By GoldSparrow in Browser Hijackers

Threat Scorecard

Ranking: 14,387
Threat Level: 50 % (Medium)
Infected Computers: 5,213
First Seen: May 29, 2015
Last Seen: February 22, 2024
OS(es) Affected: Windows

The is a site that may not be the best place to start surfing the Internet, despite its content that includes news reports, shopping offers, videos and games. The site is associated with a browser hijacker that may redirect infected users to corrupted Web pages and initiate a drive-by download of badware like PC Protector Plus and PC Defender Plus. Security investigators reveal that the browser hijacker may appear as a browser extension that invites users to install it and grant unrestricted access to the Internet. The IP address of may be linked to several cyber threats like Ardamax and Golden Keylogger, and Web surfers that visit may be at risk of being infected with information collecting threats. The domain is flagged as threatening by several security authorities that include Cisco Cloud Web Security, Websense Web Filter and Google Safe Browsing. There are many reports on that the site's infrastructure may not be secure and include links to other harmful domains and cyber threats.

Computer users that are infected with the browser hijacker may experience program crashes and pop-up windows that suggest them to install patches or upgrades to their Adobe Flash Player. Do not trust the messages coming from and avoid clicking on banners featuring FLV-based advertisements because you may be subjected to a Web-based attack at vulnerabilities in your plug-ins. The browser hijacker may function as a browser service and hide its presence within the svchost.exe host process of Windows. Computer users that do not have in-depth knowledge of the Windows ecosystem are not advised to make manipulations to their Windows Registry and Windows Task Manager to try to remove the browser hijacker manually. The better and safer way to remove the browser hijacker is to install a trusted anti-malware utility.


1 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Symantec PUA.Downloader

SpyHunter Detects & Remove

File System Details may create the following file(s):
# File Name MD5 Detections
1. crsvc.exe 0f86442b238f1c9ca69cb8d662deb05b 1,170

Registry Details may create the following registry entry or registry entries:
Software\Microsoft\Internet Explorer\DOMStorage\
Software\Microsoft\Internet Explorer\DOMStorage\
SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\
SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\

Directories may create the following directory or directories:


URLs may call the following URLs:


Most Viewed