Thursday, April 26, 2012

Wood-search.net

Wood-search.net is a typical web-page related to Rootkit redirect virus (TDSS, Alureon... e.t.c.). It may hijack your homepage, redirect all searches to Wood-search.net, replace Yahoo\Google search results and search links. We strongly recommend to use automated remover in order to get rid of this annoying infection that may paralize your web-serfing.

Wood-search.net screesnhot:


Wood-search.net technical details:
Service Provided By: P-host.com.ua
Website: www.p-host.com.ua
Contact: +380 (44) 362-19-62

Domain Name: WOOD-SEARCH.NET

Creation Date: 19-Nov-2011
Modification Date: 19-Nov-2011
Expiration Date: 19-Nov-2012

Domain servers in listed order:
ns1.freedns.ws
ns2.freedns.ws
ns3.freedns.ws

Registrant:
Jones Tommy
111111, Sidney, Main street, 1
Sidney, 111111
AUSTRALIA
+61.671234567

Billing Contact:
Jones Tommy
111111, Sidney, Main street, 1
Sidney, 111111
AUSTRALIA
+61.671234567

Administrative Contact:
Jones Tommy
111111, Sidney, Main street, 1
Sidney, 111111
AUSTRALIA
+61.671234567

Technical Contact:
Jones Tommy
111111, Sidney, Main street, 1
Sidney, 111111
AUSTRALIA
+61.671234567

Status: ok

Tuesday, April 24, 2012

Compare.us.com

Compare.us.com is the typical PPC web-site.Some rootkits \ trojans may redirect your google searches (search results link) to Compare.us.com web-site (full of ad's). To remove Compare.us.com and prevent further redirections - download free-scan removal solution.

Compare.us.com snapshot:


Compare.us.com tech details:
Domain ID:CNIC-DO738930
Domain Name:COMPARE.US.COM
Created On:22-Feb-2011 19:32:07 UTC
Last Updated On:15-Feb-2012 18:10:46 UTC
Expiration Date:22-Feb-2013 23:59:59 UTC
Status:TRANSFER PROHIBITED
Registrant ID:ncr-9595161-a70b
Registrant Name:Marcus Cent
Registrant Organization:Marcus Cent
Registrant Street1:Building 1
Registrant Street2:Dubai Media City
Registrant City:Dubai
Registrant State/Province:UAE
Registrant Postal Code:500096
Registrant Country:AE
Registrant Phone:+971.505391057
Registrant Email:
Admin ID:nca-9595162-bdac
Admin Name:Marcus Cent
Admin Organization:Marcus Cent
Admin Street1:Building 1
Admin Street2:Dubai Media City
Admin City:Dubai
Admin State/Province:UAE
Admin Postal Code:500096
Admin Country:AE
Admin Phone:+971.505391057
Admin Email:
Tech ID:nct-9595163-8b9b
Tech Name:Marcus Cent
Tech Organization:Marcus Cent
Tech Street1:Building 1
Tech Street2:Dubai Media City
Tech City:Dubai
Tech State/Province:UAE
Tech Postal Code:500096
Tech Country:AE
Tech Phone:+971.505391057
Tech Email:
Billing ID:ncb-9595164-6646
Billing Name:Marcus Cent
Billing Organization:Marcus Cent
Billing Street1:Building 1
Billing Street2:Dubai Media City
Billing City:Dubai
Billing State/Province:UAE
Billing Postal Code:500096
Billing Country:AE
Billing Phone:+971.505391057
Billing Email:
Sponsoring Registrar ID:7093-NM
Sponsoring Registrar Organization:Name.com LLC
Sponsoring Registrar Street1:P.O. Box 6197
Sponsoring Registrar City:Denver
Sponsoring Registrar State/Province:CO
Sponsoring Registrar Postal Code:80206
Sponsoring Registrar Country:US
Sponsoring Registrar Phone:720-249-2374
Sponsoring Registrar FAX:303-399-3167
Name Server:NS3.CLICKSCO.COM
Name Server:NS1.CLICKSCO.COM
Name Server:NS2.CLICKSCO.COM
DNSSEC:Unsigned

Tuesday, April 17, 2012

Infomoneyservice.com

Infomoneyservice.com is usually visited by infected computers. The infection serves this and other websites by forcing browsers on the compromised machines connecting to the addresses specified in its instructions.
The page is loaded under various circumstances. Users are outraged to the utmost at its loading instead of Google search link as returned in response to the keyword entered by web-surfers. It also blocks popular social networks and mailing websites.
Removal of Infomoneyservice.com is an act of computer memory cleanup. It is not completed by setting browser parameters to default, reinstalling browser or selecting a new one.
Get rid of Infomoneyservice.com once and for all cleaning relevant infection that has taken over your browsers.

Infomoneyservice.com screenshot:


Infomoneyservice.com tech \ domain details:
Registrant:
         Anthonny  +1.7073624479 +1.7073624446
         Network Service
         P.O.Box 160
         Santiago,CA,US 95457

Domain Name:infomoneyservice.com
Record last updated at 2011-07-28 00:46:42
Record created on 6/29/2010
Record expired on 06/29/2012

Domain servers in listed order:
         ns2.onlinenic.net          ns3.onlinenic.net

Administrator:
         P.O.Box 160
         Santiago
         CA,
         US
         95457

         name:(Anthonny)
         mail:() +1.7073624479
         +1.7073624446
         Network Service
Technical Contactor:
         P.O.Box 160
         Santiago
         CA,
         US
         95457

         name:(Anthonny)
         mail:() +1.7073624479
         +1.7073624446
         Network Service
Billing Contactor:
         P.O.Box 160
         Santiago
         CA,
         US
         95457

         name:(Anthonny)
         mail:() +1.7073624479
         +1.7073624446
         Network Service



Monday, April 16, 2012

Text-enhance.com

Text-enhance.com is the web-site that hosts popups and some misleading ad's. If your browser keeps redirecting you to Text-enhance.com or generate popups that leads to this web-site - download automated removal tool to get rid of this malware.

Text-enhance.com screenshot:

Text-enhance.com domain and server details:
Registrant:
   Domains By Proxy, LLC

   Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
   Domain Name: TEXT-ENHANCE.COM

   Domain servers in listed order:
      NS1.P02.DYNECT.NET
      NS2.P02.DYNECT.NET
      NS3.P02.DYNECT.NET
      NS4.P02.DYNECT.NET

Wednesday, April 11, 2012

News15o.net

News15o.net (http://news15o.net/biz/?employment=7323355) is the latest scam web-site designed to force users to leave their contact details to sent spam there and use adress other misleading purpouses. If your browser or search engine links redirects you to http://news15o.net - download automated malware removal solution.

News15o.net screenshot:


News15o.net domain \ server details:
Domain Name: NEWS15O.NET

Creation Date: 03-Apr-2012
Modification Date: 03-Apr-2012
Expiration Date: 03-Apr-2013

Domain servers in listed order:
ns1.storrt.ru
ns2.storrt.ru

Registrant:
Igor Nikenin
ul. B. Pertrovskaya, dom 12, kv 74
Rostov na Donu, 344000
RUSSIAN FEDERATION
+7.4990000000

Billing Contact:
Igor Nikenin
ul. B. Pertrovskaya, dom 12, kv 74
Rostov na Donu, 344000
RUSSIAN FEDERATION
+7.4990000000

Administrative Contact:
Igor Nikenin
ul. B. Pertrovskaya, dom 12, kv 74
Rostov na Donu, 344000
RUSSIAN FEDERATION
+7.4990000000

Technical Contact:
Igor Nikenin
ul. B. Pertrovskaya, dom 12, kv 74
Rostov na Donu, 344000
RUSSIAN FEDERATION
+7.4990000000

Status: ok

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Monday, April 9, 2012

Alive-finder.com

http://alive-finder.com is the latest (detected 07 April) browser redirect destination used by rootkit (TDSS) to drive traffic and than redirect it to ad's or malicious web-sites. Download automated removal tool to remove Alive-finder.com from your browser and prevent further redirections.

http://alive-finder.com screenshot:

 

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Friday, April 6, 2012

Topmarketsfinder.com

Topmarketsfinder.com is the latest search-redirector related to various rootkits and trojans. If browser keeps redirecting you to http://topmarketsfinder.com/ and othe malicious web-sites \ or replacing Google\Yahoo\Bing search result links with this site - download automated removal tool (Antimalware kit) to clean your PC and remove all infections.

Topmarketsfinder.com screenshot:


 Topmarketsfinder.com technical detaills (web-server and domain):
 Registration Service Provided By: BIZZHOSTS
Contact: +093.7740893

Domain Name: TOPMARKETSFINDER.COM

Registrant:
    PrivacyProtect.org
    Domain Admin        ()
    ID#10760, PO Box 16
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Nobby Beach
    null,QLD 4218
    AU
    Tel. +45.36946676

Creation Date: 17-Mar-2012  
Expiration Date: 17-Mar-2013

Domain servers in listed order:
    bizzhosts3.earth.orderbox-dns.com
    bizzhosts3.mars.orderbox-dns.com
    bizzhosts3.mercury.orderbox-dns.com
    bizzhosts3.venus.orderbox-dns.com

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Wednesday, April 4, 2012

Juego.com

Some rootkits may redirect your search traffic to http://juego.com and other web-sites.If your browser keeeps redirecting you to juego.com - download and install StopZilla antimalware.



 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Tuesday, April 3, 2012

Monkeyball.osa.pl

Monkeyball.osa.pl is the typical malware web-site hosted on Polishweb-server. It replaces organic search results and shows commercial ad's. To remove Monkeyball.osa.pl malware - please use automated remover.

Monkeyball.osa.pl screenshot:



Monkeyball.osa.pl server \ domain details:
 DOMAIN NAME:           osa.pl
registrant type:       individual
nameservers:           fork.ert.pl.
                       gummibear.ert.pl.
created:               2006.07.15 06:34:51
last modified:         2012.03.11 11:36:15
renewal date:          2013.07.15 06:34:51

option created:        2011.02.01 00:08:27
option expiration date:       2014.02.01 00:08:27

TECHNICAL CONTACT:
company: Michau Enterprises Limited
street: Chytron 26, Office 21
city: 1075 Nicosia
location: CY
handle: mjp_tech
phone:  +357.22761649
last modified: 2012.01.16

REGISTRAR:
Michau Enterprises Ltd.
Chytron, 26 Street, Office 21, P.C. 1075 Nicosia, Cypr
tel.+357.22761649
fax:+357.22767543
e-mail:

 
 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

Sunday, April 1, 2012

Redirect.ad-feeds.net

Redirect.ad-feeds.net is the latest redirect destination related to trojan horses activity. To eliminate this malware - use automated uninstaller (antimalware suite).

Redirect.ad-feeds.net domain \ server details:
Registrant:
   AdOn Network

   Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
   Domain Name: AD-FEEDS.NET

   Domain servers in listed order:
      PDNS01.DOMAINCONTROL.COM
      PDNS02.DOMAINCONTROL.COM

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

S04.cltrda.com

Cltrda.com (S04.cltrda.com) is the host-destination for popups and advertisment landing. Some trojans and rootkits can generate popups that leads to S04.cltrda.com web-site. Click here to download Spyware Doctor and disable popup ad's.

S04.cltrda.com domain \ server details:
Registrant:
   Domains By Proxy, LLC

   Registered through: GoDaddy.com, LLC (http://www.godaddy.com)
   Domain Name: CLTRDA.COM

   Domain servers in listed order:
      NS1.CLTRDA.COM
      NS2.CLTRDA.COM
      NS3.CLTRDA.COM
      NS4.CLTRDA.COM

 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation