Sunday, March 25, 2012

Start.funmoods.com

http://start.funmoods.com is imposed on user in extremely aggressive way. For that purpose, online traps are widely used. Those devices lure a web-surfer to open the aforementioned link describing it as something totally unrelated to what it actually is e.g. interesting video.Start.funmoods.com results from Funmoods Toolbar - well-known and annoying BHO (Browser Helper Object).
In the meantime, the main source for redirects is a hijacker, which is injected into boot sector of target PC. The infection is not easy to detect and exterminate. Removal of Start.funmoods.com includes, but is not limited to, browser infection. Get rid of Start.funmoods.com browser infection remembering the rogue, although is designed to adjust your web-surging in annoying way, is stored outside your browser. Click here to launch free memory examination followed by the removal of Start.funmoods.com, which is a common cause of Google redirects and multiple browser related issues.

Start.funmoods.com screenshot:



Start.funmoods.com domain and server details:
Registrant:
   Volo-Net Ltd.

   Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
   Domain Name: FUNMOODS.COM

   Domain servers in listed order:
      NS0.COOLDNS.NET
      NS1.COOLDNS.NET
      NS2.COOLDNS.NET
      NS3.COOLDNS.NET
      NS4.COOLDNS.NET
      NS5.COOLDNS.NET
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Wednesday, March 21, 2012

Lookbreath.com

http://lookbreath.com is the web-site that sells fake watches (replicas),  it is closely related to Google redirect virus (Zeroaccess rootkit variant). This virus installs special malware to redirect all your search querries and replace Google \ Bing\ Yahoo search results. Download and install Spyware Doctor to e;iminate redirect virus and Lookbreath.com redirections. 

Lookbreath.com screenshot:

Lookbreath.com domain \ server details:
Service Provided By: Center of Ukrainian Internet Names
Website: http://www.ukrnames.com
Contact: +380.577626123

Domain Name: LOOKBREATH.COM

Creation Date: 15-Mar-2012
Modification Date: 15-Mar-2012
Expiration Date: 15-Mar-2013

Domain servers in listed order:
ns1.namemix.ru
ns2.namepick.ru

Registrant:
Olga Golubeva
ul. Pushkina 98 56
Barnaul, 656000
RUSSIAN FEDERATION
+7.3852784565

Billing Contact:
Olga Golubeva
ul. Pushkina 98 56
Barnaul, 656000
RUSSIAN FEDERATION
+7.3852784565

Administrative Contact:
Olga Golubeva
ul. Pushkina 98 56
Barnaul, 656000
RUSSIAN FEDERATION
+7.3852784565

Technical Contact:
Olga Golubeva
ul. Pushkina 98 56
Barnaul, 656000
RUSSIAN FEDERATION
+7.3852784565

Status: ok

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Wednesday, March 14, 2012

Searchrun.com

To eliminate Searchrun.com redirect virus please download and install automated uninstaller. Click here to start Spyware Doctor download process.

Searchrun.com screenshot:


Searchrun.com server \ domain details:
Domain name: searchrun.com
Administrative Contact:
   www.SharpRegister.com
   Norman Stafford ()
   +1.3016590300
   Fax:
   PO Box 401
   Newburg, MD 20664
   US
Technical Contact:
   www.SharpRegister.com
   Norman Stafford ()
   +1.3016590300
   Fax:
   PO Box 401
   Newburg, MD 20664
   US
Registrant Contact:
   www.SharpRegister.com
   Norman Stafford ()
      Fax:
   PO Box 401
   Newburg, MD 20664
   US
Status: Locked
Name Servers:
   ns1.parked.com
   ns2.parked.com
Creation date: 01 Apr 2003 20:07:28
Expiration date: 01 Apr 2012 19:07:00
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Shoppinghornet.com

Your browser keeps redirecting to Shoppinghornet.com and other suspicious web-sites? Probably your PC is infected by virus (rootkit or trojan horse). Remember that redirections is not the one symptom the infection: it may secretly install other malware, slow-down computer perfomance and display ad's. Download Spyware Doctor to eliminate Shoppinghornet.com and related malware.

Shoppinghornet.com snapshot:


Shoppinghornet.com domain \ server details:
Domain shoppinghornet.com:
  Whois Privacy Services Pty Ltd
  Domain Hostmaster, Customer ID : 77460295606024
 
  PO Box 923
  Fortitude Valley QLD 4006 AU

Administrative contact:
Technical contact:
Billing contact:
  Whois Privacy Services Pty Ltd
  Domain Hostmaster, Customer ID : 77460295606024
 
  PO Box 923
  Fortitude Valley QLD 4006 AU
  Phone: Phone: +61.730070090
  Fax: Phone: +61.730070091

Record dates:
  Record created on: 2009-12-01 05:43:13 UTC
  Record modified on: 2011-11-25 20:48:53 UTC
  Record expires on: 2012-12-01 UTC

Nameservers:
  myns1.fabulous.com:
    208.48.81.136
  myns2.fabulous.com:
    208.48.81.137

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Tuesday, March 13, 2012

Addedsuccess.com (Addedsuccess Redirector)

Addedsuccess (Addedsuccess.com) is the browser hijacker \ redirector designed to replace your homepage and generate fake search results and popup ad's. Remove Addedsuccess.com redirector using free-scan uninstaller.

Addedsuccess.com domain \ server details:
Registrant:
   Domains By Proxy, LLC

   Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
   Domain Name: ADDEDSUCCESS.COM

   Domain servers in listed order:
      NS73.DOMAINCONTROL.COM
      NS74.DOMAINCONTROL.COM
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Sunday, March 11, 2012

Results.guggle.com

Results.guggle.com (guggle.com) appears that often because of the support provided by special infection. The infection is crafted together to deal with browser of any kind. It also detects devices responsible for connectivity on host PC and interferes with them.
Apart from unwanted loading of the above url victims of the scam experience sudden interruption of network connection that annoy no less than the above page appearing instead of the pages actually demanded by user.
Removal of Results.guggle.com is not to be reduced to blocking the above url. It is fallacy to try blacklisting the url in your browser. All such measures could achieve would be disabled network connections, and the site forbidden will be restored as an allowed destination due to the hijacker’s inference.
Evidently, the root of malware is to be targeted, which is the browser hijacker. Get rid of Results.guggle.com browser malware and other threats regardless of their mission – click the free scan link

Results.guggle.com technical \ domain details:
Domain guggle.com:
  Mountainside, LLC
  Edith Solomon Building Mainstreet PO Box 636
  Charlestown, N/A N/A KN

Administrative contact:
Technical contact:
Billing contact:
  Mountainside, LLC
  Domain Admin
 
  Edith Solomon Building Mainstreet PO Box 636
  Charlestown, N/A N/A KN
  Phone: +1.8694690224
  Fax:

Record dates:
  Record created on: 1999-12-14 05:52:10 UTC
  Record modified on: 2012-01-04 03:46:46 UTC
  Record expires on: 2012-12-14 UTC

Nameservers:
  ns1.above.com:
  ns2.above.com:

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Thursday, March 8, 2012

Searchnu.com

Searchnu.com is one of the websites, which loading into your browser betrays serious infection. The infection that one can identify by repeated loading of the above url is a malicious browser helper object.
Its essentials are installed outside browser though. Some users believe they could get rid of Searchnu.com redirect simply changing one browser to another e.g. Firefox to the Chrome. Unfortunately, they are unpleasantly surprised to find out their method does not work. The reason is that the infection is actually installed outside any browser and hijacks any acting navigation software.
Removal of Searchnu.com hijacker will put an end to various unwanted occurrences, including such annoying experiences as Google search redirect.
Click here to enable free scanner inspect your computer system and clean the redirect parasite in the course of computer memory disinfection.

Searchnu.com screenshot:


Searchnu.com variants:
hxxp://www.searchnu.com/401
hxxp://www.searchnu.com/402
hxxp://www.searchnu.com/403
hxxp://www.searchnu.com/404
hxxp://www.searchnu.com/405
hxxp://www.searchnu.com/406
hxxp://www.searchnu.com/407
hxxp://www.searchnu.com/408
hxxp://www.searchnu.com/409
hxxp://www.searchnu.com/410
hxxp://www.searchnu.com/411
hxxp://www.searchnu.com/412
hxxp://www.searchnu.com/413
hxxp://www.searchnu.com/414
hxxp://www.searchnu.com/415
hxxp://www.searchnu.com/416
hxxp://www.searchnu.com/417
hxxp://www.searchnu.com/418
hxxp://www.searchnu.com/419
hxxp://www.searchnu.com/420
hxxp://www.searchnu.com/421

Searchnu.com domain details:
Registrant:
   Domains By Proxy, LLC

   Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
   Domain Name: SEARCHNU.COM

   Domain servers in listed order:
      NS73.DOMAINCONTROL.COM
      NS74.DOMAINCONTROL.COM
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Saturday, March 3, 2012

Alpha00001.com

Last few days we received a lot of information about Alpha00001.com redirect malicious activity. To get rid of Alpha00001.com redirections and ad's - download free-scan utility.

Alpha00001.com domain and server details:
domain: alpha00001.com
reg_created: 2011-10-12 12:35:25
expires: 2012-10-12 12:35:25
created: 2011-10-12 14:35:27
changed: 2011-12-23 13:39:41
transfer-prohibited: yes
ns0: ns1.alpha00001.com 62.23.9.120
ns1: ns2.alpha00001.com 188.165.58.20
ns2: ns3.alpha00001.com 91.121.20.200
owner-c:
  nic-hdl: FR2781-GANDI
  owner-name: Tuto4PC.com GROUP
  organisation: Tuto4PC.com GROUP
  person: Franck ROSSET
  address: 14 rue Lincoln
  zipcode: 75008
  city: Paris
  country: France
  phone: +33.158365542
  fax: ''
  email:
  lastupdated: 2011-07-05 17:04:24
admin-c:
  nic-hdl: FR2781-GANDI
  owner-name: Tuto4PC.com GROUP
  organisation: Tuto4PC.com GROUP
  person: Franck ROSSET
  address: 14 rue Lincoln
  zipcode: 75008
  city: Paris
  country: France
  phone: +33.158365542
  fax: ''
  email:
  lastupdated: 2011-07-05 17:04:24
tech-c:
  nic-hdl: DK883-GANDI
  organisation: ~
  person: David Keita
  address: 12bis avenue du général de gaulle
  zipcode: 95100
  city: Argenteuil
  country: France
  phone: +33.675641960
  fax: ''
  email:
  lastupdated: 2012-02-18 16:16:11
bill-c:
  nic-hdl: FR2781-GANDI
  owner-name: Tuto4PC.com GROUP
  organisation: Tuto4PC.com GROUP
  person: Franck ROSSET
  address: 14 rue Lincoln
  zipcode: 75008
  city: Paris
  country: France
  phone: +33.158365542
  fax: ''
  email:
  lastupdated: 2011-07-05 17:04:24
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation


Flvdirect.iamwired.net

Flvdirect.iamwired.net is the latest scam-search site. It uses trojan horses and rootkits to replace your homepage and redirect searches to it's internal pages. Download Spyware Doctor to get rid of http://flvdirect.iamwired.net/ malware redirections.


Flvdirect.iamwired.net domain details:
Domain Name: IAMWIRED.NET
Registrar: MONIKER

Registrant [1955610]:
        Moniker Privacy Services
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US

Administrative Contact [1955610]:
        Moniker Privacy Services
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Billing Contact [1955610]:
        Moniker Privacy Services
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Technical Contact [1955610]:
        Moniker Privacy Services
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Domain servers in listed order:

        NS1.P04.DYNECT.NET
        NS2.P04.DYNECT.NET
        NS3.P04.DYNECT.NET
        NS4.P04.DYNECT.NET

        Record created on:        2007-09-21 12:18:41.0
        Database last updated on: 2012-01-13 06:30:07.913
        Domain Expires on:        2012-09-21 12:18:42.0
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation