By LoneStar in Browser Hijackers Image belongs to a batch of fake search engines that were released in November and December of 2011. and its clones can be easily identified because they all share identical interfaces and website layouts. Their design is fairly minimalist, allowing criminals to produce large numbers of clones easily. When you arrive at a website that belongs to's family of fake search engines, you will be greeted with a white page. In the center of this white background, you will find a search box, a randomly-chosen logo and the website's name in a green-tinted font. Despite this tasteful design, there is nothing tasteful about the way tries to scam you and steal your money. Fake search engines like are designed to spam users with advertisements and direct them to malicious websites containing unsafe content, various advertisements and malware infections. More importantly, websites like use browser hijackers such as the Google Redirect Virus in order to force their victims to return to the website repeatedly. Because of this, ESG security researchers recommend treating any contact with the website as a potential malware infection.’s Nasty Friends

The real problem with fake search engines such as is their association with other malware infections. If you are not careful, malware associated with can quickly make its home in your hard drive, eventually inviting other, more dangerous infections to the party! The main malware infection associated with is a kind of Trojan known as a browser hijacker. Usually, this browser hijacker is either a browser toolbar or a version of the Google Redirect Virus. Regardless of the kind of browser hijacker installed on your computer system, most browser hijackers have the same symptoms, resulting in repeated forced visits to the and its many friends. Some symptoms of a browser hijacker infection include the following:

  • Browser hijackers associated with will often change the results on legitimate search engines so that they will link to instead of to their real destination. This tactic is quite effective against inexperienced computer users since they may simply try their search again on the fake search engine.
  • malware may cause your computer to run slowly and crash frequently, as well as affect the quality and performance of your Internet connection.

If your Internet browser is infected, you may find that your homepage and general settings have been altered without your authorization

File System Details may create the following file(s):
# File Name Detections
1. %Temp%BasicScantoolbar-manifest.xml
2. %AppData%BasicScantoolbarcouponsmerchants.xml
3. %AppData%BasicScantoolbardtx.ini
4. %AppData%BasicScantoolbarstats.dat
5. %AppData%BasicScantoolbarversion.xml
6. %AppData%BasicScantoolbarcouponscategories.xml
7. %AppData%BasicScantoolbarpreferences.dat
8. %AppData%BasicScantoolbarstat.log
9. %AppData%BasicScantoolbaruninstallStatIE.dat
10. %AppData%BasicScantoolbarcouponsmerchants2.xml
11. %AppData%BasicScantoolbarlog.txt
12. %AppData%BasicScantoolbarguid.dat
13. %AppData%BasicScantoolbaruninstallIE.dat

Registry Details may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBarBasicScandtx.dll"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "BasicScan BasicScan Toolbar"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar “BasicScan Toolbar”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "BasicScanIEHelper.UrlHelper"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "BasicScan Toolbar"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "BasicScanIEHelper.UrlHelper.1?


Most Viewed