Whatseek.com
Whatseek.com is a search engine that offers links to sites for the sake of its own bottom line instead of giving you links that are truly-related to your search terms. Although this is just enough to label Whatseek.com as a nuisance instead of as an outright danger to your PC, Whatseek.com has a history of using browser hijackers to redirect visitors to its site from unrelated websites. These redirect attacks make Whatseek.com and everything that comes with Whatseek.com a very direct hazard for your computer's web-browsing safety, and it's recommended that you scan your PC with a trustworthy security program after any contact with Whatseek.com (whether it's through a redirect or through other means).
Whatseek.com (reminiscent of other malicious sites like Widdit.com or Clicks.thespecialsearch.com) may look like a search engine, but behind its looks, Whatseek.com doesn't have the functionality, safety measures or sophisticated search algorithms that real search engines use to help provide appropriate results. Instead of this, Whatseek.com makes do with spamming links to unrelated sites that pay Whatseek.com's web masters back for the traffic. Although, in many cases, these links are simply non-useful but harmless, some links from Whatseek.com may have greater issues for you to contend with, such as:
- Phishing hoaxes that try to steal personal information with fake prize offers or dummy login pages.
- Marketing scams for rogue security programs that pretend to detect nonexistent PC threats on your computer.
- Browser-based exploits that install malicious software (commonly via scripted vulnerabilities in Java, Flash or PHP).
Breaking Your Browser Out of Bondage to Whatseek.com
Despite all of the above dangers that Whatseek.com may expose your browser to, the top threat that remains is the browser hijacker causing the redirection to Whatseek.com, which takes control of your browser entirely out of your hands. Browser hijackers for Whatseek.com and similar forms of fake search engines may filter your search results through Whatseek.com, redirect you to Whatseek.com when you try to load another website or set Whatseek.com to be your starting page. Under no circumstances should these attacks be tolerated or ignored, since they do pose a security risk, although the long-term harm that they can cause by themselves is minimal.
SpywareRemove.com malware researchers recommend total system scans with appropriate anti-malware applications to remove browser hijackers, since this will insure a complete-reversal of all setting changes and removal of concealed components (such as boot sector-based rootkits) that are often installed with browser hijackers.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%[trojan name]toolbarversion.xml
File name: %AppData%[trojan name]toolbarversion.xmlMime Type: unknown/xml
%Temp%[trojan name]toolbar-manifest.xml
File name: %Temp%[trojan name]toolbar-manifest.xmlMime Type: unknown/xml
%AppData%[trojan name]toolbarcouponsmerchants2.xml
File name: %AppData%[trojan name]toolbarcouponsmerchants2.xmlMime Type: unknown/xml
%AppData%[trojan name]toolbarcouponsmerchants.xml
File name: %AppData%[trojan name]toolbarcouponsmerchants.xmlMime Type: unknown/xml
%AppData%[trojan name]toolbarcouponscategories.xml
File name: %AppData%[trojan name]toolbarcouponscategories.xmlMime Type: unknown/xml
%AppData%[trojan name]toolbarlog.txt
File name: %AppData%[trojan name]toolbarlog.txtMime Type: unknown/txt
%AppData%[trojan name]toolbarpreferences.dat
File name: %AppData%[trojan name]toolbarpreferences.datFile type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbardtx.ini
File name: %AppData%[trojan name]toolbardtx.iniMime Type: unknown/ini
%AppData%[trojan name]toolbarguid.dat
File name: %AppData%[trojan name]toolbarguid.datFile type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbaruninstallIE.dat
File name: %AppData%[trojan name]toolbaruninstallIE.datFile type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbaruninstallStatIE.dat
File name: %AppData%[trojan name]toolbaruninstallStatIE.datFile type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbarstat.log
File name: %AppData%[trojan name]toolbarstat.logMime Type: unknown/log
%AppData%[trojan name]toolbarstats.dat
File name: %AppData%[trojan name]toolbarstats.datFile type: Data file
Mime Type: unknown/dat
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "[trojan name]IEHelper.UrlHelper"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "[trojan name]IEHelper.UrlHelper.1"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBar[trojan name]dtx.dll"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVerHKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCLSIDHKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar "[trojan name] Toolbar"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardHKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.