Home Malware Programs Browser Hijackers Papergap.com

Papergap.com

Posted: December 13, 2011

Papergap.com Screenshot 1Papergap.com is a clone of identical websites that offer fraudulent search engines in exchange for your traffic to affiliate sites. Since Papergap.com, like its clones, has no interest in handing over genuine search results that will not make Papergap.com a profit, there's no advantage to using Papergap.com, and Papergap.com may even direct you to malicious sites. SpywareRemove.com malware researchers are also displeased to note that Papergap.com is linked to the propagation of browser hijackers that can redirect you to Papergap.com even if you're trying to visit a completely-different website. If your browser comes into contact with Papergap.com, and especially if you see symptoms of potential redirect attacks for Papergap.com, your PC may be infected, and you should enact an immediate system scan with a competent anti-malware application.

The Critical Gap in Papergap.com's Search Engine Marketing

Papergap.com looks like a search engine, but a quick glance at its interface will reveal that Papergap.com also looks identical to related websites with equally-malicious intentions such as Crownhub.com, QueryScan.com, QuestDNS.com and QueryExplorer.com. With a simple screen that offers a search bar, a globe logo and nothing else of interest, Papergap.com tries hard to appear like a useful search engine, but its actual features aren't related to online searches in any way, shape or form. SpywareRemove.com malware research team notes that links from Papergap.com and even Papergap.com itself can result in contact with:

  • Drive-by-download scripts that install PC threats invisibly and without permission. This can include (but isn't limited to) dropper Trojans, worms, spyware and rogue anti-malware products.
  • Phishing attacks that attempt to steal personal information by persuading you to enter it into a misleading website (such as a fake entry form for a survey or contest).
  • Fake system scanners and other forms of simulated alerts that provide inaccurate information about PC threats on your computer.

Protecting Your Web Browser from Papergap.com Redirects

Although Papergap.com may also be involved a wide range of other attacks against your PC, Papergap.com is particularly-notorious for its links to browser hijackers that redirect web browsers to Papergap.com and affiliate sites without consent. Papergap.com-affiliated browser hijackers may also block your ability to change your web browser's settings, stop you from visiting PC security sites, change your search results or add links to unrelated content. You should never attempt to uninstall your web browser to stop these attacks, since browser redirect attacks for Papergap.com can function in most types of web browsers.

SpywareRemove.com security researchers advise that you remove any Papergap.com-related PC threats by switching to Safe Mode (which is accessible via F8 during a reboot) and scanning your entire computer with a trustworthy anti-malware program. Since Papergap.com is a fairly-new variant of its old scam, you may need to install the latest threat database updates so that your scanner can detect and remove all components of Papergap.com's browser hijacker.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%Papergaptoolbarcouponsmerchants2.xml File name: %AppData%Papergaptoolbarcouponsmerchants2.xml
Mime Type: unknown/xml
%AppData%Papergaptoolbardtx.ini File name: %AppData%Papergaptoolbardtx.ini
Mime Type: unknown/ini
%AppData%Papergaptoolbarguid.dat File name: %AppData%Papergaptoolbarguid.dat
File type: Data file
Mime Type: unknown/dat
%AppData%Papergaptoolbarcouponscategories.xml File name: %AppData%Papergaptoolbarcouponscategories.xml
Mime Type: unknown/xml
%AppData%Papergaptoolbarcouponsmerchants.xml File name: %AppData%Papergaptoolbarcouponsmerchants.xml
Mime Type: unknown/xml
%AppData%Papergaptoolbarlog.txt File name: %AppData%Papergaptoolbarlog.txt
Mime Type: unknown/txt
%AppData%Papergaptoolbarpreferences.dat File name: %AppData%Papergaptoolbarpreferences.dat
File type: Data file
Mime Type: unknown/dat
%AppData%Papergaptoolbarstat.log File name: %AppData%Papergaptoolbarstat.log
Mime Type: unknown/log
%AppData%Papergaptoolbarversion.xml File name: %AppData%Papergaptoolbarversion.xml
Mime Type: unknown/xml
%Temp%Papergaptoolbar-manifest.xml File name: %Temp%Papergaptoolbar-manifest.xml
Mime Type: unknown/xml
%AppData%Papergaptoolbarstats.dat File name: %AppData%Papergaptoolbarstats.dat
File type: Data file
Mime Type: unknown/dat
%AppData%PapergaptoolbaruninstallIE.dat File name: %AppData%PapergaptoolbaruninstallIE.dat
File type: Data file
Mime Type: unknown/dat
%AppData%PapergaptoolbaruninstallStatIE.dat File name: %AppData%PapergaptoolbaruninstallStatIE.dat
File type: Data file
Mime Type: unknown/dat

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "Papergap Papergap Toolbar"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "PapergapIEHelper.UrlHelper"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "PapergapIEHelper.UrlHelper.1"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBarPapergapdtx.dll"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "Papergap Toolbar"HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"HKEY_LOCAL_MACHINESOFTWAREClassesPapergapIEHelper.DNSGuardCurVerHKEY_LOCAL_MACHINESOFTWAREClassesPapergapIEHelper.DNSGuardCLSIDHKEY_LOCAL_MACHINESOFTWAREClassesPapergapIEHelper.DNSGuardHKEY_LOCAL_MACHINESOFTWAREClassesPapergapIEHelper.DNSGuard.1HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar "Papergap Toolbar"
Loading...