A dangerous web domain has been reported to be associated with several malware families. It is called ad(.)directrev(.)com and is confirmed to affect thousands of computers per hour at the moment of writing this. Expert researchers such as Trend Micro Security Intelligence personnel have identified the suspicious domain to be associated with six malware families. All users who have spotted this domain on their web browser should immediately counter react and remove any malicious applications that may be causing redirects to their computer.
|Short Description||The domain may do various dangerous or unhealthy to the PC activities.|
|Symptoms||The user may witness fake Java Update downloads as well as redirects to other potentially harmful domains.|
|Distribution Method||Via PUPs, installed by bundling (Browser Hijackers) or by visiting a suspicious third-party site that is advertising it.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Ad(.)directrev(.)com|
|User Experience||Join our forum to discuss Ad(.)directrev(.)com.|
The distribution of this domain may be conducted via several different methods:
- Referral spam over websites, forums and others.(ex. Copyrightclaims(.)org)
- Browser Hijacker causing redirects (ex. Yes Searches)
- Adware advertising the domain. (ex. DNS Unlocker)
Referral spam is distributed by directly advertising links and it generates traffic very quickly. Interestingly enough there are two types of referral spam – ghost referrals and web crawlers. Ghost referral spam is more dangerous since it may spread by remotely connecting to the website being spammed and post legitimately looking comments or replies.
Browser hijackers are a very common occurrence, in fact, there is a real chance someone in your close circle of friends to have such on their computer, if you don’t. They usually come bundled with the setup installers of programs that are being downloaded for free by software providing websites. Such sites include hijackers or other suspicious apps under the pretext of a legitimate “free extra”. Most commonly imitated programs are toolbars, PC optimisers and other at first-hand useful software.
Adware also uses bundling, but it usually does not cause browser redirect. However, this doesn’t mean that it can’t do it.
Ad(.)directrev(.)com In Detail
When the domain itself has been researched using cqcounter, it was established that it may originate from the USA. Furthermore, the domain may be a part or imitate to be a part of the legitimate advertising delivery domain directrev.com which is a digital advertisement marketplace.
- IP address.
- Operating System.
- Any other system or user entered data.
Not only this but this redirect has been associated to infect computers with malware, according to Trend Micro Security Intelligence researchers. It has been linked with several different malware families, some of which categorized by Trend Micro as
Their research suggests that URLs originating from this domain may result in infection with different types of Trojans, like info stealing ones, for example.
Stop Ad(.)directrev(.)com Permanently and Reset Your Browser
To completely be rid of this malicious domain from your computer, you need to act swiftly and methodologically. After the article, we have prepared a removal report for the app that may be causing redirects to the domain and for other apps if detected, and this is one option to do it. Whichever way you may remove it, you should make sure you back up your data, first. There are several ways to do this for free:
1.Online backup – for example, SOS Online Backup
2.Copy it to an external drive.
3.Use Windows Backup services.
N.B. After the actual removal do not forget to change the passwords of all your accounts just to be sure.