The Trotux.com badware is a browser hijacker from the Adware/ShortcutHijacker family that changes the home page of your installed browsers to www.trotux.com. It does this by installing random named files and Windows services that check the settings of your browser. When it detects that the home page and search has been changed to a page other than trotux.com, it will automatically change it back.

Remove the Trotux.com Browser Hijacker (Uninstall Guide)

• Mon, 20 Jun 2016 21:43:05 EDT
• Read 178 times

The Trotux.com badware is a browser hijacker from the Adware/ShortcutHijacker family that changes the home page of your installed browsers to www.trotux.com. It does this by installing random named files and Windows services that check the settings of your browser. When it detects that the home page and search has been changed to a page other than trotux.com, it will automatically change it back.
When a user performs a search from the trotux.com search engine, it will first log the query to their own system and then redirect the user so the search results come from Google. It is unknown why they do this, but it is possible they are doing it for search query statistical information.
How did the Iwatchavi.com hijacker get on my computer?

This program is installed via downloaders found on video and file sharing sites. These sites will offer free videos or downloads, but in reality install the Yeabests.cc hijacker on your computer. Therefore, it is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.
In my opinion, the Trotux.com browser hijacker provides no benefit to the computer it is installed on. As the searches redirect you through Google, you may as well use Google instead of a search engine that hijacks your browsers for an unknown purpose. To remove the Trotux.com Browser Hijacker and clean the affected shortcuts, please use the removal guide below.
Array
View Associated Trotux.com Browser Hijacker Files C:\Program Files (x86)\[random]\C:\Program Files (x86)\[random]\DeElevator.dllh7oC:\Program Files (x86)\[random]\reakaph.xhtm5h7oC:\Program Files (x86)\[random]\C:\Program Files (x86)\[random]\[random]mpp.dllC:\Program Files (x86)\[random]\C:\Program Files (x86)\[random]\JtsLncs.xhtm5C:\Program Files (x86)\[random]\JtsLnctes.exeC:\Windows\System32\Tasks\[random] Launcher


View Associated Trotux.com Browser Hijacker Registry Information HKCU\Software\[random]HKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\hp http://www.trotux.com/?z=[id]&from=epf1&uid=[computer_id]&type=hp&mode=ffsengextHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\tab http://www.trotux.com/?z=[id]&from=epf1&uid=[computer_id]&type=hp&mode=ffsengextHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\sp http://www.trotux.com/search/?q={searchTerms}&z=[id]&from=epf1&uid=[computer_id]&type=spHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\surl http://www.trotux.com/search/?&z=[id]&from=epf1&uid=[computer_id]&type=sp&q=HKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\uid [random]HKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\s HtTp://d2jeaw7c5nmwo6.cloudfront.net/kww7yc2r?uid=%s&update0=version,%s&update1=sys,%s&update4=ref,%s&update5=mode,%s&update6=sys0,%s&upd ate7=sys1,%s&update8=sys2,%s&update9=sys3,%s&update10=sys4,%sHKCU\Software\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\spname trotuxHKLM\SOFTWARE\Classes\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\EnableShellExecuteHook s 1HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7BD9EC3-FCFC-4AD6-8AB6-8D6C89FCD7D8}HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\[random] LauncherHKLM\SOFTWARE\Microsoft\help http://www.trotux.com/?z=[id]&from=epf1&uid=[computer_id]&type=hpHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\hp http://www.trotux.com/?z=[id]&from=epf1&uid=[computer_id]&type=hp&mode=ffsengextHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\tab http://www.trotux.com/?z=[id]&from=epf1&uid=[computer_id]&type=hp&mode=ffsengextHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\sp http://www.trotux.com/search/?q={searchTerms}&z=[id]&from=epf1&uid=[computer_id]&type=spHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\surl http://www.trotux.com/search/?&z=[id]&from=epf1&uid=[computer_id]&type=sp&q=HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\uid [random]HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\s HtTp://d2jeaw7c5nmwo6.cloudfront.net/kww7yc2r?uid=%s&update0=version,%s&update1=sys,%s&update4=ref,%s&update5=mode,%s&update6=sys0,%s&upd ate7=sys1,%s&update8=sys2,%s&update9=sys3,%s&update10=sys4,%sHKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}\spname trotuxHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CDF7DA52-A297-4646-89F9-CE1DAC96612B}HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}HKLM\SYSTEM\CurrentControlSet\services\JtsLncs







Click here to view the article.