By GoldSparrow in Browser Hijackers Image is a search engine that belongs to a large network of search engines with extremely similar characteristics. Clones of, such as, are identical to in every way except for the particular website's name. These websites contain a white and blue color scheme with a large search box and a logo in the shape of a magnifying glass. In fact, everything about is designed to convince visitors that is a real search engine, except that this website has absolutely no real search engine capabilities. That is, cannot be used to search for web pages that may be relevant for a particular keyword or search term. Rather, any search carried out on leads to a variety of results that are all irrelevant and usually shows nothing more than advertisements for various untrustworthy websites. Search engines in the family have in common that they tend to be associated with the Google Redirect Virus, a component of various rootkits, which include the ZeroAccess rootkit and variants of the TDSS rootkit. Computer users may also find the Zwangie.exe file process on their computer, although this is difficult to confirm because malware associated with tends to disable the Task Manager as well as an attempt to stop any security software found on the infected computer system. ESG security researchers strongly advise that you use a reliable anti-malware application to search for the source of any forced redirects to the website – the presence of these is a sign of a malware infection which may result in your online accounts and sensitive information becoming compromised.

How Criminals Profit from Forcing You to Visit Repeatedly

Most of the time, problems involving the website will usually have their source in a malicious browser toolbar installed as a requirement for the installation of various media converters or other similar freeware applications. This browser toolbar will usually indicate the presence of a dangerous Trojan on the victim's computer. This Trojan takes over the infected computer, fundamentally changing how it connects to the Internet. By forcing you to visit repeatedly, criminals boost this website's traffic and advertising revenue generated from If you are not comfortable with the idea of criminals profiting from deliberately harming your computer system, you should use a reliable anti-malware program to delete browser hijackers from your system immediately!

File System Details may create the following file(s):
# File Name Detections
1. %AppData%[trojan name]toolbarcouponsmerchants2.xml
2. %AppData%[trojan name]toolbarcouponsmerchants.xml
3. %AppData%[trojan name]toolbarpreferences.dat
4. %AppData%[trojan name]toolbarstat.log
5. %Temp%[trojan name]toolbar-manifest.xml
6. %AppData%[trojan name]toolbarcouponscategories.xml
7. %AppData%[trojan name]toolbarlog.txt
8. %AppData%[trojan name]toolbaruninstallStatIE.dat
9. %AppData%[trojan name]toolbarversion.xml
10. %AppData%[trojan name]toolbardtx.ini
11. %AppData%[trojan name]toolbarguid.dat
12. %AppData%[trojan name]toolbaruninstallIE.dat
13. %AppData%[trojan name]toolbarstats.dat

Registry Details may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBar[trojan name]dtx.dll"
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVer
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "[trojan name]IEHelper.UrlHelper"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "[trojan name]IEHelper.UrlHelper.1"
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar "[trojan name] Toolbar"


Most Viewed