Threat Database Browser Hijackers

By GoldSparrow in Browser Hijackers is one of the many clones of a fake search engine website that is characterized by having the words 'davinci server' in its domain name. According to ESG security researchers, it is highly likely that fake search engines in's family of malicious websites are randomly generated. This can be observed by the structure of the domain names associated with these fake search engines. Typically, these websites' domain names consist of the two previously-mentioned words preceded with a randomly generated adjective. Some examples, apart from 'immense' in, include admirable, neat, and same. Fake search engines in the family of malicious websites are closely associated with the Google Redirect Virus and with the ZeroAccess rootkit. They are direct successors of the 'searchsystem' clones of the fake search engine CC Search, which followed the same naming procedure but adding the adjective to the words 'search system'. If you have visited the website for any reason, it is important to scan and disinfect your computer system. Due to this malicious website's associations, it is highly likely that your computer system has become infected with dangerous malware. ESG security researchers recommend removing malware associated with using a reliable and up-to-date anti-malware tool.

Understanding the Scam

Criminals use websites such as to profit from the fact that the victim's computer system has become infected with a browser hijacker. Most revenue on the Internet is generated as a result of advertisement impressions and clicks related to a website's traffic.'s browser hijacker allows this website – and other websites in the family – to receive an inordinately large amount of web traffic. This can be translated into illegal revenue by displaying advertisements and affiliate links. It is essential to note that the kinds of companies and individuals which resort to advertising themselves on websites such as and its associated malicious websites (such as have usually been blocked from being listed on legitimate search engines and displaying their advertisements on legitimate websites. This is because these kinds of websites are associated with online scams, fraud and malware. Failure to remove malware associated with will not only allow criminals to profit from hassling you and damaging your computer system; will also place you at risk for several kinds of fraud and for even more dangerous malware.

File System Details may create the following file(s):
# File Name Detections
1. %Windows%\system32\svchost.exe
2. %Windows%\system32\consrv.dll
3. %Windows%\system32\DRIVERS\mrxsmb.sys

Registry Details may create the following registry entry or registry entries:
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\System Index\Crawls\ll@IsCatalogLevel 0


Most Viewed