home

www.removepcrisk.com

YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service)

Domain Information

The domain www.removepcrisk.com registered by YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service) was initially registered in February of 2014 through HICHINA ZHICHENG TECHNOLOGY LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Washington, District of Columbia within the United States which resides on the SoftLayer Technologies Inc. network.
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
District of Columbia, United States (US)

Create date:
Tuesday, February 18, 2014

Expires date:
Monday, February 18, 2019

Updated date:
Monday, February 1, 2016

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
removepcrisk.com

Whois:
2 removepcrisk.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Bkav FE
W32.HfsAdware
100.00%

Malwarebytes
FraudTool.YAC, PUP.Optional.ELEX
100.00%

ESET NOD32
Win32/ELEX.GB potentially unwanted (variant), Win32/ELEX.CC potentially unwanted (variant)
100.00%

Dr.Web
Adware.Mutabaha.790, Adware.Mutabaha.174
100.00%

Fortinet FortiGate
Riskware/Elex
100.00%

Reason Heuristics
Win32.Generic.ELEX.Installer.Meta
100.00%

SUPERAntiSpyware
PUP.Elex/Variant
50.00%

G Data
Win32.Application.Elex
50.00%

McAfee
Artemis!E497222C8947
50.00%

Trend Micro House Call
Suspicious_GEN.F47V0330
50.00%

avast!
Win32:Adware-gen [Adw]
50.00%

AhnLab V3 Security
PUP/Win32.Generic
50.00%

K7 AntiVirus
Trojan
50.00%

Agnitum Outpost
Riskware.Agent
50.00%

Avira AntiVirus
APPL/Elex.jjsd
50.00%

The domain www.removepcrisk.com has been seen to resolve to the following IP address.

50.22.206.235
eb.ce.1632.ip4.static.sl-reverse.com
December 7, 2015

File downloads found at URLs served by www.removepcrisk.com.

13 / 68    (PUP)
http://www.removepcrisk.com/.../18144  (yet_another_cleaner_sk_0.exe)

13 / 68    (PUP)
http://www.removepcrisk.com/.../27641  (yet_another_cleaner_sk_0.exe)

13 / 68    (PUP)
http://www.removepcrisk.com/.../13915  (yet_another_cleaner_sk_0.exe)

13 / 68    (PUP)
http://www.removepcrisk.com/.../11688  (yet_another_cleaner_sk_0.exe)

8 / 68      (PUP)
http://www.removepcrisk.com/.../17146  (yet_another_cleaner_sk_1805369.exe)

8 / 68      (PUP)
http://www.removepcrisk.com/.../11688  (yet_another_cleaner_sk_1805369.exe)

The following 3 files have been seen to comunicate with www.removepcrisk.com in live environments.

TCP » 50.22.206.235:80
iSafeSvc.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

TCP » 50.22.206.235:80
online-guardian-v2.0.9.exe

TCP » 50.22.206.235:80
iSafeSvc2.exe (YAC Security Protection by Elex do Brasil Participaçõesa)

URL:
http://www.removepcrisk.com/

Google Analytics:
UA-48520822

Title:
“RemovePcRisk.com - Fix PC Problems!”

Description:
“Need help to remove a browser hijacker, toolbar, pop-up ads or any other threats? See our resolutions here!”

Web server:
ngx_openresty (ThinkPHP)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.