CEIDPageLock is a rootkit that hijacks the users' browser to force them into loading a fake Web directory domain, which creates profit for the threat actor via advertising. CEIDPageLock also includes support for a backdoor that could install other threats, as well as significant anti-analysis and detection features. Users that identify symptoms of infection, such as changes to their homepages, should have appropriate anti-malware tools uninstall CEIDPageLock, which compromises the Windows kernel and should be assumed as active until one can verify otherwise.
Browser Hijackers Going to New Extremes
The overwhelming majority of browser hijackers are low-level threats that depend on disguising themselves as otherwise-benevolent browser add-ons, and, usually, represent a negligible security risk to the rest of the PC. However, a China-specific threat's campaign is changing that tradition by using high-level techniques like compromising the Windows kernel for hijacking Web browsers. Although malware experts find its methods highly unconventional, CEIDPageLock's motivation is, apparently, the same profit-through-advertising goal of any other browser hijacker.
After infecting Windows, CEIDPageLock takes over the user's browser and swaps the homepage into a copycat domain of 2345.com, a Chinese Web directory. Other browser-hijacking features within CEIDPageLock's payload include taking over the search results and even monitoring network traffic for specific sites, which triggers an automatic redirection to corrupted pages. While malware analysts find no current cases of CEIDPageLock abusing its capabilities for installing other threats, it does include the theoretical ability to execute remote code, instead of just exposing victims to unwanted advertisements.
Guarding Your Browser's Home against Kernel-Level Invasions
This threat uses invasive persistence techniques, like those of other rootkits such Uroburos, Crisis, or Zacinlo (which shares CEIDPageLock's preference for advertising promotion). Any disinfection measures may require more steps than with most threats. Victims should familiarize themselves with the Safe Mode feature and removable device-based bootup procedures. Always use anti-malware software with dedicated rootkit-removal functions for uninstalling CEIDPageLock; ordinary anti-virus software without any kernel-level disinfection features may be ineffective.
CEIDPageLock is an outlier for the amount of effort that its programmer is putting into achieving otherwise trivially-accomplished, browser-redirecting attacks. It may, however, be a sign of future business practices among rootkit authors, since there still is money to make in non-consensual Web advertising.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to CEIDPageLock may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.