By SpideyMan in Browser Hijackers is the name of a malicious website, and of a browser hijacker. If you are not being redirected to by a malware infection, please do not attempt to visit the site on your own.

Why was Created

As a website, exists to support the rogue anti-virus software Antimalware Go. has just enough content to look somewhat like a real website, and claims to be the site for the company that produces the Antimalware Go software. However, Antimalware Go is not real anti-virus software, but just one name for a piece of malware that is at the heart of a widespread Russian Internet scam. This malware goes by several different names, and Antimalware Go has a number of different websites that support Antimalware Go, but they are easily identified because they are identical. As Antimalware Go is a clone of AntiVira Av, is a clone of AntiVira Av's sites. has the same bland color scheme, fake testimonials, and "Powerfull PC Protection" tagline. Just like the AntiVira Av sites, is the payment site for the malware supports. If you enter your credit card information into, not only will you not get anything for your money, but you are also giving your credit card number to criminals.

The Hijacker

There is also a browser hijacker called, because causes the Internet browser on the infected computer to redirect to that site. In addition to constantly redirecting you to, the hijacker will prevent you from accessing any other websites, and will generate pop-up alerts that will say that your computer is infected with some kind of virus. In particular, the hijacker causes pop-ups that say, "Infiltration alert!" The alerts will recommend that you download a program to remove the fictitious malware. If you click on the button agreeing to the download option, you've been tricked to download the rogue program Antimalware Go. Because Antimalware Go is malware, things will only become worse than they were before if you download The hijacker can disable many of your computer's normal functions, and it is important to remove as quickly as possible, but you should not trust the recommendations gives you.

Detailed Information About

At the time of this writing, is hosted on a dedicated server, and has the IP address, which is located in Ukraine. was registered on February 23 through, Inc., supposedly to a business called Rarenames, Inc., in Waltham, Massachusetts. However, because malicious websites like tend to be registered with fabricated names and contact information, it is entirely likely that the exact owner of the site is not Rarenames, Inc.

File System Details may create the following file(s):
# File Name Detections

Registry Details may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http="
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” = "1"


Most Viewed