www5.antimalware-lab.com

www5.antimalware-lab.com Description

PC users no longer have the luxury of roaming freely on the Internet lest they trip over a dubious and infected link, xxx5.antimalware-lab.com (xxx replaces www and makes it non-clickable) and visit a malicious, germ-laced website that promotes a rogue security program.

Xxx5.antmalware-lab.com is a malicious website because it promotes software that misleads PC users and if installed, compromises their systems. www5.antimalware-lab.com is run by a vicious Trojan that operates as both a web-hijacker or redirect virus and overall common thief. Whether you sought a free online scanner and stumbled upon xxx5.antimalware-lab.com or your PC was infected by other exploits, i.e. software, hardware or human vulnerabilities, this nasty infection can easily worsen by the minute.

Scamming is a billion-dollar business and this brings out the worst in cybercriminals who will use any and everything to find new victims to scam for money. Most of the tools being exploited were invented for good purposes. Rootkits for instance, were initially designed to help music companies control piracy and because of its stealth techniques to evade detection, has become the secret ingredient to hiding malware in the root or core of a PC. This exploit makes finding and removing malware almost impossible for people who are not skilled or experienced in deleting or editing registry or .dll files or expert tools not equipped with an anti-rootkit component.

Another stealth programming tool being exploited by cybercrooks is polymorphic coding. Polymorphic coding helps Trojans who engineer rogue security programs to mutate or alter their file names and skin. Due to this technique, security experts have to update definitions (i.e. name of viruses and their files) more often. Therefore, if you do not have an expert tool that is equipped with an anti-rootkit and that updates definitions around the clock, 24/7, your system could remain under attack, even if you do somehow manage to remove the Trojan hijacker manually off your PC.

The payload or primary purpose of the Trojan behind xxx5.antimalware-lab.com is to forcibly route you to its malicious website so that you will buy its rogue security program called Anti-malware Lab. Anti-malware Lab joins other rogue security programs such as Win 7 Anti-Spyware 2011, Vista Anti-Virus 2011, AVE.exe, Palladium Pro, AV Security Suite, Internet Security Essentials, XP Security 2011, Win 7 Anti-Virus 2011, Total Vista Security, XP Home Security 2011, Antivirus Antispyware 2011, Antispyware Soft, Win 7 Security 2011, Total PC Defender, XP Guard, Vista Security 2011, Win 7 Total Security 2011, Antimalware Doctor, to only name a few.

All of these programs have one thing in common:

  1. Deceptively infiltrate PC.
  2. Simulate a security breach to scare victim into believing their data and system are at risk.
  3. Offer to fix problems, but only if the user buys and downloads a full-versioned software.
  4. If victim falls for the scam, it capture keystrokes or copy data out of payment form and send by way of http transfer to a remote server and into the hands of a hacker.

Cybercriminals are greedy and have programmed their malware to inflict multiple threats. So while your eyes are busy with some rogue security program fake alerts, warnings, scans and reporting, the Trojan is busy in the background doing the following:

  1. Stealing or capturing vital data stored in your cache or off web-based forms (i.e. online banking or purchasing transactions).
  2. Spoofing your email account so a spammer can spam all your friends and family.
  3. Exploiting a Remote Assistance Tool to give a hacker secret 'root' access so he basically control your PC. Things he might do:
    1. Add your PC to a bot.
    2. Download more malicious malware.
    3. Torture you by manipulating the following:
      1. Change your wallpaper.
      2. Add or delete icons or even files and applications.
      3. Disable your keyboard or other peripheral, i.e. drivers and thus printers, etc.
      4. Tamper with your features, i.e. sound or other options on your control panel.
      5. Lock you out of your own computer.

Timing is key when your system has been compromised, i.e. infected by malware, because these malicious programs use up a lot of system resources and could cause a system crash, damaging your hard drive and possibly destroying your data.

You could waste time trying to access helpful articles or free software on the Internet, to manually remove the stealth Trojan running the xxx5.antimalware-lab.com scam. In the interim, the Trojan is doing what it was programmed to do – work fast. Security experts caution your manual attempts only because most PC users do not understand the risk of deleting the wrong file and having to reimage their system should it become corrupt. If you were smart enough to backup all your data and files and have securely stored the 'keys' and disk of every application, if applicable, the worry may be minimal. However, if this is not the case and you have years and years of valuable, if not just in sentimental value, data on your PC, the risk of losing it all may be that much greater.

Use a reputable anti-malware tool to remove not only all traces of malware off your PC, but to protect it from any future attacks. Cybercriminals and their malware do not sleep and neither should your computer's protection.

So that you do not trip over any dubious link from a malicious website or URL to a germ-laced article, you should use these steps to edit your host file and block them permanently.

  1. Using your start menu, open your host file.
  2. To bypass the restriction, opt to 'run as administrator', after right clicking on the 'notepad' application.
  3. Open your host file (it is usually found here: C:\windows\system32\drivers\etc).
  4. Underneath the line that identifies your local host (example below), list the sites you want blocked:

    #127.0.0.1 localhost
    #127.0.0.1 *xyz.com (substitute 'xyz' for the name of the actual site to be blocked)

    Note: the asterisk should block all variations, i.e. www.xyz.com, xyz.com, http:www.xyz.com). If it doesn't, list them individually.

As a safety precaution, you should disconnect or disable your Internet connection to stop any new transmissions of data to a remote server. (Make sure you disable WI-FI connections as well). Find a clean or germ-free PC to change your logins and security credentials for all your online accounts. Finally, use a reputable anti-malware tool to restore order to your PC and wipe the germs of xxx5.antimalware-lab.com away from your machine.

Do You Suspect Your PC May Be Infected with www5.antimalware-lab.com & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like www5.antimalware-lab.com as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

www5.antimalware-lab.com creates the following file(s):
# File Name
1 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
2 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ocx
3 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dll
4 %UserProfile%\Application Data\Anti-Malware Lab\Instructions.ini
5 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].mof
6 %UserProfile%\Application Data\Anti-Malware Lab\cookies.sqlite
7 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\
8 %UserProfile%\Application Data\Anti-Malware Lab\
9 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]\

Registry Details

www5.antimalware-lab.com creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Anti-Malware Lab"

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.