Home Malware Programs Browser Hijackers Kingkongsearch.com


Posted: May 9, 2011

ScreenshotKingkongsearch.com is a malicious website that distributes a web browser hijacker for itself through rogue security programs and plugins for browser applications. The hijacker infection may change your homepage and is able to redirect all searches towards Kingkongsearch.com, which may attack your PC with other malicious program. Since Kingkongsearch.com infections will control your online content and may monitor your online activities, you should take steps to remove Kingkongsearch.com malware with high-quality anti-malware scanners.

Kingkongsearch.com is a One-Two Punch to Your PC Security

Kingkongsearch.com browser hijackers have two known methods for distribution:

  • Via the rogue security program called PC Security Guardian. This rogue security program will pretend to protect your computer from infections, but all of PC Security Guardian's warning messages and pop-ups contain inaccurate information.
  • Via the Recipe Rewards Toolbar, which also contains the Adware.Softomate infection. Externally, Recipe Rewards Toolbar looks like a useful add-on for your browser, but Recipe Rewards Toolbar's concealed and main purpose is to display advertisements.

Both of these infections may alter your Registry to enable web browser hijacking, most notably by redirecting each and every search you make in a search engine towards Kingkongsearch.com. Your homepage may also be changed to Kingkongsearch.com, and fake warnings may be used to block your ability to access safe websites.

PC Security Guardian may also impede your ability to use other applications and stop you from updating or running security, anti-virus or Windows maintenance programs. Recipe Rewards Toolbar's advertisements may also expose your computer to limitless dangers, since malicious scripts hidden in pop-up advertisements created by Recipe Rewards Toolbar can infect your computer without your consent.

Throw Kingkongsearch.com Off of Your PC

In addition to all of the above problems, being forced to visit Kingkongsearch.com may cause your PC to become infected by even more malware. To put a stop to all of this, you can use Safe Mode, boot Windows from a Cd or removable drive, or reboot into another operating system.

Doing any of these procedures will let you launch your OS without Kingkongsearch.com-related programs attacking your browser or other parts of your system. Then you can easily remove Kingkongsearch.com program by running a full system scan. Remember to check for threat definition database updates before you scan since Kingkongsearch.com and related infections are relatively new.

It's technically possible to remove a Kingkongsearch.com hijacker and other infections by manually deleting all relevant files and Registry entries. However, since deleting the wrong Registry entry or file can easily cause serious harm to your PC, it's strongly recommended that you only do this if absolutely no anti-malware program is available.


File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\
    2 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dll
    3 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
    4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].mof
    5 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ocx
    6 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]\
    7 %UserProfile%\Application Data\Best Malware Protection\
    8 %UserProfile%\Application Data\Best Malware Protection\cookies.sqlite
    9 %UserProfile%\Application Data\Best Malware Protection\Instructions.ini

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PC Security Guardian"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler