Searchencrypt.com is a domain that is associated with an ad-supported program developed by Polarity Technologies Ltd that is a marketing company. The Searchencrypt.com Web portal is used in conjunction with a browser extension for Google Chrome that you can install from hxxps://ext.searchencrypt[.]com. Searchencrypt.com offers a search engine that advertises itself as a secure and privacy-oriented alternative. According to its own description, Searchencrypt miraculously "detects" searches that "may be tracked and tied to your personal information" and allegedly encrypts those, then runs them through its own search engine. This sounds like a great feature in theory. However, in practice, it's more of a nuisance than anything else.
Searchencrypt is also offered as a Chrome extension that can be downloaded from both the official website and the Chrome web store. Despite the large number of users that the Chrome store widget reports, Searchencrypt's extension is largely a browser hijacker, which at least doesn't try to hide its nature and mode of operation. On the About page of the website, it clearly says that "Search Encrypt is supported by sponsored ads featured on our search results page".
The moment you install Searchencrypt's browser extension in Chrome, even your default Google dot com page gets injected with Searchencrypt's widget and you get a warning about it.
The official site for the extension is https://choosetoencrypt.com, and it features the name 'Search Encrypt - A Private Search Engine.' You can find the 'Search Encrypt - A Private Search Engine' at:
You may find a clone of 'Search Encrypt - A Private Search Engine' called 'Search Encrypt' at hxxps://chrome.google[.]com/webstore/detail/search-encrypt/gnlabkgljnlaidbnocfhgdeajcgmahml that is published by the same company — Polarity Technologies Ltd. The same application was published at Searchencrypt.navigateto.net, but it did not manage to encrypt the user's search terms. The newer version called 'Search Encrypt - A Private Search Engine' appears to address this issue. Not only that, the news section at Choosetoencrypt.com features an article that compares the service at Searchencrypt.com against DuckDuckGo.com favorably. All three applications mentioned so far require the following rights in Chrome:
- Read and change all your data on the websites you visit.
- Change your search settings to: searchencrypt.com.
- Manage your apps, extensions and themes.
- Change your privacy-related settings.
PC users that are looking for an SSL-enabled search service may like what Searchencrypt.com has to offer. However, you will not find options to sort the results at hxxps://www.searchencrypt[.]com/search?eq=[encrypted search terms]. Additionally, the map services are provided by Openstreetmap.org, and video results are provided by Yahoo. Images and text resources are provided through Searchencrypt.com's crawlers. You should note that the 'Search Encrypt - A Private Search Engine' extension is designed to delete your browser history every fifteen minutes you spent online. It is possible the extension may delete links you intended to keep.
Polarity is known to collect data like your search terms, Internet history and downloads log to help ad publishers deliver optimized advertisements on related pages. Although, the extension may delete your Internet history and show encrypted search terms the ad publishers associated with Polarity would have access to raw data. The 'Search Encrypt - A Private Search Engine' extension is deemed as a Potentially Unwanted Program (PUP) that you may want to remove and restore the default privacy settings in your Web browser.
Search results may vary, greatly!
The browser's default search engine is replaced as well. The issue is that in addition to any encryption of your search queries that the hijacker may do, it also returns largely useless results and injects every results page with a load of ads and sponsored content.
As an example, sending a search through Searchencrypt's engine, using actor Gregory Peck's name as the query, you get some really strange results. The top result is an advertisement and redirects to a website that sells sunglasses. The second result is a link to an online bookshop. In third comes an Ebay link. The fourth result is a link to TruthFinder - a site altogether unrelated to Gregory Peck and obviously more sponsored content that is forced upon the user.
After those come another large chunk of injected advertisements, this time with images, that offer users the chance to buy a "Gregory stool" for nearly $280, among others. Only after two full screens of forcibly injected, largely unrelated or sponsored content, come the links to the Wikipedia article on the actor and his Internet Movie Database profile page. The Wikipedia and IMDb links are the first two hits that would show up in a regular Google search using the same query, which means Searchencrypt injected over 10 advertisements and sponsored links before showing its users the actual top relevance matches for their search.
The issue is not just injected ads but also low-relevance content being shown near the top of the results page, far higher than the results in a regular Google search. For example, searching for "Witcher 3" - a 2015 video game, shows a link to a popular adult video website higher than the largest digital game store that sells the actual game - decidedly abnormal behavior when it comes to ordering search results according to relevance.
This is classic browser hijacker behavior on every level. Thankfully, Searchencrypt doesn't have any nasty persistence mechanisms and its removal from the system is quite straightforward. Simply opening Chrome's "Extensions" page (Menu button -> More Tools -> Extensions) allows users to hit the Remove button under the extension and the browser should be restored to its normal functionality.
Do You Suspect Your PC May Be Infected with Searchencrypt.com & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Searchencrypt.com as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
File System Details
|4||%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Extension Settings\bincafjahipkjhnidfkgkgkeikgmdjon|
|5||%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Extension Settings\dhfibbgfabkckmhgjhinddpgfmppjldl|
|6||%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Extension Settings\foclnndfkmeoaofipaekehjpkgibkene|
|7||%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bincafjahipkjhnidfkgkgkeikgmdjon|
|8||%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjmjcbcbcbjgbbjemoemdkdcfgiombji|
|9||%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogkpiffapigolapjdmcdoibojojpdlng|
|10||%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\bincafjahipkjhnidfkgkgkeikgmdjon|
|11||%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\dhfibbgfabkckmhgjhinddpgfmppjldl|
|12||%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\foclnndfkmeoaofipaekehjpkgibkene|
|13||%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\oohlkelgbkkebnikbokfebofocahnjde|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.