Search-fever.com
If you discover that your web browser is being redirected to the site Search-fever.com, please act with extreme caution and clean your system as quickly as humanly possible. Although it may at first appear that the only issue at hand is an annoying hijacker, redirection to Search-fever.com is a sign of infection with a more serious piece of malware. The malware associated with Search-fever.com puts your personal information and the security of your PC in jeopardy.
Table of Contents
Symptoms and Files Associated with Search-fever.com
The symptoms caused by the Search-fever.com malware are relatively minimal. All you'll notice is that your web browser's home page has been reset to Search-fever.com. The home page hijack will usually affect all of your browsers (if you have more than one installed on your computer), although some potential exceptions have been reported. You will be able to go to a search engine such as Google, and enter your search terms, but the search will be hijacked and run through Search-fever.com instead. The results that you get from this hijacked search will consist mostly or entirely of sponsored results, or advertisements. Obviously, this is extremely upsetting, and Search-fever.com can restrain you from getting things done on your PC. This is why most people look for help with Search-fever.com.
Unfortunately, there is more to the picture. It is rarely the case that a search hijacker or superficially annoying symptom is associated with malware that is much more dangerous, but that is what is going on with Search-fever.com. It may be that the hijacking allows the real malware to be more effective, or the hijacking may simply be a red herring, intended to distract you from what is really going on. What is really going on has to do with a file (and a matching process) that is present on all computers that have the Search-fever.com redirection problem – and that is rdminer.exe.
Rdminer.exe is what is known as a backdoor. It allows someone, at a remote location, to access your computer and its contents. It is installed by a Trojan, which is hidden in a file that seems harmless and unremarkable. At this point, there is insufficient information about which websites or files tend to hide the Trojan for rdminer.exe, but it is likely that it is included in phony program updates and in files from peer-to-peer services or freeware sites. The whole point of the Trojan is that it is downloaded without your knowledge. If it weren't for the Search-fever.com hijacking, you would not even know that anything had happened, unless an anti-virus program alerted you to the problem.
Implications and Conclusions About Search-fever.com
Search-fever.com has a superficial layer of protection intended to keep people from finding out who the site is registered to or where Search-fever.com originates, so it is clear that whoever is behind the site at least intends to hide what they're doing. However, the IP address for the site (217.160.230.82) traces back to Poland, and it is associated with a company called 1&1 Internet Ag. A little more digging reveals that the host can be traced back to Germany and that its network is known to host Command and Control (C&C) servers. C&C servers are used by malware creators or users in order to remotely access and control PCs that have been infected with a backdoor, among other kinds of malware.
The bottom line is this:
- Only computers infected with the backdoor rdminer.exe have the Search-fever.com redirection problem.
- Rdminer.exe is a system backdoor, allowing remote access to the affected PC.
- Search-fever.com is hosted on a network that is known to support C&C servers.
- C&C servers are used to access computers infected with a backdoor, such as rdminer.exe.
- Therefore, computers affected by Search-fever.com redirection are infected with a system backdoor, and are connecting to a network that hosts C&C servers.
- Therefore, it is possible that Search-fever.com plays an important role in the remote access of infected PCs.
The Search-fever.com redirection issue and the malware associated with Search-fever.com can be safely removed. In this case, the infection may be more severe than most users of infected computers realize, making speedy removal of the malware an extremely high priority.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %PROGRAM_FILES%\Search-fever.com\ |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.