I sent installer_00526._xe to MBAM just now. By the way, the picture looked different on "safe-way" earlier today. Also, don't know if it is related, but tcpview showed an attempt to connect to a site in Italy, one in Latvia, and one in Mexico.

Thanks, Davey, for letting me off the hook. Be comforted, I have Piri on speed dial. The eDintori foray was an experiment to see how different search engines find the same entry.

edit: The malicious site is still there. Going to go there 3 times: once w/ PS running, once with Returnil running, and once with Sandboxie running, see what happens. Back soon, I hope. Don't try this at home.

Glad to have you checking for those "bad guys" and their "bag of tricks". Really bugs me to think they are trying to trap people looking for Piriform forums.

I give all my friends exact links. I never want them just "browsing" for "Cleaners" and "Spystuff" etc.

Of course, you already know that there are too many imitation sites on the Internet using all these keywords to lure the "un-informed". I want all those persons that I know to go directly to safe sites.

Thanks for your efforts to find these "evil kinds" of sites.

Do not worry, "I won't be trying this at home". davey

Of course, you already know that there are too many imitation sites on the Internet using all these keywords to lure the "un-informed"

That's true. Even misspelling a website address can have the user going into the nefarious zone. I remember accidentally typing in Ford Vehicles website address wrong once and instead of cars there where "flotation devices" on the screen.