'Checking visitor' Pop-Up

'Checking visitor' Pop-Up Description

The 'Checking visitor' detection name refers to a pop-up window that is generated when a compromised user opens the browser, slides to a new tab and clicks on a hyperlinked text. The 'Checking visitor' pop-ups are generated by adware, which is reported to use a custom URL like 'imwhite.ru/cs?wsa=59170dc59dd2938574025' and load marketing materials from untrusted advertisers. Network analysis showed that the domains related to the 'Checking visitor' pop-ups are registered to the 46.4.70.113 IP address. There are many clones of 'imwhite.ru' and most of them appear to function as a redirect-gateways to Russian sites. Some computer security researchers may refer to the 'Checking visitor' redirects simply as "Russian Ads." Some of the domains used to redirect users infected with the 'Checking visitor' adware are the following:

  • h8.ijquery11.com
  • ijquery11.com
  • imycpm.ru
  • linkmyc.com
  • mtbuy.ijquery11.com
  • x24.ijquery11.com

Computer security researchers note that the domains listed above do not represent the full extent of the network that supports the 'Checking visitor' browser redirects. PC users may have installed adware the last time they have handled a free software package with the 'Express' and 'Typical' option. Some free program developers incorporate a monetization technique and try to earn a few dollars by modifying your default search settings and new tab so that you are redirected to a site where your searchers receive pay-per-view ad revenue. However, that is not what occurs with the 'Checking visitor' pop-ups because an adware may connect to sites with random names and read information like your browsing history to load personalized video commercials, banners and promotional images. The 'Checking visitor' may employ evasion tactics that we have seen with the CloudExtender and WizzRelease adware. PC security analysts note that the 'Checking visitor' adware might run from the Temp directory and register a background service to inject code into browsers like Internet Explorer, Mozilla Firefox and Google Chrome. You might be interested in using a reliable anti-malware scanner to clean your computer efficiently.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.