Nav Search

The Nav Search software that you may find in free program packages is associated with cases of browser hijacking and unsolicited advertising. The Nav Search program may be packed with modified installers for updates to Java, Adobe Flash and online streaming plugins for Internet browsers. The Nav Search software is known to alter the user’s settings in Google Chrome and other Chromium-based browsers like Vivaldi, SRWare Iron, Torch Browser and the Yandex Browser. Also, the Nav Search program may alter some settings in Mozilla Firefox and Microsoft’s Internet Explorer. The Nav Search desktop application is designed to reroute users to Nav-search.com/web?q=[search term] when they issue searches in the Omnibox of Google Chrome, as well as the search bar and URL bar in Mozilla Firefox. The Nav Search program is classified by many AV developers as a Potentially Unwanted Program (PUP) while some researchers may refer to it as a browser hijacker given its questionable behavior.

Nav Search presents users with what appears to be a search engine on www[.]Nav-search[.]com. You may notice that Nav-search[.]com resembles Google.com in many ways — there is a doodle image above a single search bar and two search options placed at the center of the page. However, www[.]Nav-search[.]com is not operated, monitored, developed and associated with legitimate services by Google. Third parties that are monetizing search queries are using www[.]Nav-search[.]com and browser extensions to make a profit. Nav-search[.]com is hosted on the 50.63.202.39 IP address where we found Onlytopoffers[.]info and Opretingmarketupdate[.]today involved in promotional campaigns. Additionally, there are disturbing reports of malware distribution from the same IP address. There may be no direct connection between Nav-search[.]com and phishing hosts on the 50.63.202.39 IP address, but it is possible that Web surfers may be shown links to untrusted pages and they may be exposed to phishing attacks. Nav-search[.]com is not deemed as a reliable search services provider, and you may wish to remove related software using help from a credible anti-malware instrument. AV companies have alerted that programs distributed from the 50.63.202.39 IP address may cause security incidents and the associated files are marked with the following detection names:

  • Gen:Variant.Razy.11545
  • Malware.HighConfidence
  • TROJ_BAYROB.SM1
  • TROJ_GEN.R055C0OBM18
  • Trojan/Win32.Agent.R170875
  • W32/Nivdort.F.gen!Eldorado
  • W32/Trojan.EWPQ-0283

Trending

Most Viewed

Loading...