Thesafetyfiles.com
Thesafetyfiles.com is a computer hijacker that redirects a user's web browser to www.thesafetyfiles.com, pops up warning messages and a warning bubble from the taskbar announcing the computer is infected with spyware and that the user should download a spyware remover. Thesafetyfiles.com only promotes fake anti-spyware products such as AntiVirGear, SpyShredder, WinAntiVirus Pro 2007, Ultimate Cleaner and SecurePCCleaner.
To restore the original default homepage, open IE > go to Tools > Internet Options > Type the URL address of your desired website > Click "Use Current" > click "OK". But restoring your hompepage manually does not necessarily mean that you've gotten rid of the spyware infection that brought on the homepage hijacker. Thesafetyfiles.com may be a sign that you've been infected with spyware or a trojan.
If, when Internet Explorer starts, you see any pop up windows telling you about a rogue anti-spyware program and how to remove spyware, then you're probably infected with a trojan and you will continue to be hijacked by Thesafetyfiles.com. Sometimes the hijackers prevent you from changing the homepage, or may allow you to temporarily change the homepage only to have Thesafetyfiles.com reappear later.
So what do you do? Scan your system with an anti-spyware program and remove the spyware infections detected.
File System Modifications
- The following files were created in the system:
# File Name 1 cfqbw.dll 2 fdpzgi.dll 3 gtawclv.dll 4 iesplugin.dll 5 iesuninst.exe 6 isaddon.dll 7 isamini.exe 8 isamonitor.exe 9 khtbpdl.dll 10 Online Security Guide.url 11 pmmon.exe 12 pmsngr.exe 13 pmuninst.exe 14 Security Troubleshooting.url 15 veptlh.dll 16 vjxwnn.dll 17 vmlwp.dll
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80ced3d6-ece9-48ba-8df8-2503d8d87c2b}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}IExplorer Security Plug-inInternet Explorer Secure BarMessenger Service
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.