By JubileeX in Browser Hijackers Image

When it comes to the website, it's true that the site is malicious and that sells fake security software, and it's true that the site has a hijacker. It's also true that the people behind Antivirus Protection and its family of related fake security programs (Antivirus Soft, AntiVira Av, etc.) have established a clear, easily-identified pattern for their phony software sites. fits the pattern – so without a doubt, is the product of these same con-artists. If your computer is infected with Antivirus Protection or the hijacker for, don't give in by paying the money they demand. You can remove the hijacker for from your PC.

The Hijacker

The name may refer either to the browser hijacker that causes your web browser to redirect you to, or it may refer to the site itself. The hijacker may be present on a computer on its own, or it may accompany another piece of malware, namely the fake anti-virus program Antivirus Protection. Either way, the hijacker will do the same things. When you try to visit any website other than, you will either be sent back to, or you will get a fake security window within your browser that says that the site you were trying to visit is malicious. Even the fake security window will urge you to purchase Antivirus Protection, which is something that a real browser security warning would never do.

The hijacker is able to control what you access on the Internet by changing your Internet settings at the level of the Registry, and telling Windows that you are accessing the Internet through a proxy. Basically, this refers all of your attempts to connect to the Internet back to your own computer, through a specific port, which will watch. If you have Antivirus Protection on your computer, it will prevent you from viewing or modifying the Registry. Whether you have the hijacker on your computer by itself, or you have an infection with Antivirus Protection, your best bet for removing the malware is legitimate security software or help from someone who is very experienced with Windows technical issues.

The Website

As a website, is a word-for-word copy of every other site that claims to offer Antivirus Protection for sale. The site actually has very little content, although has several tabs or sub-pages that are supposed to make it appear as though offers everything that a real site would provide to an Internet user. The description of the software offered, which in this case is Antivirus Protection, is a complete fiction. Antivirus Protection is not actually anti-virus software, and Antivirus Protection can't do anything that the description claims. Apparently the creeps behind the site think that if they claim to have something called "RescueScan" technology, people will fall for their scam because it sounds nice. Likewise, all of the testimonials are fake, and they are the same phony testimonials that appear on all of the other malicious sites that promote variations on the same bogus security software. The "customer support" offered on the site is limited to a laughably useless email form, and the little logos for social networking sites with the header "Follow us!" are only set-dressing, as and Antivirus Protection have no presence and no following on those sites. The only reason that any of this lame content is present is to get you to believe that the payment page for Antivirus Protection is the payment page for something real. It isn't. wants to take your money and run.

The registration information for is the nail in this fake website's coffin, because everything in's public registration is falsified. The registration claims that the site belongs to the search engine, and the address for its "company" it gives the street address of a private residence in Washington, along with a phone number that either doesn't exist or has no publicly-available information – which is awfully strange for a business. However, take a look at the IP address for, and you'll see that the site is actually hosted in Romania. Furthermore, the only other site that uses that IP address is another site that promotes Antivirus Protection, has registration information that claims that belongs to the National Mango Board, in Florida. Even if the registration information for these two sites were genuine – which it most definitely is not – it makes no sense for these organizations to own the sites that are supposed to belong to "Antivirus Protection, Inc." The bottom line is, absolutely nothing about is trustworthy.

If you aren't already being sent to against your wishes, please do not attempt to visit the site. As you can see, there is nothing real or worthwhile on, and the site is part of a malicious, widespread fraud.

File System Details may create the following file(s):
# File Name Detections

Registry Details may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http='
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'

1 Comment

I've encountered this exact description on a different computer, plus it continually brings up or or .com. It makes it look like someone using that computer was viewing perverted material when the virus attacked, and this is not good for a family computer. I'm stuck, and don't know how to remove it, and don't know anybody locally, that can repair things like this.


Most Viewed