By Sumo3000 in Browser Hijackers

WyeKe.com Image

WyeKe.com is a search engine that is part of a well-known online scam. This website has all the outward characteristics of a search engine without any of the functionality. Everything in its design, from the large centrally-located search box to its logo shaped like a magnifying glass, is designed to mimic the look and feel of a legitimate search engine. However, WyeKe.com has absolutely no real search capabilities. Any online search carried out on WyeKe.com will simply result in a stream of advertisements and spam which will almost certainly be irrelevant to the search that was carried out. Cybercriminals force computer users to visit WyeKe.com repeatedly through a browser hijacker infection, usually stemming from a malicious browser toolbar. ESG security researchers recommend dealing with redirects to the WyeKe.com web page by removing any browser toolbars you may have installed and utilizing a competent anti-malware program to scan your computer and to remove any potential malware that may be associated with browser hijackers.

Understanding the WyeKe.com Scam and How Criminals Profit from It

Most redirects to the WyeKe.com website are caused by a Browser Helper Object, usually an add-on or toolbar for Mozilla Firefox or Internet Explorer. These will typically be installed as a requirement for using various freeware media players and media format converters. ESG security researchers strongly advise against using any freeware software that requires you to install a browser toolbar; there will probably be better, free options that do not require you to infect your computer with malware deliberately in order to function. Criminals promote the WyeKe.com website as a way to generate substantial advertisements revenue. WyeKe.com belongs to a large network of search engines, which have considerably high web traffic that is almost entirely generated through the use of browser hijackers; it is not surprising when one considers that these websites provide no services and have no real content. This web traffic directly translates into more advertisements impressions and clicks on sponsored links.

File System Details

WyeKe.com may create the following file(s):
# File Name Detections
1. %AppData%[trojan name]toolbarcouponsmerchants2.xml
2. %AppData%[trojan name]toolbarcouponsmerchants.xml
3. %AppData%[trojan name]toolbarpreferences.dat
4. %AppData%[trojan name]toolbarstat.log
5. %Temp%[trojan name]toolbar-manifest.xml
6. %AppData%[trojan name]toolbarcouponscategories.xml
7. %AppData%[trojan name]toolbarlog.txt
8. %AppData%[trojan name]toolbaruninstallStatIE.dat
9. %AppData%[trojan name]toolbarversion.xml
10. %AppData%[trojan name]toolbardtx.ini
11. %AppData%[trojan name]toolbarguid.dat
12. %AppData%[trojan name]toolbaruninstallIE.dat
13. %AppData%[trojan name]toolbarstats.dat

Registry Details

WyeKe.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "[trojan name]IEHelper.UrlHelper.1"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "[trojan name]IEHelper.UrlHelper"
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVer
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBar[trojan name]dtx.dll"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar "[trojan name] Toolbar"


Most Viewed