Home Malware Programs Browser Hijackers QuestBrowser.com

QuestBrowser.com

Posted: December 15, 2011

QuestBrowser.com Screenshot 1QuestBrowser.com is a fake search engine that's known for its use of browser hijackers, its copied site template that's identical to equivalently-malicious sites and its predilection for creating self-profitable search results instead of real types of search query-related links. Although QuestBrowser.com looks like a safe search engine, links that are proffered by QuestBrowser.com may expose your PC to malicious content (such as phishing scams or drive-by-download attacks) and will never provide information that's relevant to your search terms. Because contact with QuestBrowser.com is strongly related to infection by PC threats that cause web browser redirects, SpywareRemove.com malware experts encourage you to scan your computer with an appropriate anti-malware program if you come into contact with QuestBrowser.com or notice your web browser redirecting itself to QuestBrowser.com without permission.

Refusing the Bait That Lures Your Browser to QuestBrowser.com

Since no one would use QuestBrowser.com's fake features for more than a few moments before realizing that QuestBrowser.com is a fraudulent and hostile website, QuestBrowser.com makes up for this by forcing traffic to itself via browser hijackers. Browser-hijacking Trojans are often installed by drive-by-download scripts and other exploits that allow them to slip onto your PC without permission. Strong security settings, an up-to-date web browser and a powerful anti-malware program can all be used together to help lower the possibility of such attacks. SpywareRemove.com malware researchers note that browser hijackers for QuestBrowser.com can show a number of different symptoms, including:

  • Pop-up windows that display advertisements, fake system scanners, inaccurate alerts and other forms of undesirable content.
  • Web browser settings that refuse to be changed or change themselves back to undesired values after you relaunch your browser.
  • Redirect attacks that force your web browser to load QuestBrowser.com when you visit an unrelated site (especially another search engine).
  • Having your homepage or your default 'new window' page set to QuestBrowser.com.

How to Stop QuestBrowser.com's Hoax in Its Tracks

Because QuestBrowser.com makes its profits off of redirecting victims to its affiliates, simply avoiding any usage of QuestBrowser.com's fake search engine is a foremost tactic to prevent QuestBrowser.com from harming you or gaining any benefit from any browser hijackers that are infecting your PC. If you do suspect that a browser-redirecting Trojan or other type of PC threat is on your computer, reboot into Safe Mode and use a trustworthy anti-malware program to remove the browser hijacker. Avoiding a specific brand of web browser may avoid redirects to QuestBrowser.com but will not actually cure the underlying infection (which, as SpywareRemove.com malware experts note, should be considered a security risk).

Be cautious to avoid exposure to QuestBrowser.com through redirects both before and after this process since any visit to QuestBrowser.com can be a vector point for new PC threats to be introduced to your computer. You may also need to revert some types of web browser settings by manual methods to make sure that any potential source of contact with QuestBrowser.com is shut down. Clones of QuestBrowser.com that you should be equally-wary of include QueryScan.com, Crownhub.com, QueryExplorer.com, Papergap.com, BasicScan.com, ScanBasic.com, QuestDNS.com.com and Placelow.com.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%QuestBrowsertoolbarlog.txt File name: %AppData%QuestBrowsertoolbarlog.txt
Mime Type: unknown/txt
%AppData%QuestBrowsertoolbarcouponsmerchants2.xml File name: %AppData%QuestBrowsertoolbarcouponsmerchants2.xml
Mime Type: unknown/xml
%AppData%QuestBrowsertoolbarpreferences.dat File name: %AppData%QuestBrowsertoolbarpreferences.dat
File type: Data file
Mime Type: unknown/dat
%AppData%QuestBrowsertoolbarstat.log File name: %AppData%QuestBrowsertoolbarstat.log
Mime Type: unknown/log
%AppData%QuestBrowsertoolbarstats.dat File name: %AppData%QuestBrowsertoolbarstats.dat
File type: Data file
Mime Type: unknown/dat
%AppData%QuestBrowsertoolbardtx.ini File name: %AppData%QuestBrowsertoolbardtx.ini
Mime Type: unknown/ini
%AppData%QuestBrowsertoolbarguid.dat File name: %AppData%QuestBrowsertoolbarguid.dat
File type: Data file
Mime Type: unknown/dat
%AppData%QuestBrowsertoolbaruninstallIE.dat File name: %AppData%QuestBrowsertoolbaruninstallIE.dat
File type: Data file
Mime Type: unknown/dat
%AppData%QuestBrowsertoolbarcouponscategories.xml File name: %AppData%QuestBrowsertoolbarcouponscategories.xml
Mime Type: unknown/xml
%AppData%QuestBrowsertoolbarcouponsmerchants.xml File name: %AppData%QuestBrowsertoolbarcouponsmerchants.xml
Mime Type: unknown/xml
%AppData%QuestBrowsertoolbaruninstallStatIE.dat File name: %AppData%QuestBrowsertoolbaruninstallStatIE.dat
File type: Data file
Mime Type: unknown/dat
%AppData%QuestBrowsertoolbarversion.xml File name: %AppData%QuestBrowsertoolbarversion.xml
Mime Type: unknown/xml
%Temp%QuestBrowsertoolbar-manifest.xml File name: %Temp%QuestBrowsertoolbar-manifest.xml
Mime Type: unknown/xml

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "QuestBrowser Toolbar"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBarQuestBrowserdtx.dll"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "QuestBrowserIEHelper.UrlHelper"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID “QuestBrowserIEHelper.UrlHelper.1?HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuestBrowserIEHelper.DNSGuardCurVerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuestBrowserIEHelper.DNSGuard.1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet ExplorerToolbar "QuestBrowser Toolbar"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuestBrowserIEHelper.DNSGuardCLSIDHKEY_LOCAL_MACHINE\SOFTWARE\ClassesQuestBrowserIEHelper.DNSGuardHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "QuestBrowser QuestBrowser Toolbar"

3 Comments

  • Nam Sonderup says:
    January 15, 2012 at 3:51 pm

    I'm myself wondering if Tizen has any chance of becoming something else than a vaporware (oh, and Genivi too by the way). It looks like the industry doesn't learn.

  • Sylvia Deist says:
    February 18, 2012 at 1:41 pm

    I've tried to use the mirror download, not sure if i'm doing it right, but regardless the removal file keeps getting interrupted. You can send emails, as I will be checking them on an older uninfected computer. Not sure what to do, other than try again, may have to attempt to do it manually.

  • David says:
    April 11, 2012 at 9:52 am

    I hope this get rid of the unwanted windows that keep popping up. Thank you!!

Loading...