By Domesticus in Browser Hijackers

AhomePCSafety.com is one of the many fake security websites associated with the Zlob Trojan. Much like the Fake Microsoft Security Essentials Alert Trojan and the Vundo Trojan, the Zlob Trojan is designed to display fake error messages claiming that malware was found on the victim's computer. If the victim clicks on these messages, this Trojan will eventually install a rogue security application and reboot the infected computer system. Rogue security programs associated with the Zlob Trjoan are many, all hiding behind different names and interfaces. AhomePCSafety.com is nothing more than another face of this dangerous malware infection. Users that reach AhomePCSafety.com will find a website that looks like a system alert, claiming that your computer is infected with malware. ESG PC security researchers consider that AhomePCSafety.com is a dangerous threat to your computer's safety. Do not be misled by the fact that AhomePCSafety.com claims that your system is in danger; downloading programs or a toolbar from AhomePCSafety.com deliberately, harms the computer on which AhomePCSafety.com is installed. To remove browser hijackers associated with the Zlob Trojan, ESG security researchers advise using a reliable, fully-updated anti-malware application to scan your hard drives and perform automatic removal. While AhomePCSafety.com browser hijackers and other variations of the Zlob Trojan can be removed manually, ESG malware analysts do not recommend this action, unless you are absolutely sure of what you are doing or have reliable instructions. Manual removal of AhomePCSafety.com involves making changes to the Windows Registry and to the Windows System folders. Taking the wrong steps can irreparably harm your operating system, making it necessary to reformat your hard drive and lose all of your data in the process.

How the AhomePCSafety.com Scam Works

AhomePCSafety.com is a fairly typical infectious website. Malicious websityes are part of a well-known computer scam, which is used to steal inexperienced users' money every day. Basically, the AhomePCSafety.com scam has four steps:

  1. First of all, AhomePCSafety.com is installed on the infected computer with the help of a Trojan. AhomePCSafety.com in particular has been linked to the Zlob Trojan, a well-known malware threat.
  2. Once installed, the Trojan associated with AhomePCSafety.com makes harmful changes to the Windows Registry and to the infected computer's system settings. These changes allow AhomePCSafety.com to run in the background without authorization, start and stop system processes, block certain applications, launch itself at start-up and display fake security alerts and error messages.
  3. AhomePCSafety.com malware then pesters the victim by taking him/her to this malicious website repeatedly, trying to convince the victim that there is a severe malware problem on the victim's computer.
  4. The malware associated with AhomePCSafety.com then refuses to remove these imaginary problems, unless the victim purchases a fake "full version" of the rogue security program promoted by AhomePCSafety.com.

File System Details

Ahomepcsafety.com may create the following file(s):
# File Name Detections
1. ecxwp.dll
2. isamini.exe
3. pmmon.exe
4. windivx.dll
5. iesuninst.exe
6. pmsngr.exe
7. vipextqtr.dll
8. stream32a.dll
9. isamonitor.exe

Registry Details

Ahomepcsafety.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service


Most Viewed