www5.antimalware-lab.com
The term xxx5.antimalware-lab.com (xxx replaces www and makes it non-clickable) is used both for a website that distributes rogue security software and to identify a web browser hijacker that forces your browser to visit this website. Since the supposedly famous Anti-Malware Lab is just another clone of rogue security programs like Best Malware Protection, you should try to avoid xxx5.antimalware-lab.com and the scamware that xxx5.antimalware-lab.com peddles. A xxx5.antimalware-lab.com hijacker infection is capable of change your homepage, monitor your online activities, redirect you after you try to navigate to an URL or click a link, change your search results and slam down warning error screens to block safe websites. Hijackers that are affiliated with xxx5.antimalware-lab.com have no uninstallation utilities; our team recommends using suitable PC threat-removal application to solve your xxx5.antimalware-lab.com problems.
Getting to Know a Browser-Bullying Proponent of Rogue Software Clones
The xxx5.antimalware-lab.com website has the appearance and some of the basic services of a real software company's website, but this sleek veneer hides a dark past. The xxx5.antimalware-lab.com flagship product, Anti-Malware Lab, is a copy of other rogue programs that are well-known to our security research team – some examples of Anti-Malware Lab's kindred include Personal Internet Security 2011, PC Security Guardian, Personal Shield Pro Version 2.20 and Personal Shield Pro.
The foremost thought in xxx5.antimalware-lab.com's criminal mind is to make you buy Anti-Malware Lab, a rogue program that has no anti-malware functions and no good reason to be on your computer. What Anti-Malware Lab can do, however, is fake these functions by creating false positive alerts. The following short list is a sample of some of the fake alerts that our team of SpywareRemove.com researchers has dug up:
Warning
Warning! Virus detected
Warning! Identity theft attempt detected
Hidden connection IP: 128.154.26.11
Target: Microsoft Corporation keys
System alert
[rogue security program] has detected potentially harmful software in your system. It is strongly recommended that you register PC Security Guardian to remove all found threats immediately.
System warning
No real-time malware, spyware and virus protection was found. Click here to activate.
ERROR MESSAGE:
Warning
Warning! Virus detected
Threat Detected: Trojan-Spy.HTML.Sunfraud.a
This malware family of rogue applications has also been known to cause problems with using security-related applications and may also hijack your browser, with symptoms explained further below.
Is xxx5.antimalware-lab.com Dominating Your Browser?
Browser hijacks that lead you to websites like xxx5.antimalware-lab.com are often a sign of your PC already being infected with a rogue program, or by a related Trojan like Zlob or Fake Microsoft Security Essentials Alert. You can detect a browser hijacker by the following signs:
- Homepage settings that are changed without your consent and redirect you to xxx5.antimalware-lab.com or a similar website, especially if the settings refuse to change back to previous values.
- Suffering from pop-ups or advertisement-based audio files that trigger at random intervals.
- Being redirected to xxx5.antimalware-lab.com while you're in the middle of browsing unrelated websites. This can include redirecting you after you type an URL, after you click a link or after you browser a popular search engine's search results.
- Strange links that appear where they shouldn't be such as on error pages or other text content that normally doesn't have links. These xxx5.antimalware-lab.com links are often, but not always, attached to specific keywords to make them look like legitimate affiliate content.
Call your credit card company and cancel your credit card if you've used it to purchase any scamware from xxx5.antimalware-lab.com or a related website. The most convenient method of deleting xxx5.antimalware-lab.com infections is to use an appropriate anti-malware program, since xxx5.antimalware-lab.com hijackers and rogue programs will make Registry changes and other deep system alterations that should be undone.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\ 2 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dll 3 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe 4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].mof 5 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].ocx 6 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]\ 7 %UserProfile%\Application Data\Anti-Malware Lab\ 8 %UserProfile%\Application Data\Anti-Malware Lab\cookies.sqlite 9 %UserProfile%\Application Data\Anti-Malware Lab\Instructions.ini
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Anti-Malware Lab"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.