Offer-provider.com
Offer-provider.com is a manifold browser hijacker that promotes three different rogue security products, i.e. VirusRemover 2009, Secure Expert Cleaner and SpywareRemover 2009. It may first seem strange how one domain can possibly shelter several malwares – the explanation is as follows: Offer-provider.com hijacker may have three different URL extensions for three different rogue anti-spyware programs, respectively. Typically you hit one of these domains due to affiliated trojans infiltrating your system and altering the browser settings, in order to redirect web-surfing activities. No matter which extension you come across, your system will be subject to a fraudulent online scan that will undoubtedly notify you of several grossly exaggerated infection reports. This is all in order to scare you into purchasing and downloading whichever one of the three fake spyware remover programs that particular website is advertising.
File System Modifications
- The following files were created in the system:
# File Name 1 %Program Files%\VirusRemover2009\Viruses.bdt 2 %Program Files%\VirusRemover2009\VRM2009.exe 3 VirusRemover2009.lnk
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\VirusRemover2009HKEY_LOCAL_MACHINE\SOFTWARE\VirusRemover2009\HKEY_LOCAL_MACHINE\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Virus Remover 2009"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.