Softenza.com

By JubileeX in Browser Hijackers

If your browser is redirecting you to Softenza.com, you need to be extremely cautious. Softenza.com is malicious website, and if your browser is going there apparently on its own, your computer is infected with a hijacker. If your browser is not redirecting you to the site, do not attempt to visit Softenza.com for any reason.

Softenza.com, the Website

There are two things that are usually referred to as Softenza.com: one is the malicious website, which promotes the fake security software Antimalware GO, and the other is the hijacker that causes your browser to redirect to that site. As a site, Softenza.com is extremely bland, with a light blue color scheme, a very plain-looking yellow shield logo, and just enough faked content to look sort of like a website. There are testimonials, basic malware terminology definitions, and some fake customer support resources, as well as the tired slogan "Standing sentinel on the safeguard of your PC," which appears on all of the malicious sites for rogue anti-virus applications related to AntiVira Av. Ultimately, because Antimalware Go is just a clone of AntiVira Av and part of the same scam, Softenza.com is a clone of the AntiVira Av sites. The only new thing on Softenza.com is that it offers three tiers of fake anti-virus service, from $49.95 to $69.95, instead of just one!

The Softenza.com Hijacker

Really there are two reasons why you might find yourself at Softenza.com without intending to go there. Antimalware Go, the fake anti-virus software supported by Softenza.com, may direct you to that site in order to "activate" the malware, as part of its scam. On the other hand, if your computer is infected with the Softenza.com hijacker, you will constantly find that you wind up at Softenza.com instead of whatever site you are actually trying to visit. The hijacker will also prevent you from viewing some sites, and will display a security alert instead of the page you're trying to look at. Finally, although the browser redirection is the most common symptom of infection with the Softenza.com hijacker, the hijacker will also cause pop-up alerts and advertising which may claim that your computer has infections that can only be removed by Antimalware Go, or maybe even that Antimalware Go is offering a free trial download, etc. It may not sound like much, but in extreme circumstances the Softenza.com hijacker can be extremely disruptive and cause a computer to crash. After all, Softenza.com does make changes to the registry and to the Internet settings, and those aren't things to take lightly.
 
If your computer is infected with the Softenza.com hijacker, chances are, you don't know how it happened. In order to infiltrate PC's, the hijacker takes advantage of drive-by downloads on malicious sites, as well as hiding itself with ordinary-looking downloads and possibly even in spam email attachments. The hijacker is known to exploit security holes in common programs, especially. Regardless of how Softenza.com came to be on your computer, the most important thing is not to believe what the hijacker may tell you and not to pay for Antimalware Go.

Detailed Information About Softenza.com

At the time of this writing, Softenza.com is hosted on a dedicated server at IP address 77.79.10.34, located in Lithuania. The site was registered on February 26, 2011, to Protected Domain Services of Denver, Colorado, through Bizcn.com, Inc. However, given the shady nature of Softenza.com, it is likely that the people behind this Russian scam are using a variety of Internet tools and stolen information to conceal their identity, making it unlikely that the registration information for Protected Domain Services reflects reality. The domain Softenza.net is also registered, making it likely that Softenza.com will be (or is) being used to support the same Antimalware Go scam.

File System Details

Softenza.com may create the following file(s):
# File Name Detections
1. %Temp%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
2. %Temp%\[RANDOM CAHARACTERS]\

Registry Details

Softenza.com may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:33440"
Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\[RANDOM CHARACTERS]

Trending

Most Viewed

Loading...