Although the program called Win 7 Antispyware 2012 (Win7 Antispyware 2012) went live literally the other day, it has somehow managed to acquire terrible reputation since. This is a malicious application with a very peculiar set of features. First of all, this one represents the so-called multirogue family. This means there exists one single malcode which determines the Operating System it got into. Therefore, be it Windows XP, this sample gets the shape of XP Antivirus 2012. In case your OS is Windows 7, it’s going to be Win 7 Antispyware 2012 etc. Badware watchers have known this syndicate since about a year ago, so it’s not something totally new to the antimalware community. When the installer for this unsafe software lands onto your computer from the Internet (this is usually a trojan from the start), it begins affecting your PC in the following way: a scanner appears right away or after the next reboot. This scan, along with some attendant pop-ups, bears no value in terms of genuine cybersecurity information. The results returned in the end of the pseudo virus checking process will definitely contain a lot of items such as trojan horses, spyware, adware, malign browser helper objects and similar threats. Then, the program will ask you for a license payment, which is supposed to unlock all the features and help you get rid of those supposed infections. Do not believe a single ad or scan report displayed by Win 7 Antispyware 2012. It’s obvious what should be done about this piece of nasty software: it must be removed at once.

At first sight, Searchput.net (Www.searchput.net) seems to be a regular site representing the so-called MFA (Made For Adsence) page, with nothing dangerous in it. Although these kind of sites have been getting penalized by the recent Google updates, that doesn’t make them malicious. But in this case, there’s more than just ads. Searchput.net is known to be associated with the Google Redirect Virus that navigates users to unwanted pages stuffed up with advertisements. This rerouting is implemented from the SERPs, or Search Engine Results Pages. It means if you have this rootkit infection on board, it will automatically assign a certain predetermined URL value to each item on the search results list. As an outcome, your browsing will become handicapped because finding stuff online will no longer make sense – each time you will be hitting Searchput.net instead of the right domain. As is obvious from the screenshot we made, the web page in question contains ads – lots of them. In today’s commercialized cyberworld, advertising means profit, which is exactly what the scammers are counting on. Do not help them get rich. Eliminate the little virus from your machine now, and hence stop visiting Searchput.net for no reason.

Cloud AV 2012 is a new counterfeit utility at large. As a matter of fact, the now popular trend of cloud computing is concentrated on providing service as compared to supplying a product. Unfortunately, the popularity of this tendency has become an object of manipulation by criminals who strive to take advantage of pretending to supply users with up-to-date technology. No matter how modern it may sound and look, the insides of Cloud AV 2012 are just a set of the same old tricks. Its fake detection reports and bogus system cleaning ability claims have no actual capacity behind them. By means of using trojans to get into your PC, this program gets the advantage of unexpectedness. It starts off with a scan that sort of checks your machine for viruses and other malware. The scanner always comes up with some scary list of results which displays objects that may potentially damage your computer and compromise your privacy. It says you have multiple trojan horses, adware etc. on your workstation. Normally, this would mean you have to eliminate those. But considering that Cloud AV 2012 detects imaginary infections, the latter obligation makes no sense. The only thing that does make sense is to remove this phony program from your computer system.

The road of Swelldavinciserver.com hijack leads into nowhere. This is an annoying rather than a nasty virus that does not aim at damaging one’s computer. Instead, it influences the way you surf the web, redirecting your searches to unexpected pages such as the one whose snapshot is attached to this post (Xa.com). This targeted domain is just a doorway stuffed with ads. The more unsuspecting users click these advertisements, the more revenue the hackers gain. That’s the core of this entire scheme. Why does your browser act this way, rerouting you to Swelldavinciserver.com and associated web pages? There’s a virus laying at the basement of this fraud. There exist several variations of it, e.g. ZeroAccess Rootkit (or ZAccess), Win32/Sirefef trojan etc., one of the listed being the most probable cause of your current problems. This infection was made to replace links in the Search Engine Results Pages with others that are unrelated to the query you were making. As you figured for sure, the substitute is Swelldavinciserver.com – a malicious redirect malware that appears to propagate more actively than most rogue security clients. Having issues with this hijacker? Do yourself a favor and get it off your machine now.

Immensedavinciserver.com is a new search redirecting malware. This URL is an intermediary between innocent Internet users and computer criminals. Puzzled how come? Intrigued? If so, let’s continue this analysis. There has been a nasty virus in the wild for many months. Most IT specialists tend to call it the Google Redirect Virus, although there are other search engines involved. The scheme is simple and complex at the same time. At the first stage, hackers integrate a rootkit into one’s computer system. This type of infection is hard to detect and eliminate, especially the manual way as it can hide from the user under different system locations. This pest changes your HOSTS file, to be more specific it adds some additional values in there. Additionally, it affects some other Internet settings on the contaminated PC. This leads to uncontrollable behaviour of your browser when a random search engine is being used. Every link in the search results will be diverting you to Immensedavinciserver.com or some affiliated ad-laden pages, one of which is Xa.com (see screenshot). The benefit for fraudsters is obvious: they try to drag you into an illicit pay-per-click campaign against your desire. Until and unless you get rid of this parasite, this activity will proceed and persevere. Not only is this post meant to describe this piece of malcode. It also aims to help the infected users lose this bug and fix the entire issue altogether.

After the influx of numerous hijackers last couple of months and their evanescence, there appears to be a new trend at large. The previous ones had the following URL structure: {random adjective}searchsystem.com (e.g. Wickedsearchsystem.com). The latest manifestation has been modified by cybercriminals and looks like this: Somedavinciserver.com. Just like the former pattern, this campaign is about redirecting one’s search results to unwanted domains due to the prankish activity of a virus on the targeted PC. There are some differences though. Hijackers like Somedavinciserver.com do not simply divert you to this particular web page from the SERPs. They are an intermediary between your search and the page at Xa.com. The latter one is a site loaded with multiple ads, as you can tell by the attached screenshot of it. So apparently this whole scheme represents a complex pay-per-click strategy which enables hackers to convert traffic into something tangible (money of course). Therefore, if you keep ending up on Somedavinciserver.com, Xa.com or similar sites without and against your actual wish, there is virus removal that needs to be done. The infection causing this sort of havoc is called Sirefef trojan or ZeroAccess rootkit. In either case, your cyber life is at risk, so it’s strongly recommended you get your computer cleaned up with a reliable tool – that’s what the instruction below is about.

Noblesearchsystem.com is a fake web search landing page based on a uniform template. The exact same site design is being used by numerous other domains. Apart from the looks, there is another thing in common there. It’s the affiliation with the Google Redirect Virus which is a malicious entity used by hackers to drive unnatural traffic to their own pages. The more hits to Noblesearchsystem.com and similar hijackers, the more money the crooks can earn by monetizing users’ clicks. Basically, the fact of repeatedly visiting this rogue search engine means there is a badware component on your PC. It is most likely hidden and it exhibits itself via browser redirecting only. For example, when you get the list of search results on Google or other service of this kind, these valid links divert you to Noblesearchsystem.com which is definitely not what you were looking for. Consequently, when a problem of this kind occurs, it’s necessary to see if your PC has the ZeroAccess Rootkit infection on board. That’s the one triggering the odd browser work outlined above. Anyway, you need to just calm down because this parasite is not that hard to get rid of. The following instruction will shed some light on the cleaning process.