Home Malware Programs Browser Hijackers Information-Seeking.com

Information-Seeking.com

Posted: January 25, 2012

Information-Seeking.com Screenshot 1Information-Seeking.com is a search engine site. Instead of giving you relevant results for your search terms, Information-Seeking.com prefers to provide sponsored links, such as other search engines or pornography websites that return a small amount of revenue to Information-Seeking.com's owners as payment for the traffic. Redirects to Information-Seeking.com are particularly noted to occur in Mozilla Firefox, but other web browsers are also vulnerable to these attacks, which are often a side effect of infection by fake anti-malware products like Security Suite. Since redirects to Information-Seeking.com may only be one of the many attacks that a browser hijacker or related PC threat can use against your PC, SpywareRemove.com malware researchers recommend the use of a competent anti-malware software to remove any browser hijacker for Information-Seeking.com the very moment that their symptoms appear.

What Information-Seeking.com Really Seeks from Your PC

Information-Seeking.com has been noted as a distributor of malicious software since at least January of 2012. Information-Seeking.com's search functions, although real to the extent that they provide working links to other sites, don't utilize the intricate search algorithms that reputable search engines possess – instead, Information-Seeking.com simply spoons up a helping of sponsored results to sites that pay Information-Seeking.com for the privilege. As a result, there's no real reason to use Information-Seeking.com as a search engine, especially since attempting to do is very likely to place your PC in danger.

Redirects to Information-Seeking.com can occur in several ways, but are especially noted for occurring whenever you try to access a popular search site like Google. Most redirects will only use Information-Seeking.com as a brief pause between affiliated sites instead of loading Information-Seeking.com and stopping at that point. However, regardless of the final destination, any redirect that involves Information-Seeking.com should be considered tantamount to an attack on your computer, and SpywareRemove.com malware analysts recommend that you scan your entire PC with anti-malware software after such events.

Stonewalling the Fake Information That Information-Seeking.com's Friends May Send to You

There have been reports about browser hijackers that engage in Information-Seeking.com-promoting redirects being related to a scamware like Security Suite. These fake security programs will create inaccurate scanner results and system alerts that warn you about nonexistent PC threats, and may also be responsible for disabling your real anti-malware software. However, disabling these PC threats via Safe Mode and other standard types of anti-malware strategies will let you run a scan on your computer and rid yourself of both Security Suite and related browser hijackers.

Because DNS and other settings changes can allow browser hijackers for Information-Seeking.com to continue to attack your browser even after other PC threats are removed, trying to manually delete browser-redirecting PC threats isn't recommended. In most instances, as was found by SpywareRemove.com malware research team, these redirects can occur in all web browsers, although, in some cases, they may be limited to a particular type of browser, such as Mozilla.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Temp%[trojan name]toolbar-manifest.xml File name: %Temp%[trojan name]toolbar-manifest.xml
Mime Type: unknown/xml
%AppData%[trojan name]toolbarversion.xml File name: %AppData%[trojan name]toolbarversion.xml
Mime Type: unknown/xml
%AppData%[trojan name]toolbarcouponsmerchants2.xml File name: %AppData%[trojan name]toolbarcouponsmerchants2.xml
Mime Type: unknown/xml
%AppData%[trojan name]toolbardtx.ini File name: %AppData%[trojan name]toolbardtx.ini
Mime Type: unknown/ini
%AppData%[trojan name]toolbarcouponscategories.xml File name: %AppData%[trojan name]toolbarcouponscategories.xml
Mime Type: unknown/xml
%AppData%[trojan name]toolbarcouponsmerchants.xml File name: %AppData%[trojan name]toolbarcouponsmerchants.xml
Mime Type: unknown/xml
%AppData%[trojan name]toolbarpreferences.dat File name: %AppData%[trojan name]toolbarpreferences.dat
File type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbarstat.log File name: %AppData%[trojan name]toolbarstat.log
Mime Type: unknown/log
%AppData%[trojan name]toolbarguid.dat File name: %AppData%[trojan name]toolbarguid.dat
File type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbarstats.dat File name: %AppData%[trojan name]toolbarstats.dat
File type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbaruninstallIE.dat File name: %AppData%[trojan name]toolbaruninstallIE.dat
File type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbaruninstallStatIE.dat File name: %AppData%[trojan name]toolbaruninstallStatIE.dat
File type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbarlog.txt File name: %AppData%[trojan name]toolbarlog.txt
Mime Type: unknown/txt

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "[trojan name]IEHelper.UrlHelper.1"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBar[trojan name]dtx.dll"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "[trojan name]IEHelper.UrlHelper"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar "[trojan name] Toolbar"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVerHKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCLSIDHKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard

One Comment

  • Melinda says:

    A Registry Cleaner would definitely be eaeisr than re-installing the OS! Beware of iObit's newest version of their Advanced System Care. It's full of bugs. I installed it on PC and it was updated to the latest version on the other. It wouldn't work on either PC and had to uninstall it and download an earlier version.

Loading...