By Domesticus in Browser Hijackers is a malicious website. If you find that your browser is redirecting you to, do not purchase anything on the site, and do not trust anything that may tell you about your computer's security. If you aren't being redirected to, do not attempt to visit the site. There is nothing real or useful on

The name "" refers to two things: a browser hijacker, and a malicious website that the hijacker redirects to (and which is also a payment site for a scam). Both the hijacker and the website support the rogue anti-virus software Antivirus Monitor. In other words, both of them exist in order to trick you into thinking that Antivirus Monitor is real anti-virus software, so that you will pay for it and download Antivirus Monitor. However, Antivirus Monitor is malware, and although Antivirus Monitor pretends to be a security application, Antivirus Monitor is completely useless for scanning for or removing threats.

The Hijacker

The browser hijacker typically downloads itself to the affected computer via Trojans. What happens is that while you are online, you click on a link in a fake or malicious advertisement that initiates the download, or you download a file or program update (from a site other than that of the program's publisher), and the Trojan is secretly bundled with the download. Either way, you will not notice that something has occurred until the hijacker starts causing problems.

The symptoms of an infection with the hijacker are easy to spot. As the name implies, the hijacker will hijack your web browser, and cause it to navigate to the website Whenever you try to view another site, your browser will go to instead. Furthermore, the hijacker may change your home page, and may cause pop-up advertisements and alerts to appear while you are online. Generally, these advertisements and alerts will warn that your computer may be insecure, and they will recommend a download of Antivirus Monitor. (Obviously, you shouldn't download Antivirus Monitor for any reason!)

Analyses of the actual files created by the hijacker reveal that once is installed, the hijacker tries to contact a remote host. However, it seems to be the case that the remote host is the website, so there is not enough evidence to say that the hijacker is used for spying on the user of the infected computer, or for stealing private information. It may be the case that the hijacker is capable of spying on or manipulating the affected computer in other ways, but at present, there are insufficient data to support that theory.

The Website

The website is a clone of every other website that promotes Antivirus Monitor, and uses the same minimalistic design, bland yellow color scheme and blue shield logo, and a handful of definitions of malware terminology that appear in several places in order to fill space. The website has fake testimonials about how great Antivirus Monitor is, along with a fake company address, and a completely phony customer support email form. Of course, all of this lame, low-quality content is only present in order to make appear to be a legitimate website. It's all set dressing for the star of the site, which is the payment page – the only page that the crooks behind and Antivirus Monitor really care about anyone visiting. If you enter your credit card information into's payment page, you are paying into a scam and giving criminals everything they need in order to make fraudulent charges to your card.

The most public layer of the registration information for the website shows that the site is registered to someone in California. Look a little deeper, however, and you will find that the IP address for is currently, which points to a location in Ukraine, and which belongs to Tirexhost. Even that is a misdirection, since Tirexhost isn't even actually operated out of Ukraine. Tirexhost is operated out of St. Petersburg, Russia; therefore, ultimately can be traced to an origin in Russia. Also, although Tirexhost hosts several hundred websites, detailed examination of its sites has yet to reveal a single website that is not malicious. ought to be treated with suspicion just for being a Tirexhost site, not to mention the huge Antivirus Monitor scam that promotes.

File System Details may create the following file(s):
# File Name Detections

Registry Details may create the following registry entry or registry entries:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = '.exe'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ""
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter "Enabled" = '0'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = ''
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = '1'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" = ''


The following messages associated with were found:

Windows detected a hard drive problem
Drive initialization error
Hard drive doesn't respond to system commands
Registry error
Critical Error: system cannot find hard disk space
Critical Error: RAM memory failure


Most Viewed