Description seems to be a search engine with a black and white color scheme and minimalist design. However,'s search results are often irrelevant or unsafe. Many of these search results have been observed to lead to websites containing phishing scams or promoting malware. Although has a dismal success rate as a search engine, still receives a steady rate of web traffic. However, this is not related to's quality but to the fact that criminals use a browser hijacker (a kind of malware infection that can take over the victim's web browser) in order to push PC users to visit repeatedly. These redirects to will often occur after doing an online search on a real search engine. If you find your web browser directing you to against your will, this is a sure sign that your PC has become a victim of a browser hijacker Trojan or rootkit infection. is Part of a Well-known Online Scam

Fake or severely limited search engines promoted with browser hijacker are a common online scam. Some examples of these kinds of websites that are associated with include and The main danger associated with is the browser hijacker that criminals use to direct computer users to this search engine against their will. These browser hijackers will often contain a rootkit component that creates a hidden file system on the infected hard drive, corrupts essential Windows system files, and disables known security software. Because of this, ESG malware researchers strongly advise using an anti-rootkit tool, or anti-malware software with anti-rootkit technology if you are experiencing redirects. These redirects can occur in various ways, such as changes to the infected web browser's homepage, direct redirects to, or the appearance of links to in what otherwise would be plain text content.

Technical Information

File System Details creates the following file(s):
# File Name Detection Count
1 %AppData%[trojan name]toolbarcouponsmerchants2.xml N/A
2 %AppData%[trojan name]toolbarlog.txt N/A
3 %AppData%[trojan name]toolbarstats.dat N/A
4 %AppData%[trojan name]toolbarversion.xml N/A
5 %AppData%[trojan name]toolbarcouponsmerchants.xml N/A
6 %AppData%[trojan name]toolbarguid.dat N/A
7 %AppData%[trojan name]toolbarstat.log N/A
8 %AppData%[trojan name]toolbaruninstallStatIE.dat N/A
9 %AppData%[trojan name]toolbarcouponscategories.xml N/A
10 %AppData%[trojan name]toolbardtx.ini N/A
11 %AppData%[trojan name]toolbarpreferences.dat N/A
12 %AppData%[trojan name]toolbaruninstallIE.dat N/A
13 %Temp%[trojan name]toolbar-manifest.xml N/A

Registry Details creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID "[trojan name]IEHelper.UrlHelper"
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuardCurVer
HKEY_LOCAL_MACHINESOFTWAREClasses[trojan name]IEHelper.DNSGuard.1
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} "UrlHelper Class"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} "[trojan name] Toolbar"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 "C:PROGRA~1WINDOW~4ToolBar[trojan name]dtx.dll"
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID "[trojan name]IEHelper.UrlHelper.1"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar "[trojan name] Toolbar"