How to remove hijacker

Malware Description: is a scan site that returns no true results. is affiliated with the new rogue anti-spyware product known as Security Antivirus that refers to Virus Doctor malware family. If you are experiencing annoying redirects of your browser to a web page that looks just like the snapshot below, it denotes the fact that you are dealing with trojan horses that distribute Security Antivirus fraud tool. Those trojans tend to easily compromise your OS and change some proxy settings, Windows Hosts file or the web browser configuration. As a result, when you try to open up your Internet Explorer to surf the Internet, will appear to be the website that replaced your default homepage. can as well pop up in the middle of your web session just because you clicked something that you shouldn’t have. is pretty aggressive; it minimizes the browser window in no time and displays an ad at the beginning stating that your computer has security issues to be taken care of. will then get down to deploying its direct mission, i.e. scanning your PC. The scan is not real though, and returns results with are deliberately fabricated to look as scary as possibly. reports Trojan-Downloader.Win32.Small.fxf, Adware.Win32.Look2me.ab, Trojan Horse IRC/Backdoor.Sdbut4.FRV and some other infections and claims you actually have them all on your PC. It’s interesting that always tells people it detected 6 viruses in your Shared Documents and 10 viruses on your Hard Drive, regardless of the PC it runs on. This means is just an animation that aims to make you download, buy and install Security Antivirus scamware. Do not trust; just remove the trojans this hijacker is all about.

Malware Type: Browser Hijackers

Malware Author: Unknown

Threat Level: High

Advice: Immediately remove Hijacker Free Scanner and Remover: Download Now Bogus Scanner Screenshot:

How to remove hijacker and affiliated threats manually:
Manual removal of hijacker is a feasible objective if you have sufficient expertise in dealing with program files, processes, .dll files and registry entries.

The files to be deleted are listed below:

  • %Documents and Settings%\All Users\Application Data\345d567\
  • %Documents and Settings%\All Users\Application Data\345d567\72.mof
  • %Documents and Settings%\All Users\Application Data\345d567\mozcrt19.dll
  • %Documents and Settings%\All Users\Application Data\345d567\SA345d.exe
  • %Documents and Settings%\All Users\Application Data\345d567\SAV.ico
  • %Documents and Settings%\All Users\Application Data\345d567\sqlite3.dll
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Speed Launch.lnk
  • %Documents and Settings%\All Users\Application Data\345d567\BackUp\Adobe Reader Synchronizer.lnk
  • %Documents and Settings%\All Users\Application Data\345d567\Quarantine Items\
  • %Documents and Settings%\All Users\Application Data\345d567\SAVSys\
  • %Documents and Settings%\All Users\Application Data\345d567\SAVSys\
  • %Documents and Settings%\All Users\Application Data\SADFIOPODIV\SAAKDUPV.cfg
  • %Documents and Settings%\[UserName]\Application Data\Security Antivirus
  • %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Application Data\Security Antivirus\cookies.sqlite
  • %Documents and Settings%\[UserName]\Desktop\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Recent\ANTIGEN.drv
  • %Documents and Settings%\[UserName]\Recent\ANTIGEN.exe
  • %Documents and Settings%\[UserName]\Recent\cid.dll
  • %Documents and Settings%\[UserName]\Recent\CLSV.drv
  • %Documents and Settings%\[UserName]\Recent\DBOLE.sys
  • %Documents and Settings%\[UserName]\Recent\ddv.dll
  • %Documents and Settings%\[UserName]\Recent\ddv.sys
  • %Documents and Settings%\[UserName]\Recent\energy.tmp
  • %Documents and Settings%\[UserName]\Recent\FS.drv
  • %Documents and Settings%\[UserName]\Recent\gid.drv
  • %Documents and Settings%\[UserName]\Recent\PE.drv
  • %Documents and Settings%\[UserName]\Recent\PE.exe
  • %Documents and Settings%\[UserName]\Recent\PE.sys
  • %Documents and Settings%\[UserName]\Recent\PE.tmp
  • %Documents and Settings%\[UserName]\Recent\runddlkey.dll
  • %Documents and Settings%\[UserName]\Recent\std.exe
  • %Documents and Settings%\[UserName]\Recent\tjd.drv
  • %Documents and Settings%\[UserName]\Recent\tjd.sys
  • %Documents and Settings%\[UserName]\Start Menu\Security Antivirus.lnk
  • %Documents and Settings%\[UserName]\Start Menu\Programs\Security Antivirus.lnk
  • %Program Files%\Mozilla Firefox\searchplugins\search.xml

The registry entries that need to be removed are as follows:

  • HKEY_CURRENT_USER\Software\3
  • HKEY_CLASSES_ROOT\SA345d.DocHostUIHandler
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “{searchTerms}”
  • HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “{searchTerms}”
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer “PRS” =””
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “App/7.00195″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Antivirus”

Please, be aware that manual removal of hijacker is a cumbersome process and does not always ensure complete deletion of the malware, due to the fact that some files might be hidden or may get reanimated automatically afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of hijacker, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

Download Hijacker Automatic Remover

Like This Article? Let Others Know!

Post a Comment: