Description is a malicious website, and if your browser keeps taking you to that site on its own, you probably know by now that something is wrong. supports a fake security program called Antimalware Go, and you should not visit the site voluntarily for any reason.

If you have tried to research, you may have noticed that although is the name of a website, generally seems to be referred to as a hijacker. Some clarification is needed here, because is a website, and a dangerous one at that. However, there is also a computer infection that is called because hijacks the web browser and causes it to take you to when you try to view other sites. So, the hijacker is malware, named for the site that causes the infected computer's browser to display.

The Scam Website

The website is a site that supports the fake anti-virus software Antimalware Go, and which is part of a scam. Because Antimalware Go is identical to other rogue anti-malware applications AntiVira Av and Antivirus .Net, the websites that claim to offer Antimalware Go as real software are just copies of the sites that promote AntiVira Av and Antivirus .Net. So, has the same fake testimonials, bland blue color scheme, phony customer support and contact information, and lame "Standing sentinel on the safeguard of your PC" slogan used by these other sites. All of the site content is bogus, and it's only there to convince you that Antimalware Go is something you should spend your money on – because is the payment site for the scam.

The Browser Hijacker

The hijacker also promotes Antimalware Go, by constantly forcing you to look at the website that promotes When you try to look at any ordinary website, the hijacker will cause your browser to take you to's front page, or one of the other pages within the site. may also cause a fake security message to appear in the browser window, if you use Internet Explorer, which says that Internet Explorer prevented you from navigating to the page you were trying to because the page is malicious. The security warning will have a link to a site that is supposed to contain security advice or tips, but if you click on it, it just takes you to

User experience with the hijacker varies, and in some cases, may cause security alert pop-ups to appear, and will urge you to download Antimalware Go or to run a "scan" of your computer (so that can recommend Antimalware Go afterward). You may also find that the hijacker generates alerts that claim that your PC is infected with malware, but for obvious reasons, you should not believe what these alerts tell you.

The malware related to the hijacker relies heavily on Trojans in order to infiltrate PC's, and so it is highly likely that the hijacker uses Trojans, as well. In general, the Trojans associated with these malware infections tend to be hidden in downloads of fake video codecs, or application updates downloaded from third-party sites. Pirating sites and filesharing services also commonly spread the Trojans for rogue security applications and the malware that supports them. Once the Trojan is downloaded to your computer, either downloads or installs the other malware. has nothing beneficial or real to offer. is just one more site, and one more hijacker, that supports a huge, widespread Russian scam. This scam has been ongoing for most of 2011, at least, and showed up at the beginning of March.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = ''
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = .exe
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter "Enabled" = '0'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ""
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = '1'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" =