Home Malware Programs Browser Hijackers Specialreply.com

Specialreply.com

Posted: February 28, 2012

Specialreply.com claims to be a viable starting point for online searches, but Specialreply.com to be anything but a useful search engine. Websites that are offered by Specialreply.com will always contain advertisement-related or affiliate content that allows Specialreply.com's web masters to gain profit from your traffic, and you should look elsewhere to find legitimate search results that take your web-browsing safety into consideration. Additionally, while your chances of finding Specialreply.com by yourself aren't very high, browser hijackers have been known to perform redirect attacks that force your browser to load Specialreply.com or similar types of fake search engines. If these symptoms appear on your web browser, dutiful application of your choice in anti-malware software should be able to remove the Specialreply.com-promoting browser hijacker while undoing any unwanted system changes that may have occurred.

Specialreply.com – a 'Special' Site in the Worst Possible Way

An initial look at Specialreply.com might lead you into thinking that Specialreply.com could be a viable alternative to legitimate search engines. However, what that first glance will not tell you is that Specialreply.com doesn't have actual search-related functions; links from Specialreply.com will always include spam, advertisements and affiliate sites which are created to make money for Specialreply.com. Although a quick visit to Specialreply.com may not harm your PC, it's inadvisable to make prolonged attempts to use Specialreply.com like the search site that Specialreply.com definitely isn't.

SpywareRemove.com malware researchers have noted that similar hoaxes are perpetrated by Specialreply.com's identical brethren, cloned sites that also use Specialreply.com's green Earth and gray background template. Such kind of sites incorporate but may not be limited to Placelow.com, Crownhub.com, Hitpush.com, QueryScan.com, QueryExplorer.com, Papergap.com, Resultoffer.com, Yokeline.com, QuestDNS.com and ScanBasic.com. PC threats that promote Specialreply.com (such as browser hijackers, as noted below) may also promote related sites like the ones listed here.

The Appropriate Response to Specialreply.com Redirects

Specialreply.com and related sites wouldn't be worth much notice to the PC security community if it weren't for their promotion by web browser hijackers. Browser hijacks for Specialreply.com usually take the form of a Google Redirect Virus, although redirects may also strike from other sites (or even randomly). Redirects to Specialreply.com shouldn't be solved with the deletion of your web browser or changes to its settings, since SpywareRemove.com malware experts have determined that they're caused by changes to basic Windows settings.

Since Specialreply.com-affiliated browser hijackers will make changes to your Registry settings and may include other types of malicious software or functions, SpywareRemove.com malware research team recommends that you remove them with the best anti-malware software that's available for your use. If it's not already updated, you should also consider updating your software's threat database, since Specialreply.com redirects are relatively recent occurrences.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%[trojan name]toolbaruninstallIE.dat File name: %AppData%[trojan name]toolbaruninstallIE.dat
File type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbaruninstallStatIE.dat File name: %AppData%[trojan name]toolbaruninstallStatIE.dat
File type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbarversion.xml File name: %AppData%[trojan name]toolbarversion.xml
Mime Type: unknown/xml
%AppData%[trojan name]toolbardtx.ini File name: %AppData%[trojan name]toolbardtx.ini
Mime Type: unknown/ini
%AppData%[trojan name]toolbarguid.dat File name: %AppData%[trojan name]toolbarguid.dat
File type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbarlog.txt File name: %AppData%[trojan name]toolbarlog.txt
Mime Type: unknown/txt
%AppData%[trojan name]toolbarcouponscategories.xml File name: %AppData%[trojan name]toolbarcouponscategories.xml
Mime Type: unknown/xml
%AppData%[trojan name]toolbarcouponsmerchants.xml File name: %AppData%[trojan name]toolbarcouponsmerchants.xml
Mime Type: unknown/xml
%AppData%[trojan name]toolbarcouponsmerchants2.xml File name: %AppData%[trojan name]toolbarcouponsmerchants2.xml
Mime Type: unknown/xml
%AppData%[trojan name]toolbarpreferences.dat File name: %AppData%[trojan name]toolbarpreferences.dat
File type: Data file
Mime Type: unknown/dat
%AppData%[trojan name]toolbarstat.log File name: %AppData%[trojan name]toolbarstat.log
Mime Type: unknown/log
%AppData%[trojan name]toolbarstats.dat File name: %AppData%[trojan name]toolbarstats.dat
File type: Data file
Mime Type: unknown/dat
%Temp%[trojan name]toolbar-manifest.xml File name: %Temp%[trojan name]toolbar-manifest.xml
Mime Type: unknown/xml

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[trojan name]IEHelper.DNSGuardHKEY_LOCAL_MACHINE\SOFTWARE\Classes\[trojan name]IEHelper.DNSGuard.1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "[trojan name] Toolbar"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "[trojan name]IEHelper.UrlHelper.1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBar[trojan name]dtx.dll"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "[trojan name]IEHelper.UrlHelper"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[trojan name]IEHelper.DNSGuardCurVerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\[trojan name]IEHelper.DNSGuardCLSID
Loading...