By ESGI Advisor in Browser Hijackers

Hooot.com Image

Hooot.com or, as Hooot.com is spelled on its web page, H Ooo T is a fake search engine that is closely associated with browser hijackers. This malicious website has a drab black and gray theme with a fake search box and a 'related searches' link on the right hand side of the main page. Hooot.com is not designed to carry out online searches; this website does not use any kind of search algorithm or search directory. Rather, the Hooot.com fake search engine is programmed to display a stream of advertisements, which will almost certainly be irrelevant to any search carried out on Hooot.com – unless the user looked for links to shady online pharmacies, illegal online casinos, websites promoting fake security applications and web pages associated with known online pyramid schemes. While Hooot.com does not have the ability to attack your computer system, the malware threats that are related to Hooot.com are amongst the most dangerous infections known today.

Hooot.com is Closely Related to Dangerous Malware

If the Hooot.com website were limited to displaying fake search results, there would not be much of a security problem. However, in order to coerce computer users to visit Hooot.com repeatedly, scammers use a kind of malware infection known as browser hijackers and they can come in several different varieties. Browser hijackers associated with Hooot.com are usually associated with an extremely dangerous rootkit (such as the ZeroAccess rootkit or some variety of the TDSS rootkit). These browser hijackers take over the victim's computer system, not affecting one single web browser but fundamentally altering the way that the victim's computer connects to the Internet. Once a computer system is infected, the web browser will take the computer user to the Hooot.com web page. These browser redirects can occur after clicking on a link, entering an address into the address bar or through pop-up windows. The victim's homepage will often also be set to Hooot.com. The main way in which these browser hijackers force the victim to visit Hooot.com is by altering search results in online searches carried out on legitimate search engines (such as Google or Yahoo).

File System Details

Hooot.com may create the following file(s):
# File Name Detections
1. %Windows%\system32\DRIVERS\{RANDOM CHARACTERS}.sys
2. %AppData%\{RANDOM CHARACTERS}.exe
3. %Temp%\{RANDOM CHARACTERS}.class

Registry Details

Hooot.com may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch={site_URL}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{RANDOM CHARACTERS}


Most Viewed