Homesiterenew.com/security/xp browser hijacker is related to the infamous Zlob trojan. The scammers didn’t even bother to create a new website: homesiterenew.com/security/xp is identical to many sites created to promote Ultra Antivirus and Windows Antivirus 2008. Homesiterenew.com/security/xp pushes visitors into buying AntiVirus Trigger. The hijacker loads the following message:

“Warning!
W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer.
Type:                            Virus
Infection Length:           138,293 bytes
Systems Affected:           Windows 95, 98, ME, NT (all versions), 2003, Windows XP (all service packs)
Systems Not Affected:  DOS, EPOC, Linux, Macintosh, Novell Netware, OS/2, UNIX
Technical details:          1. Creates files in %Windir%\ directory. By default, this is C:\Windows.
2. Adds values to registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
3. Scans the hard drive for .exe files and infects any executable files.
Searches for passwords/information, which it may send to a remote attacker.
Recomendations:          Click “OK” to download officially approved security software.
Always keep your patch levels up-to-date.”

If clicked upon, the message offers downloading AntiVirusTrigger.

Source: http://www.spywarevoid.com/homesiterenewcomsecurityxp.html