:Fatih
Admin Postal Code:34120
Admin Country:TR
Admin Phone:+90.5322126088
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:
Tech ID:CR48823639
Tech Name:Cem Dulda
Tech Street1:Seref Efendi Sk. No 38 Nuruosmaniye
Tech Street2:
Tech Street3:
Tech City:Istanbul
Tech State/Province:Fatih
Tech Postal Code:34120
Tech Country:TR
Tech Phone:+90.5322126088
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:
Name Server:NS35.DOMAINCONTROL.COM
Name Server:NS36.DOMAINCONTROL.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

Monday, January 16, 2012

Hiddenshopper.com

hXXp://hiddenshopper.com is a typical hijacker\redirector web-site. If your browser redirects you to hiddenshopper.com - your computer is infected with trojan.horse or rootkit. We strongly recommend to remove it using Spyware Doctor and prevent further redirects and popups.

Hiddenshopper.com domain details:
Registrant:
   Paradigm Advertising

   Registered through: Go Daddy
   Domain Name: HIDDENSHOPPER.COM

   Domain servers in listed order:
      NS1279.HOSTGATOR.COM
      NS1280.HOSTGATOR.COM



Tuesday, January 10, 2012

Allertsearch.net

hxxp://allertsearch.net is a typical redirector hijacker that spreads through rootkits  and trojan horses infection. It replaces your homepage and redirects searches. We recommend to use reliable removal solution to get rid of allertsearch.net annoying impact.



allertsearch.net domain details:
Date Registered: 2011-5-25
Date Modified: 2011-11-21
Expiry Date: 2012-5-25

DNS1: ns-canada.topdns.com
DNS2: ns-uk.topdns.com
DNS3: ns-usa.topdns.com

Registrant
 Private Whois allertsearch.net
 Private Whois allertsearch.net
 *******PLEASE DO NOT SEND LETTERS******
 ****Contact the owner by email only****
 c/o allertsearch.net
 N4892 Nassau
 Bahamas
 Tel: +852.81720004

Administrative Contact
 Private Whois allertsearch.net
 Private Whois allertsearch.net
 *******PLEASE DO NOT SEND LETTERS******
 ****Contact the owner by email only****
 c/o allertsearch.net
 N4892 Nassau
 Bahamas
 Tel: +852.81720004

Technical Contact
 Private Whois allertsearch.net
 Private Whois allertsearch.net
 *******PLEASE DO NOT SEND LETTERS******
 ****Contact the owner by email only****
 c/o allertsearch.net
 N4892 Nassau
 Bahamas
 Tel: +852.81720004

Registrar: Internet.bs Corp.
Registrar's Website : http://www.internetbs.net/