Saturday, February 25, 2012

64.15.72.104

64.15.72.104 is the latest malicious destination for your browser. Redirects to http://64.15.72.104 and other suspicious web-sites may be caused by dangerous rootkit \ trojan horse. To remove 64.15.72.104 and other redirects, including related viruses - download StopZilla antimalware with free scan.

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Monday, February 20, 2012

Mntr.babcdn.com

Mntr.babcdn.com is the latest search engine redirect virus that may change browser settings and lead users to malwaretized web-sites. Download Spyware Doctor to stop Mntr.babcdn.com redirections

Mntr.babcdn.comdomain details:

Registrant:
   Babylon GmbH

   Registered through: Go Daddy
   Domain Name: BABCDN.COM

   Domain servers in listed order:
      PDNS01.DOMAINCONTROL.COM
      PDNS02.DOMAINCONTROL.COM
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Prizegiveaway.org

Prizegiveaway.org (http://www.prizegiveaway.org/winner) is the latest scam-website. It makes people believe that they won iPhone 4s. Trojan.Downloader malware generates ad's that leads users to Prizegiveaway.org or \ and redirects to this useles web-site. If your Mac (Safari browser) was infected - use this tool. For Internet Explorer \ Firefox\ Opera \ Chrome browsers - download and install Spyware Doctor.


Prizegiveaway.org snapshot:


Prizegiveaway.org domain and server details:
Domain ID:D163861032-LROR
Domain Name:PRIZEGIVEAWAY.ORG
Created On:14-Nov-2011 05:13:46 UTC
Last Updated On:14-Jan-2012 03:48:20 UTC
Expiration Date:14-Nov-2012 05:13:46 UTC
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:46e2363440a6e2e1
Registrant Name:WhoisGuard  Protected
Registrant Organization:WhoisGuard
Registrant Street1:11400 W. Olympic Blvd. Suite 200
Registrant Street2:
Registrant Street3:
Registrant City:Los Angeles
Registrant State/Province:CA
Registrant Postal Code:90064
Registrant Country:US
Registrant Phone:+1.6613102107
Registrant Phone Ext.:
Registrant FAX:+1.6613102107
Registrant FAX Ext.:
Registrant Email:
Admin ID:c8e46449d151bbf4
Admin Name:WhoisGuard  Protected
Admin Organization:WhoisGuard
Admin Street1:11400 W. Olympic Blvd. Suite 200
Admin Street2:
Admin Street3:
Admin City:Los Angeles
Admin State/Province:CA
Admin Postal Code:90064
Admin Country:US
Admin Phone:+1.6613102107
Admin Phone Ext.:
Admin FAX:+1.6613102107
Admin FAX Ext.:
Admin Email:
Tech ID:31a6123440a6e2e1
Tech Name:WhoisGuard  Protected
Tech Organization:WhoisGuard
Tech Street1:11400 W. Olympic Blvd. Suite 200
Tech Street2:
Tech Street3:
Tech City:Los Angeles
Tech State/Province:CA
Tech Postal Code:90064
Tech Country:US
Tech Phone:+1.6613102107
Tech Phone Ext.:
Tech FAX:+1.6613102107
Tech FAX Ext.:
Tech Email:
Name Server:NS10.DNSMADEEASY.COM
Name Server:NS11.DNSMADEEASY.COM
Name Server:NS12.DNSMADEEASY.COM
Name Server:NS13.DNSMADEEASY.COM
Name Server:NS14.DNSMADEEASY.COM
Name Server:NS15.DNSMADEEASY.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Cbadenoche.com (Cbadenoche virus)

Cbadenoche.com is the latest browser hijacker that replaces Google\Yahoo and targets users from spanish-speaking countries. Redirections and popup' ad's results from rootkit and trojan horses activity, so your PC may be heavily infected. To remove Cbadenoche.com redirect virus - download free-scan uninstaller.
Cbadenoche.com screenshot:


Cbadenoche.com technical details (domain and servers info):
Datttatec.com - Registration Service Provided By: Dattatec.com
Contact: +54 341 599000
Email:
Website: http://www.dattatec.com

Domain name: cbadenoche.com
Creation Date: 2011-12-17
Expiration Date: 2012-12-30

Status(es):
   clientDeleteProhibited
   clientTransferProhibited

Domain Name servers(es):
   dinamic3.cdmon.net
   dinamic2.cdmon.net
   dinamic1.cdmon.net

Registrant conatct:
   Name:    Domain Name Privacy Protection
   Company: Domain Name Privacy Protection
   Email:  
   Address: dattatec.com
            Cordoba 3753 - Rosario
            Santa Fe -Argentina
   Phone  : +54-341-5169000
   Fax    :
  
Admin conatct:
   Name:    Domain Name Privacy Protection
   Company: Domain Name Privacy Protection
   Email:  
   Address: dattatec.com
            Cordoba 3753 - Rosario
            Santa Fe -Argentina
   Phone  : +54-341-5169000
   Fax    :
  
Billing conatct:
   Name:    Domain Name Privacy Protection
   Company: Domain Name Privacy Protection
   Email:  
   Address: dattatec.com
            Cordoba 3753 - Rosario
            Santa Fe -Argentina
   Phone  : +54-341-5169000
   Fax    :
  
Tech conatct:
   Name:    Domain Name Privacy Protection
   Company: Domain Name Privacy Protection
   Email:  
   Address: dattatec.com
            Cordoba 3753 - Rosario
            Santa Fe -Argentina
   Phone  : +54-341-5169000
   Fax    :
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Saturday, February 18, 2012

Asdvd.info

Something keeps redirecting you to Asdvd.info? Don't panic, it's not a big problem but your PC might be infected. Asdvd.info is a fake search engine related to Alureon and TDSS rootkits. Remember that redirections are not single symptom of rootkit infection, it may steal your personal data, install rogue anti-viruses, additional ransomware and trojans. Download Spyware Doctor to get rid of asdvd.info redirect virus as soon as possible.



Asdvd.info technical (domain and server) details:

Domain ID:D45400562-LRMS
Domain Name:ASDVD.INFO
Created On:13-Feb-2012 19:10:04 UTC
Last Updated On:14-Feb-2012 18:54:22 UTC
Expiration Date:13-Feb-2013 19:10:04 UTC
Sponsoring Registrar:GoDaddy.com LLC (R171-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Status:ADDPERIOD
Registrant ID:CR105496519
Registrant Name:Registration Private
Registrant Organization:Domains By Proxy, LLC
Registrant Street1:DomainsByProxy.com
Registrant Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Registrant Street3:
Registrant City:Scottsdale
Registrant State/Province:Arizona
Registrant Postal Code:85260
Registrant Country:US
Registrant Phone:+1.4806242599
Registrant Phone Ext.:
Registrant FAX:+1.4806242598
Registrant FAX Ext.:
Registrant Email:
Admin ID:CR105496521
Admin Name:Registration Private
Admin Organization:Domains By Proxy, LLC
Admin Street1:DomainsByProxy.com
Admin Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Admin Street3:
Admin City:Scottsdale
Admin State/Province:Arizona
Admin Postal Code:85260
Admin Country:US
Admin Phone:+1.4806242599
Admin Phone Ext.:
Admin FAX:+1.4806242598
Admin FAX Ext.:
Admin Email:
Billing ID:CR105496522
Billing Name:Registration Private
Billing Organization:Domains By Proxy, LLC
Billing Street1:DomainsByProxy.com
Billing Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Billing Street3:
Billing City:Scottsdale
Billing State/Province:Arizona
Billing Postal Code:85260
Billing Country:US
Billing Phone:+1.4806242599
Billing Phone Ext.:
Billing FAX:+1.4806242598
Billing FAX Ext.:
Billing Email:
Tech ID:CR105496520
Tech Name:Registration Private
Tech Organization:Domains By Proxy, LLC
Tech Street1:DomainsByProxy.com
Tech Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Tech Street3:
Tech City:Scottsdale
Tech State/Province:Arizona
Tech Postal Code:85260
Tech Country:US
Tech Phone:+1.4806242599
Tech Phone Ext.:
Tech FAX:+1.4806242598
Tech FAX Ext.:
Tech Email:
Name Server:NS1.ASDVD.INFO
Name Server:NS2.ASDVD.INFO

Thursday, February 16, 2012

Utils.montiera.com and Cnfg.montiera.com

Utils.montiera.com and Cnfg.montiera.com are the latest browser redirect destinations. If your Firefox \ IE\ Opera or Chrome browser keeps redirecting you to XXXX.montiera.com - download Spyware Doctor to clean your PC from search engine redirect virus.

Utils.montiera.com and Cnfg.montiera.com domain details:
 Registrant:
   Montera Technologies LTD

   Registered through: Go Daddy
   Domain Name: MONTIERA.COM

   Domain servers in listed order:
      NS31.DOMAINCONTROL.COM
      NS32.DOMAINCONTROL.COM

Saturday, February 11, 2012

System-check.com

www.system-check.com is the latest redirect destination web-page. It may show you fake online virus scan results or some ad popups. Don't believe that System-check.com will help you to remove viruses - it's just the latest scam-site. Download free-scan remover to get rid of System-check.com redirections and popups.

System-check.com domain details:
domain:    system-check.com
created:    24-Mar-2007
last-changed:   25-Mar-2011
registration-expiration:  24-Mar-2012

nserver:    ns57.1and1.com 74.208.2.9
nserver:    ns58.1and1.com 74.208.3.8

status:    CLIENT-TRANSFER-PROHIBITED

registrant-firstname:  Oneandone
registrant-lastname:  Private Registration
registrant-organization:  1&1 Internet, Inc. - http://1and1.com/contact
registrant-street1:  701 Lee Road, Suite 300
registrant-street2:  ATTN: system-check.com
registrant-pcode:  19087
registrant-state:  PA
registrant-city:   Chesterbrook
registrant-ccode:  US
registrant-phone:  +1.8772064254
registrant-email: 

admin-c-firstname:  Oneandone
admin-c-lastname:  Private Registration
admin-c-organization:  1&1 Internet, Inc. - http://1and1.com/contact
admin-c-street1:   701 Lee Road, Suite 300
admin-c-street2:   ATTN: system-check.com
admin-c-pcode:   19087
admin-c-state:   PA
admin-c-city:   Chesterbrook
admin-c-ccode:   US
admin-c-phone:   +1.8772064254
admin-c-email:  

tech-c-firstname:  Oneandone
tech-c-lastname:   Private Registration
tech-c-organization:  1&1 Internet, Inc. - http://1and1.com/contact
tech-c-street1:   701 Lee Road, Suite 300
tech-c-street2:   ATTN: system-check.com
tech-c-pcode:   19087
tech-c-state:   PA
tech-c-city:   Chesterbrook
tech-c-ccode:   US
tech-c-phone:   +1.8772064254
tech-c-email:  

bill-c-firstname:  Oneandone
bill-c-lastname:   Private Registration
bill-c-organization:  1&1 Internet, Inc. - http://1and1.com/contact
bill-c-street1:   701 Lee Road, Suite 300
bill-c-street2:   ATTN: system-check.com
bill-c-pcode:   19087
bill-c-state:   PA
bill-c-city:   Chesterbrook
bill-c-ccode:   US
bill-c-phone:   +1.8772064254
bill-c-email: 

Friday, February 10, 2012

Datingpuma.com (Dating Puma) Redirects

Datingpuma.com generates visits to its pages by means of malicious BHO. The browser helper object applies shady tactics to take over browsing software on target PC. It may be guided and protected by rootkits, but a number of various distribution techniques are used in the wild to inject the redirector onto computer system.
Once installed into PC the rogue analyzes its IP. It discards computers with certain IPs deleting its components, probably because of the requirements to traffic based on geographical criteria.
Removal of Datingpuma.com redirector is typically mentioned in relation to Google access failure. That is, the BHO is instructed to block the useful search engine in favor of the tricky website.
Click the free scan launching link to get rid of Datingpuma.com traffic generator to regain access to your favorite websites and quite the bad habit of opening unwanted pages.

Datingpuma.com screenshot:


 Datingpuma.com domain details:









Email Search:
is associated with about 16,362 domains
Registrar History:
1 registrar
NS History:
2 changes on 3 unique name servers over 2 years.
IP History:
4 changes on 2 unique IP addresses over 2 years.
Whois History:
19 records have been archived since 2010-08-09 .
Reverse IP:
21 other sites hosted on this server.
Log In or Create a FREE account to start monitoring this domain name

Domain Name: DATINGPUMA.COM

Abuse email:

This domain is not owned by WhoisProtectService.
WhoisProtectService only provides a proxy service for our customers personal contact
information.
For any complaints concerning this domain please visit http://whoisprotectservice.net

Registrant:
    Proxy Private Registration        
    WhoisProtectService.net
    ATTN: Private Registrations
    27 Old Gloucester street
    London WC1N 3AX
    United Kingdom
    +44.02074195061

Registered Through:
    AdvancedHosters.com (http://www.AdvancedHosters.com)

Administrative Contact:
    Proxy Private Registration        
    WhoisProtectService.net
    ATTN: Private Registrations
    27 Old Gloucester street
    London WC1N 3AX
    United Kingdom
    +44.02074195061

Technical Contact:
    Proxy Private Registration        
    WhoisProtectService.net
    ATTN: Private Registrations
    27 Old Gloucester street
    London WC1N 3AX
    United Kingdom
    +44.02074195061

Billing Contact:
    Proxy Private Registration        
    WhoisProtectService.net
    ATTN: Private Registrations
    27 Old Gloucester street
    London WC1N 3AX
    United Kingdom
    +44.02074195061

Name Server: NS1.DATINGPUMA.COM


Kona40.kontera.com

Kona40.kontera.com is the latest browser redirect destination. Some trojans can lead ALL your searches to Kona40.kontera.com internal pages with ad's. We recommend to remove these trojans using Spyware Doctor antimalware.

Domain technical details:
Registrant:
Kontera Technologies
   1550 Bryant St.
   Suite 490
   San Francisco, CA 94103
   US

   Domain Name: KONTERA.COM

   Administrative Contact, Technical Contact:
      Admin, Kontera               
      1550 Bryant st
      San Francisco, CA 49013
      US
      415-558-7780

   Record expires on 23-Oct-2015.
   Record created on 23-Oct-2002.

   Domain servers in listed order:

   DNS11.COTDNS.NET            
   DNS12.COTDNS.NET            
   DNS13.COTDNS.NET            
   DNS14.COTDNS.NET

Wednesday, February 8, 2012

Abnow.com

Abnow.com could be quite harmless and even somewhat useful url, if its visits were not in their majority induced by redirect viruses. Experts assessed outbound traffic to the website as mostly consisting of the same visitors. Such disproportion of unique visitors and page impressions suggested the repeated visits from the same IP were nor deliberate acts of users.
Removal of Abnow.com is a popular topic raised on computer security related forums. That is another clear evidence for the website relying on redirect agents.
Several variants of redirects specific to the websites have been observed in the wild. Fortunately, a single technique of computer cleanup enables users to get rid of Abnow.com re-routing issue. The method is available with free scanner right here


Abnow.com domain details:

Domain abnow.com:
  Whois Privacy Services Pty Ltd
  Domain Hostmaster, Customer ID : 13451161463754
 
  PO Box 923
  Fortitude Valley QLD 4006 AU

Administrative contact:
Technical contact:
Billing contact:
  Whois Privacy Services Pty Ltd
  Domain Hostmaster, Customer ID : 13451161463754
 
  PO Box 923
  Fortitude Valley QLD 4006 AU
  Phone: Phone: +61.730070090
  Fax: Phone: +61.730070091

Record dates:
  Record created on: 1999-09-01 19:15:09 UTC
  Record modified on: 2011-07-27 17:31:07 UTC
  Record expires on: 2012-09-01 UTC

Nameservers:
  ns2.smartname.com:
    204.228.229.171
  ns1.smartname.com:
    204.228.229.170

Monday, February 6, 2012

Just4hookup.com

Just4hookup.com is the latest browser hijacker \ redirector related to dangerous rootkit. Download Spyware Doctor to get rid of  of Just4hookup.com redirects.

Just4hookup.com screenshot:


Just4hookup.com domain details:
Reverse Whois:
"Todd Reiley" owns about7 other domains
Email Search:
is associated with about 8 domains
NS History:
1 change on 2 unique name servers over 0 year.
IP History:
3 changes on 4 unique IP addresses over 0 years.
Whois History:
7 records have been archived since 2012-01-06 .
Reverse IP:
5 other sites hosted on this server.
Log In or Create a FREE account to start monitoring this domain name

DomainTools for Windows®

Now you can access domain ownership records anytime, anywhere... right from your own desktop! Download Now>

Get your domains at Name.com.

Domain Name: just4hookup.com
Registrar: Name.com LLC

Expiration Date: 2013-01-05 04:36:31
Creation Date: 2012-01-05 04:36:31

Name Servers:
 ns1.name.com
 ns2.name.com
 ns3.name.com
 ns4.name.com

REGISTRANT CONTACT INFO
Todd Reiley
Todd Reiley
4401 N Federal Hwy #204
Boca Raton
Florida
33431
US
Phone: +1.5613953771
Email Address:

ADMINISTRATIVE CONTACT INFO
Todd Reiley
Todd Reiley
4401 N Federal Hwy #204
Boca Raton
Florida
33431
US
Phone: +1.5613953771
Email Address:

TECHNICAL CONTACT INFO
Todd Reiley
Todd Reiley
4401 N Federal Hwy #204
Boca Raton
Florida
33431
US
Phone: +1.5613953771
Email Address:

BILLING CONTACT INFO
Todd Reiley
Todd Reiley
4401 N Federal Hwy #204
Boca Raton
Florida
33431
US
Phone: +1.5613953771
Email Address:

Wednesday, February 1, 2012

Askthecrew.net

If browser keeps redirecting you to Askthecrew.net and other similiar web-sites - your PC is infected with Redirect Virus\Rootkit. We recommend to use Spyware Doctor in order to detect and eliminate this annoying malware. Remember that Askthecrew.net manual removal (changing your browsers settings) will not delete the reason of frequent redirections. 

Askthecrew.net screenshot:


 Askthecrew.net domain details:
 Registrant:
   Domains By Proxy, LLC

   Registered through: Go Daddy
   Domain Name: ASKTHECREW.NET

   Domain servers in listed order:
      NS31.DOMAINCONTROL.COM
      NS32.DOMAINCONTROL.COM


Remove Searchcore.net

Searchcore.net does not ask user’s permission to get loaded into browser. The permit is issued by another authority, which is a hijacker infection. Its mission is to take over software responsible for navigation through the worldwide web on affected machines (any PC , once the hijacker has integrated itself into it, is an affected machine). In the other words, every browser installed on your Pc is recognized by the infection for the purpose of gaining control over every tool for Internet surfing.
In that connection, removal of Searchcore.net is by mistake considered by some self-announced malware experts and therefore by users a problem related to single specific browser only. What is worse, some victims do believe they only need to change their current browser to another, say, IE to Google Chrome – and the problem is gone.
The solution is different, but somewhat even simpler though. What a victim of repeated redirects to the above url needs is simply get rid of Searchcore.net hijacker, which is the malicious controller affecting every browser. Click here to get free scanner installed in order to quickly and safely detect, and get rid of, the web related infection, as well as other parasites detected on your PC. 

Searchcore.net screenshot:


Searchcore.net domain details:
 Registrant:
   Domains By Proxy, LLC

   Registered through: Go Daddy
   Domain Name: SEARCHCORE.NET

   Domain servers in listed order:
      NS65.DOMAINCONTROL.COM
      NS66.DOMAINCONTROL.COM