Home Malware Programs Browser Hijackers Vosteran.com

Vosteran.com

Posted: October 13, 2014

Vosteran.com is a generic search engine site that many computer security researchers have ousted as a browser hijacker. The Vosteran.com page itself is not really harmful to a computer but through its search results, which are sent through a customized yahoo search, may end up causing various unwanted site redirects when clicked on. The Vosteran.com search results may have several sponsored links or advertisement links that end up gaining money for the creators of Vosteran.com. In some situations the Vosteran.com page will automatically load as a default home page, making the computer user take extra actions to reverse the effect of this situation. In some cases the Vosteran.com page loading automatically may be stopped by use of an antispyware tool where it will find all associated plugins or add-on components of Vosteran.com and remove them.

The Vosteran.com page may appear much like a generic search engine to most computer users. Use of its services may not harm your system but it could end up redirecting you to other pages acting as an annoying pest with the constant re-loads and redirects. The agenda behind Vosteran.com and its creators is to ultimatly gain money through clicks that computer users provide on the page and its advertisements or sponsored links. Most of the campaigns utilized are CPM or CPC, which are pay per click or impression ads. The clever tactics of Vosteran.com loading on your system may be part of an issue when trusting bundled software or other files downloaded from the internet or a suspeicious source on the internet. In most cases there are several plugins or add-ons that can be easily removed to eliminate the activities of Vosteran.com loading as a defualt home page.

The browser hijacking caused through Vosteran.com may overtake other web browser applicaitons causing them to load up the Vosteran.com site upon opening a new browser window. In this case, the quick removal of Vosteran.com's plugins or associated add-ons is essential to stop it in its tracks.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Allusersprofile%\Microsoft\Windows\Start Menu\Programs\Startup\Vosteran Search.lnk File name: %Allusersprofile%\Microsoft\Windows\Start Menu\Programs\Startup\Vosteran Search.lnk
File type: Shortcut
Mime Type: unknown/lnk
%LocalAppdata%\Vosteran Search\uninstall\Vosteran Search.lnk File name: %LocalAppdata%\Vosteran Search\uninstall\Vosteran Search.lnk
File type: Shortcut
Mime Type: unknown/lnk
%Programfiles%\Vosteran Search File name: %Programfiles%\Vosteran Search
%Allusersprofile%\[Vosteran Search] File name: %Allusersprofile%\[Vosteran Search]
C:\Users\<username>\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat File name: C:\Users\<username>\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat
Size: 16.37 KB (16378 bytes)
MD5: 9ada22373d38f902a574dfefd4bd2df9
File type: Data file
Mime Type: unknown/dat
C:\Users\<username>\AppData\Roaming\WSE_Vosteran\UpdateProc\config.dat File name: C:\Users\<username>\AppData\Roaming\WSE_Vosteran\UpdateProc\config.dat
Size: 92B (92 bytes)
MD5: 20c603a2ade796477d1836f0bfc642f4
File type: Data file
Mime Type: unknown/dat
C:\Users\<username>\AppData\Roaming\WSE_Vosteran\UpdateProc\info.dat File name: C:\Users\<username>\AppData\Roaming\WSE_Vosteran\UpdateProc\info.dat
Size: 56B (56 bytes)
MD5: 617e52ab0d60b06660b248d63c677be9
File type: Data file
Mime Type: unknown/dat
C:\Users\<username>\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe File name: C:\Users\<username>\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe
Size: 457.72 KB (457728 bytes)
MD5: 56989f64bf74bacbc7271dbfe8d368c8
File type: Executable File
Mime Type: unknown/exe
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf
Mime Type: unknown/rdf
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png
Mime Type: unknown/png
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png
Mime Type: unknown/png
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm
Mime Type: unknown/jsm
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm
Mime Type: unknown/jsm
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm
Mime Type: unknown/jsm
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest
Mime Type: unknown/manifest
C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js File name: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\36iwse76.default\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js
File type: JavaScript file
Mime Type: unknown/js
C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_metadata\verified_contents.json File name: C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_metadata\verified_contents.json
Mime Type: unknown/json
C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\ File name: C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\
Mime Type: unknown/9_0\_locales\
C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\ru\ File name: C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\ru\
Mime Type: unknown/9_0\_locales\ru\
C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\tr\ File name: C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\_locales\tr\
Mime Type: unknown/9_0\_locales\tr\

3 Comments

  • gluck says:
    December 2, 2014 at 3:51 pm

    Is this is so bad, won't McAfee get it and keep it off

  • Mj says:
    February 3, 2015 at 1:26 am

    It's simple. Do a system search on all files containing Vosteran. Delete the ones you can, and the ones it prevents you from deleting? Rename them. Example: blahblah.exe becomes blahblah.exw (this keeps the files from working)

  • Zee says:
    February 12, 2015 at 12:38 pm

    how can I get my photo's JPG's back?

Loading...