home

www.shortcutremover.com

HANG XUESONG

Domain Information

The domain www.shortcutremover.com registered by HANG XUESONG was initially registered in August of 2013 through ENOM, INC.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dallas, Texas within the United States which resides on the Linode network.
Registrar:
ENOM, INC.

Server location:
Texas, United States (US)

Create date:
Thursday, August 22, 2013

Expires date:
Saturday, August 22, 2015

Updated date:
Monday, August 11, 2014

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
shortcutremover.com

Whois:
2 shortcutremover.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer.T, PUP.Optional.TechEvolveGMBH.T, Win32.Generic
100.00%

VIPRE Antivirus
Threat.4786018, InstallCore
75.00%

Norman
InstallCore.CERT
75.00%

ESET NOD32
Win32/OpenCandy (variant), Win32/InstallCore.RD (variant), Win32/InstallCore.VO (variant), Win32/InstallCore.WC (variant)
62.50%

Dr.Web
Trojan.InstallCore.11
62.50%

K7 AntiVirus
Unwanted-Program
62.50%

Avira AntiVirus
ADWARE/InstallCore.Gen9, ADWARE/InstallCore.Gen7
62.50%

Baidu Antivirus
Adware.Win32.InstallCore
62.50%

Malwarebytes
PUP.Optional.Amonetize
25.00%

NANO AntiVirus
Riskware.Win32.InstallCore.djeejm, Riskware.Win32.InstallCore.dlayso
25.00%

F-Prot
W32/InstallCore.AC.gen
12.50%

ESET NOD32
Win32/InstallCore.QC potentially unwanted application
12.50%

McAfee
Artemis!4C071168F887
12.50%

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
12.50%

The domain www.shortcutremover.com has been seen to resolve to the following 2 IP addresses.

45.56.68.213
li918-213.members.linode.com
May 16, 2016

173.230.156.221
li166-221.members.linode.com
August 19, 2014

File downloads found at URLs served by www.shortcutremover.com.

1 / 68      (PUP)
http://www.shortcutremover.com/FreeShortcutRemover.exe  (362a67b9ff317418de190c7489af0878)

9 / 68      (PUP)
http://www.shortcutremover.com/FreeShortcutRemover.exe  (f9dcf701f355228f41f629d1eb1c0314)

7 / 68      (PUP)
http://www.shortcutremover.com/FreeShortcutRemover.exe  (4c071168f8875479fc4342c2d70afa4e)

9 / 68      (PUP)
http://www.shortcutremover.com/FreeShortcutRemover.exe  (14367ff8b309ca22f03e4c98e0d12fae)

7 / 68      (PUP)
http://www.shortcutremover.com/FreeShortcutRemover.exe  (bd1b3153acb2232ce96a1e11746e20a1)

9 / 68      (PUP)
http://www.shortcutremover.com/FreeShortcutRemover.exe  (f0c5a126729ec82f6ae0f4e0d3fc6025)

9 / 68      (PUP)
http://www.shortcutremover.com/FreeShortcutRemover.exe  (4ef0d558a0404e52a7a22b74e32c4023)

2 / 68      (PUP)
http://www.shortcutremover.com/FreeShortcutRemover.exe  (6cc511c98c44aa464771dc1bdfe6131b)

The following 19 files have been seen to comunicate with www.shortcutremover.com in live environments.

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
goup.exe

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 45.56.68.213:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
freeocrtoword.exe (Software by FreeAudioVideo)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
freedriverbackup.exe (Internet Web by Installer)

TCP » 45.56.68.213:80
freeshortcutremover.exe

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 45.56.68.213:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

URL:
http://www.shortcutremover.com/

Google Analytics:
UA-43979321

Title:
“Free Shortcut Remover - Free Shortcut Fixer Software - Free Shortcut Cleaner Software - Scan & Remove Broken Shortcuts”

Description:
“Free Shortcut Remover helps scan/filter all invalid or useless shortcuts and remove them to improve your & keep your desktop in order.”

Web server:
Apache/2.2.3 (CentOS)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.