Default-Search.net

By GoldSparrow in Browser Hijackers

Threat Scorecard

Popularity Rank:	1,307
Threat Level:	50 % (Medium)
Infected Computers:	266,425

First Seen:	May 2, 2014
Last Seen:	April 12, 2026
OS(es) Affected:	Windows

Default-Search.net is a low-grade search engine that has been correlated with Potentially Unwanted Program infections. Default-Search.net is linked to Web browser redirects, changes to affected Web browser settings and a large number of other threat-like behaviors on affected computers. If your computer is presenting symptoms associated with Default-Search.net, security researchers strongly advise the removal of any PUPs installed on your computer. PUPs associated with Default-Search.net are usually bundled with low quality freeware. Because of this, you can prevent the installation of PUPs associated with Default-Search.net by guarding the installation process of any new software carefully. In most cases, choosing custom installation and only selecting necessary components to be installed can prevent the installation of these types of unwanted components.

Table of Contents

Common Issues Associated with Default-Search.net

There have been observed a wide number of issues related to Default-Search.net and its associated PUPs. If your Web browser is presenting any of the following symptoms, this may indicate that a PUP associated with Default-Search.net has been installed on your computer:

PUPs associated with Default-Search.net may change the affected Web browser's homepage, default search engine and default new tab or window website to Default-Search.net.
PUPs linked to Default-Search.net may display pop-up windows and other types of pop-up advertisements associated with Default-Search.net. These pop-ups may appear quite frequently, seriously interfering with computer users' activities on affected Web browsers. Default-Search.net has also been linked to banner advertisements, in-text marketing advertisements and other forms of intrusive advertising.
PUPs associated with Default-Search.net may take over the affected Web browser, forcing it to visit Default-Search.net repeatedly. Default-Search.net redirects may be quite disruptive, interrupting affected computer users' activities frequently.

Aliases

4 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
McAfee	Artemis!A392180ACD34
McAfee	Artemis!6C0E99A88F43
AVG	Toolbar.SearchSuite
Fortinet	Riskware/Toolbar_SearchSuite

SpyHunter Detects & Remove Default-Search.net

File System Details

Default-Search.net may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	$R7LROA4.cfg	7e1c1b7e7c427d8ba44b133761cb2192	4,971
Name: $R7LROA4.cfg MD5: 7e1c1b7e7c427d8ba44b133761cb2192 Size: 36.24 KB (36240 bytes) Detections: 4,971 Path: C:\$Recycle.Bin\S-1-5-21-3647289591-1107818582-3680359763-1000\$R7LROA4.cfg Group: Malware file Last Updated: July 4, 2022
2.	A0054399.exe	4c6a302490db9b796c9db8c1e90421f3	3,713
Name: A0054399.exe MD5: 4c6a302490db9b796c9db8c1e90421f3 Size: 3.54 MB (3543056 bytes) Detections: 3,713 Type: Executable File Path: C:\System Volume Information\_restore{139A94D4-B806-4DBE-9ABD-B237D6B565E5}\RP270\A0054399.exe Group: Malware file Last Updated: October 30, 2021
3.	smdmfmgrc3.cfg.vir	5f4e2340edce27b6eaca191509f20f67	3,105
Name: smdmfmgrc3.cfg.vir MD5: 5f4e2340edce27b6eaca191509f20f67 Size: 38.28 KB (38288 bytes) Detections: 3,105 Path: C:\v\AdwCleaner\Quarantine\C\Program Files\Settings Manager\smdmf\smdmfmgrc3.cfg.vir Group: Malware file Last Updated: March 30, 2022
4.	smdmfmgrc2.cfg.vir	981c2858ebf6192c785d303dc509335f	1,444
Name: smdmfmgrc2.cfg.vir MD5: 981c2858ebf6192c785d303dc509335f Size: 34.19 KB (34192 bytes) Detections: 1,444 Path: F:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\smdmf\smdmfmgrc2.cfg.vir Group: Malware file Last Updated: October 23, 2023
5.	smdmfmgrc3.cfg	a9f348403170fece9f72def38d3522f4	1,030
Name: smdmfmgrc3.cfg MD5: a9f348403170fece9f72def38d3522f4 Size: 45.96 KB (45968 bytes) Detections: 1,030 Path: c:\program files (x86)\assets manager\smdmf\x64\smdmfmgrc3.cfg Group: Malware file Last Updated: December 30, 2025
6.	smdmfmgrc2.cfg	3f0312e1d2fdfd5859b3aa2d7464a7f6	862
Name: smdmfmgrc2.cfg MD5: 3f0312e1d2fdfd5859b3aa2d7464a7f6 Size: 34.19 KB (34192 bytes) Detections: 862 Path: C:\Program Files (x86)\Settings Manager\smdmf\smdmfmgrc2.cfg Group: Malware file Last Updated: November 2, 2022
7.	smdmfmgrc2.cfg.173809.gzquar	53d67b57b046b2cccb12a4a436e4ef89	472
Name: smdmfmgrc2.cfg.173809.gzquar MD5: 53d67b57b046b2cccb12a4a436e4ef89 Size: 34.19 KB (34192 bytes) Detections: 472 Path: C:\Program Files\Settings Manager\smdmf\smdmfmgrc2.cfg.173809.gzquar Group: Malware file Last Updated: November 4, 2021
8.	SystemkService.exe	a392180acd34edc3680a4fa13991870b	342
Name: SystemkService.exe MD5: a392180acd34edc3680a4fa13991870b Size: 3.54 MB (3543056 bytes) Detections: 342 Type: Executable File Path: %PROGRAMFILES%\Settings Manager\systemk Group: Malware file Last Updated: May 13, 2020
9.	systemkmgrc1.cfg.vir	eefda207e341fb04ba6b31780db51782	306
Name: systemkmgrc1.cfg.vir MD5: eefda207e341fb04ba6b31780db51782 Size: 31.12 KB (31120 bytes) Detections: 306 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Program Files\Settings Manager\systemk\systemkmgrc1.cfg.vir Group: Malware file Last Updated: October 11, 2023
10.	OldCoordinator_nsr3EF.exe	2c8d11ecf064685ebc4d351fa4349c91	125
Name: OldCoordinator_nsr3EF.exe MD5: 2c8d11ecf064685ebc4d351fa4349c91 Size: 3.54 MB (3543056 bytes) Detections: 125 Type: Executable File Path: C:\Program Files\Settings Manager\systemk\OldCoordinator_nsr3EF.exe Group: Malware file Last Updated: October 19, 2024
11.	SystemkService.exe.vir	94b263fde2babc554166b948185f33ab	124
Name: SystemkService.exe.vir MD5: 94b263fde2babc554166b948185f33ab Size: 3.54 MB (3543056 bytes) Detections: 124 Path: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\SystemkService.exe.vir Group: Malware file Last Updated: April 4, 2024
12.	systemku.exe	debaba91bd2dbf83a671a2d89dfe0bf1	82
Name: systemku.exe MD5: debaba91bd2dbf83a671a2d89dfe0bf1 Size: 3.58 MB (3582992 bytes) Detections: 82 Type: Executable File Path: C:\Program Files\Settings Manager\systemk\systemku.exe Group: Malware file Last Updated: September 11, 2022
13.	OldCoordinator_nsv7C27.exe	05fa869b004082417be1441fec20daf5	30
Name: OldCoordinator_nsv7C27.exe MD5: 05fa869b004082417be1441fec20daf5 Size: 3.54 MB (3543056 bytes) Detections: 30 Type: Executable File Path: C:\Program Files (x86)\Settings Manager\systemk\OldCoordinator_nsv7C27.exe Group: Malware file Last Updated: March 17, 2021
14.	Systemkey.exe	49fb644bb0ee23cda11c0d96d32c45b5	20
Name: Systemkey.exe MD5: 49fb644bb0ee23cda11c0d96d32c45b5 Size: 225.79 KB (225792 bytes) Detections: 20 Type: Executable File Path: %LOCALAPPDATA%\Systemkey Group: Malware file Last Updated: June 2, 2014
15.	tbicon.exe	3261c97eeac15368c9a5d5ab193593f2	20
Name: tbicon.exe MD5: 3261c97eeac15368c9a5d5ab193593f2 Size: 78.35 KB (78352 bytes) Detections: 20 Type: Executable File Path: C:\windows\Temp\nsj1BDD.tmp\tbicon.exe Group: Malware file Last Updated: June 5, 2023
16.	syskldr.dll	37bde04482447b938e70c36f9aaf79fe	10
Name: syskldr.dll MD5: 37bde04482447b938e70c36f9aaf79fe Size: 20.49 KB (20496 bytes) Detections: 10 Type: Dynamic link library Path: C:\Programme\Settings Manager\systemk\syskldr.dll Group: Malware file Last Updated: August 29, 2022
17.	Internet Explorer Settings.exe	c4eed641e19e676d3050a8052558d142	8
Name: Internet Explorer Settings.exe MD5: c4eed641e19e676d3050a8052558d142 Size: 1.19 MB (1196560 bytes) Detections: 8 Type: Executable File Path: %PROGRAMFILES(x86)%\Settings Manager\systemk Group: Malware file Last Updated: May 2, 2014
18.	A0054395.dll	7b3585c97afabd24fb0a5bfb865f388b	7
Name: A0054395.dll MD5: 7b3585c97afabd24fb0a5bfb865f388b Size: 20.49 KB (20496 bytes) Detections: 7 Type: Dynamic link library Path: C:\System Volume Information\_restore{139A94D4-B806-4DBE-9ABD-B237D6B565E5}\RP270\A0054395.dll Group: Malware file Last Updated: October 30, 2021
19.	syskldr.dll	90aeb99323361cf86e1647691f231fec	2
Name: syskldr.dll MD5: 90aeb99323361cf86e1647691f231fec Size: 20.49 KB (20496 bytes) Detections: 2 Path: %PROGRAMFILES%\Settings Manager\systemk Group: Malware file Last Updated: May 2, 2014
20.	Uninstall.exe	c44da1bdd949d8941674ce66d72c102c	2
Name: Uninstall.exe MD5: c44da1bdd949d8941674ce66d72c102c Size: 113.88 KB (113888 bytes) Detections: 2 Type: Executable File Path: %PROGRAMFILES(x86)%\Settings Manager\systemk Group: Malware file Last Updated: May 2, 2014

More files

Registry Details

Default-Search.net may create the following registry entry or registry entries:

CLSID

{54739D49-AC03-4C57-9264-C5195596B3A1}

{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}

{AA760BA8-5862-4BC5-9263-4452CBC0B264}

{E1842850-FB16-4471-B327-7343FBAED55C}

File name without path

http_www.default-search.net_0.localstorage

http_www.default-search.net_0.localstorage-journal

Regexp file mask

%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Browse and Search the Internet.lnk

%PROGRAMFILES%\Mozilla Firefox\browser\searchplugins\default-search.xml

%ProgramFiles(x86)%\Mozilla Firefox\browser\searchplugins\default-search.xml

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard

SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1

Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1}

Software\Microsoft\Internet Explorer\DOMStorage\www.default-search.net

SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}

Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}

Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2496}

Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}

Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}

Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516}

Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2520}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}

SOFTWARE\SmdmF

Software\SystemK

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2496}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2520}

SOFTWARE\Wow6432Node\SmdmF

SOFTWARE\Wow6432Node\SystemK

SYSTEM\ControlSet001\services\SmdmFService

SYSTEM\ControlSet001\services\SystemkService

SYSTEM\ControlSet002\services\SmdmFService

SYSTEM\ControlSet002\services\SystemkService

SYSTEM\CurrentControlSet\services\SmdmFService

SYSTEM\CurrentControlSet\services\SystemkService

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Assets Manager

Directories

Default-Search.net may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\smdmf

%ALLUSERSPROFILE%\Application Data\systemk

%ALLUSERSPROFILE%\smdmf

%ALLUSERSPROFILE%\systemk

%AppData%\FirefoxToolbar\Settings Manager\smdmf

%PROGRAMFILES%\Assets Manager\smdmf

%PROGRAMFILES%\Settings Manager\smdmf

%PROGRAMFILES%\Settings Manager\systemk

%PROGRAMFILES(x86)%\Settings Manager\systemk

URLs

Default-Search.net may call the following URLs:

default-search.net

Analysis Report

General information

Family Name:	Default-search.net
Signature status:	Self Signed

Known Samples

MD5: 2a9818a11001fa9101c5d2c178e5e3a9

SHA1: f711aedf127201e611ce3fd57d63c4a73feada12

SHA256: 4F7D45FBACED429C292A062369DE812655651EFA45659C42D624905F56223CFB

File Size: 8.72 MB, 8718440 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Aztec Media Inc
File Description	Settings Manager Install
File Version	5.0.0.14682
Legal Copyright	Copyright (c) 2005 - 2014
Product Name	SettingsManager
Product Version	5.0.0.14682

Digital Signatures

Signer	Root	Status
AZTEC MEDIA INC.	Thawte Code Signing CA - G2	Self Signed

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\nsma786.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Default-Search.net

Threat Scorecard

EnigmaSoft Threat Scorecard

Common Issues Associated with Default-Search.net

Aliases

SpyHunter Detects & Remove Default-Search.net

File System Details

Registry Details

Directories

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Files Modified

Files Modified

Submit Comment

Trending

Trojan.Injector.KSB

Forestrievic.com

Pencetbnb.xyz

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen