If you ever notice that your web browser has started opening 588.gychina.org when you launch your browser, it means that CEIDPageLock has affected your computer. You will get redirected directly to this page if you open such popular websites as soho.com and maxhton.com as well. Some users do not consider these redirections a huge problem, but it is, believe us. The website promoted by CEIDPageLock is nothing else than a malicious page that might promote malicious software or redirect you further to other untrustworthy websites. Unfortunately, it is not that easy to get rid of 588.gychina.org. Resetting the web browser to its default settings will not have a desirable effect, we can promise you that, because this page is, technically, not set as a user’s default homepage. Instead, CEIDPageLock opens it automatically when the browser is launched. This means that you will experience redirections to this website every day until you delete this threat fully. Unfortunately, it is not that easy to erase it. Malware researchers have observed that this infection does not allow the system to reach antivirus software. Additionally, it uses deceptive tactics in order not to be removed from the computer by the user.
CEIDPageLock has both rootkit and browser hijacker features. It is not one of those malicious applications that ruin the operating system and make it impossible to use the computer. It only hijacks victims’ browsers to force them to open 588.gychina.org, which, at first glance, looks like a harmless website. Researchers say that this website mimics 2345.com, which is a completely legitimate page. Unfortunately, we cannot say the same about 588.gychina.org, as you have probably already understood. This website is known to be malicious, so frequent redirections to it might result in security-related problems. It is one of the reasons to remove CEIDPageLock ASAP. You should get rid of it also because it might automatically record browsing data and then sell it to third parties. Generally speaking, you will only push yourself into danger by keeping CEIDPageLock active on your computer.
Specialists say that CEIDPageLock targets Chinese users primarily. According to them, it does not mean that other users are safe – anyone can get infected with this malicious application. Its entrance is illegal, but it is hard not to notice its successful entrance – it opens a page it promotes automatically, as you should already know. This threat is mainly distributed via exploit kits, but other methods of distribution might be adopted to promote it as well. Users might download this infection from the web as well. Once executed, it places a file in the %WINDIR%\Temp folder. It also creates a Service for this file – it works as a point of execution. It seems that the file’s name might differ, but it should come in the .sys format, specialists say. Speaking about the Service the malicious application creates, it should have the same name as the file dropped. CEIDPageLock has one file and one Service, but it does not mean that it is an easy task to delete this infection from the system. The file is extremely hard to erase because it is nothing else than a kernel-mode driver. As a consequence, you will have to boot into Safe Mode or Safe Mode with Networking to get rid of CEIDPageLock. It will not be easy, but it is worth erasing this infection from the system, believe us.
You will continue seeing the malicious page 588.gychina.org when you open your browser if you ignore the fact that CEIDPageLock is installed on your computer. Without a doubt, this is not what we expect users to do. We highly recommend deleting this infection ASAP because its presence might result in security-related problems and even have a negative impact on your privacy. As mentioned, you will have to boot into Safe Mode/Safe Mode with Networking first to be able to erase CEIDPageLock. Once your PC is running in Safe Mode, you could decide whether to erase it manually or acquire an antimalware tool to take care of it automatically. The ordinary Safe Mode has no Internet connection, so to download an antimalware tool from the web you will have to choose Safe Mode with Networking.
|#||File Name||File Size (Bytes)||File Hash|
|1||houzi.sys||293112 bytes||MD5: d3b1d963468f0b4c6e7db26996a85a4b|
|2||dropper.exe||942080 bytes||MD5: c7a5241567b504f2df18d085a4dde559|
|#||Process Name||Process Filename||Main module size|