By GoldSparrow in Browser Hijackers Image

Please do not visit the site, if you are able to avoid it. pretends to be a website that sells anti-virus software, but the truth is, it is the payment website for a malware-based scam. In particular, promotes the fake security program Antivirus Protection, a piece of malware that tries to scare the users of infected computers into paying money for a software license that doesn't exist. If you do find yourself at, especially if your browser is going there on its own, it is important that you do not buy the fake security software offered on the site. Then again, if your browser is going to on its own, then your PC is already infected with malware, and you need to proceed with caution anyway.

The Hijacker

When people talk about, they may be referring to the site itself, or to the browser hijacker infection that makes your web browser lead you to Since there is really no reason for the average person to know that exists unless their computer is taking them there on its own, it's fair to say that practically everyone who visits the website is using an infected computer.

The browser hijacker may occur on its own, or may be part of an infection with the rogue security program Antivirus Protection. Either way, the malware that is causing your browser to redirect you is able to do this because the malware makes changes to your Internet Settings, at the level of the Registry. What happens is that the hijacker tells Windows that you are accessing the Internet through a proxy. This allows the hijacker to control your access to specific Internet content. Generally, if you have the hijacker on your system, then the only site you will be able to view is When you try to navigate to any other site, your browser will take you back to, or you will get a phony error message within the browser window that says that you were prevented from viewing a malicious website.

Ultimately, not only does the hijacker promote a fake security product, but also prevents you from getting help in removing the hijacking malware.

The Website

As a website, is literally identical to every other site that promotes Antivirus Protection, and there are a lot of them. Nonetheless, portions of's site that claim to provide information on the Antivirus Protection "company" indicate that is supposed to be the company's one and only real website. Of course, the company information isn't the only content that's fake, because practically everything else about is lies and filler. The customer testimonials provided on the site are fake, and they are attributed to various different people on the different sites that promote Antivirus Protection. The customer support email form is laughable, because it's supposed to fool people into thinking that Antivirus Protection must be real if it offers customer support – but the email form is the only "support" option that the site has, and obviously no one really responds to the customer emails received through the form.

The site includes a few other elements to try to make itself look legitimate, including some very basic definitions of malware terminology that seem to be there just in order to take up space. There are all kinds of crazy claims about the bogus "RescueScan" technology that Antivirus Protection is supposed to offer, as well as claims about the number of businesses that supposedly use Antivirus Protection. There is even a picture of a product box at the top of the front page of, and in the picture, the product box says "Antivirus Soft" instead of "Antivirus Protection." (Antivirus Soft is a rogue security program related to Antivirus Protection, and their sites are basically identical.) However, the most important part of, at least to the people behind the scam, is the payment page where you can use your credit card to purchase a completely worthless Antivirus Protection license.

The publicly-available registration information for is really strange. According to its registration information, belongs to the National Mango Board. Further adding to the oddity of the registration information for, the address given for the registrant – the National Mango Board – is the mailing address for the nonprofit organization the Braille Association of Mid Florida. Clearly, these two pieces of information don't match up, and that makes sense if you realize that the registration information is completely fake. The IP address for actually traces back to a location in Romania.

So there it is: claims to sell Antivirus Protection, and Antivirus Protection is registered in the name of the National Mango Board, at the address of a Braille Association...with an IP address in Romania.You shouldn't trust anything you see on

File System Details may create the following file(s):
# File Name Detections

Registry Details may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = 'http='
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = '0'


Most Viewed