Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
IGetNet Browser Hijacker Information

Name: IGetNet
Category: Browser Hijacker
Advice: Remove
Risk: Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Description: IGetNet is a browser hijacker that is implemented as an Internet Explorer BHO. When you enter something into the address bar, IGetNet checks to see whether it includes keyword they have sold to one of their advertisers.

If so, it redirects you to that site; if not it forwards you to a search engine using an IGetNet affiliate code. searchresult.net, qcksearch.com (which is apps.webservicehost.com) and overture.com have been seen to be used.

The IGetNet process runs at Windows start-up (WinStart.exe or WinStart001.exe) which writes to the Hosts file. Once this modification has occurred, every time you try to contact MSN or Netscape's search sites you are re-routed though IGetNet's servers. The IGetNet server checks to see whether your search includes a keyword they have sold to one of their advertisers, and if so, redirects you to that site. If not they forward you to the real MSN or Netscape Search so you shouldn't notice the difference.

In addition, if IGetNet is running, and you enter auto.search.msn.com, search.netscape.com, or ieautosearch in the Address field, you will find yourself at http://www.igetnet.com

IGetNet version 4, which is the original variant, installs files 'BHO.DLL', 'rsp.dll' and 'Winstart.exe' into the 'System' folder in the Windows folder. 'Winstart.exe', run at start-up, writes entries to the Hosts file to redirect all access to MSN or Netscape search sites through to IGetNet's servers instead. (ignkeywords.com, rspsearch.com.)

IgetNet version 5 works the same as version 4, but the files are now called 'BHO001.DLL', 'rsp001.dll' and 'Winstart001.exe' and they use new class IDs internally. You can tell if you have v5 as new IE windows will show the text 'Enter Keyword or Web Address here' in the address bar.

IGetNet is bundled with P2P applications and software downloaded from 'Blue Haven Media'. Installed by vCatch KazBlock and FavoriteMan. May also be installed by ActiveX drive-by-download. IGetNet reportedly runs an affiliate program at plugusin4cash.com to get third parties to install the software.

Its browser hijacking violates the IGetNet privacy Plolicy (see http://www.igetnet.com/IGNPrivacyPolicy.asp for IGetNet's policy statement).

Modifies the "Hosts" file. Windows uses the Hosts file for domain name lookups. When a domain name is entered in the address field of a Web browser, by default, Windows first attempts to resolve the domain name by looking in this file.

IGetNet inserts the following lines in the Hosts file:

216.177.73.139 auto.search.msn.com
216.177.73.139 search.netscape.com
216.177.73.139 Ieautosearch

This action causes the browser to go to the IP address, 216.177.73.139, when any of the following domain names are entered:

auto.search.msn.com
search.netscape.com
Ieautosearch

The IP address, 216.177.73.139, belongs to the server for www.igetnet.com. When a search is entered here, IGetNet.com checks whether the keyword has been paid for. If so, the browser will be redirected to the advertiser that paid for the keyword. If such a keyword was not entered, the browser will be redirected to the search page to which it initially tried to go.
Signatures: process: nlnp13.exe: MD5 Hash: 5ea7432d0670f7e3ca9... process: nlnupgradev4_6p28.exe: MD5 Hash: 910682e8f18775e9567... process: winstart.exe: MD5 Hash: bed3bb6820db6ca111e... process: winstart001.exe: MD5 Hash: e12960e1ab263bbe1d3... process: nlnp41.exe: MD5 Hash: ... process: nlnp38.exe: MD5 Hash: ... process: nlnp29.exe: MD5 Hash: ... process: winstart001.exe: MD5 Hash: ... process: Winstart.exe: MD5 Hash: ... process: winstart001.exe: MD5 Hash: ... process: nlnp29.exe: MD5 Hash: ... process: nlnp0w.exe: MD5 Hash: 9a90bd9956f3cd09fb1... process: winstart.exe: MD5 Hash: ec1dc41329c12c45459..
Type: Browser Hijacker - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.



Top Browser Hijacker Visited Pages:
SuperSpider - Alias: Network Security Guard, Melcosoft - 328 visits
Spyass.com - 68 visits
Tubby - Alias: MakeMeSearch, CoolWebSearch.Tubby, Spyware.Arau, Trojan.Win32.StartPage.ih, Trojan.StartPage-FJ - 55 visits
CrackSpider - Alias: Troj/Favadd-D - 51 visits
CoolWebSearch - Alias: CWS, Cool Web Serach, CoolWwwSearch - 50 visits
SecurityToolbar.DesktopScam - 46 visits
Paytime - 41 visits
Trojan.StartPage - Alias: SearchCentral - 37 visits
Search3 Hijacker - 31 visits
SBSoft - 31 visits

Random Browser Hijacker Pages:
Tubby.MakeMeSearch
InstaFinder - Alias: Vista
2nd Thought
MetaDirect
SearchV
HTML Lier
GreatSearch
IESearchToolbar
Tro.FeelMedia.windows.dat
IETray


 

© 2006-2008 spyware32.com - Privacy Policy