Windows Protection

Malware Analysis:

We have been lately observing suspicious activity around a set of domains involved in an ongoing fraudulent Internet campaign. It’s about Google/Yahoo!/Bing/AOL redirect problem that has become one of the major cyber safety issues of 2011. Since Summer, scammers have been taking a bulk of their effort into click-revenue tactics. For a maximum efficiency of these endeavours, they disregard the regular SEO to attract natural traffic. Instead, the criminals are using a rootkit infection that generates these hits on its own. The only thing required for that to happen is for this virus to successfully infiltrate one’s workstation. That being done, it reconfigures browser settings, HOSTS file and/or some other default parameters, which leads to inevitable distortion of your online activity. From that moment on, you will not be able to perform normal web queries via the Search Engines listed at the beginning of this entry. That’s because your searches will be constantly rerouted to some completed unexpected pages such as Neatdavinciserver.com. So your navigation will either stop there, or continue being redirected to some of the affiliated landing pages like Xa.com or similar. Those are made exclusively for ads, hence it’s obvious how beneficial it is for the fraudsters to arrange hits to that site. Anyway, in case you are experiencing browser malfunctions similar to the ones outlined above, do not just ignore those otherwise the mess will never cease. Removal of this malware is one of your number one tasks right now. Here is the complete list of the URLs involved with this scam:

• admirabledavinciserver.com
• colossaldavinciserver.com
• cooldavinciserver.com
• corkingdavinciserver.com
• crackajackdavinciserver.com
• eminentdavinciserver.com
• eximiousdavinciserver.com
• famousdavinciserver.com
• franticdavinciserver.com
• goooooddavinciserver.com
• greatdavinciserver.com
• immensedavinciserver.com
• jollydavinciserver.com
• marvelousdavinciserver.com
• nailingdavinciserver.com
• neatdavinciserver.com
• nobledavinciserver.com
• raredavinciserver.com
• rattlingdavinciserver.com
• remarkabledavinciserver.com
• signaldavinciserver.com
• somedavinciserver.com
• splendiddavinciserver.com
• strikingdavinciserver.com
• super-duperdavinciserver.com
• swelldavinciserver.com
• uncommondavinciserver.com
• unexceptionabledavinciserver.com
• uniquedavinciserver.com
• unusualdavinciserver.com
• wickeddavinciserver.com
• wonderfuldavinciserver.com

If this or similar problem occurs with your Internet activity, you might want to consider using the fix described in our removal section (see below).

Determine if your PC is infected with Davinci Server virus:

Download Davinci Server Hijacker Free Scanner with Remover

Davinci Server Affiliated Landing Page Screenshot:

How to remove this malware manually:

To perform manual removal of this hijacker, you should do the following:

Delete the following corrupt files:

• %WINDOWS%\System32\consrv.dll
• %WINDOWS%\System32\Drivers\mrxsmb.sys

Remove registry entries related to Us-srch-system.com hijacker:

• SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

Please, note that manual removal of Davinci Server redirect malware is a procedure of high complexity and should be performed with extreme caution. Lack of the required skills and even the slightest deviation from the instructions may lead to irreparable system damage. To ensure trouble-free deletion, it is recommended to use the automatic removal tool below:

Download Davinci Server Hijacker Removal Tool