EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|Threat Level:||20 % (Normal)|
|First Seen:||October 20, 2023|
|Last Seen:||October 24, 2023|
During their examination of deceptive websites, infosec experts encountered an installer that delivers a browser hijacker designed to promote the fraudulent search engine known as searches-world.com. Browser hijackers are commonly known for altering browser settings and leading users to specific websites through redirects. However, in this particular case, the browser hijacker exhibited an unusual behavior as it refrained from making any noticeable alterations to the user's browser settings. Instead, it employs a sophisticated and intricate mechanism to ensure its persistence on the affected system, making it exceptionally challenging to remove.
Table of Contents
Searches-world.com Takes Users to Dubious Destinations through Redirects
With the setup that promotes searches-world.com installed on a user's system, any search queries introduced into their Web browser's URL bar will lead to automatic redirects to the searches-world.com website. It's important to note that illegitimate search engines like searches-world.com are typically incapable of providing genuine search results, so they redirect users to well-known and legitimate Internet search engines such as Bing, Google, Yahoo and others.
However, the destination to which searches-world.com leads users can vary significantly. The redirects, and sometimes redirection chains, seem to be random in nature, but they can also be influenced by the user's geolocation. In some instances, searches-world.com has been observed redirecting to legitimate search engines like Bing, while in other cases, it directs users to nonfunctional or suspicious web pages. This unpredictability in redirection destinations is a characteristic of this browser hijacker.
To make matters more complex, this browser hijacker utilizes a persistence-ensuring technique to prevent users from easily recovering their web browsers. The redirections are facilitated through a process called 'UITheme.exe.' What sets this hijacker apart is that it's not a straightforward task to remove it. It employs a legitimate Windows tool from Microsoft known as the Deployment ToolKit's 'ServiceUI' to ensure the 'UITheme.exe' process is restarted automatically after it's terminated via the Task Manager or following system reboots. This persistence mechanism adds an extra layer of challenge for users attempting to get rid of the browser hijacker from their system.
How to Remove the Searches-world.com Redirects?
To remove the browser hijacker promoting the dubious Searches-world.com address from your system, follow these steps:
- Open the Windows Task Manager: You can access Task Manager by pressing 'Ctrl + Shift + Esc' or 'Ctrl + Alt + Delete' and then selecting Task Manager from the options presented.
- Locate the 'ServiceUI.exe' process: In Task Manager, scroll down the list of running processes and look for 'ServiceUI.exe.' Once you've found it, select it.
- Terminate the 'ServiceUI.exe' process: Click the 'End Task' button. This action will stop the 'ServiceUI.exe' process, which is responsible for ensuring that 'UITheme.exe' restarts.
- Locate 'UITheme.exe': In Task Manager, search for the 'UITheme.exe' process.
- End the 'UITheme.exe' process: Select 'UITheme.exe,' and click the 'End Task' button. This will halt the 'UITheme.exe' process.
- Open the 'System32' Windows folder: Open File Explorer and navigate to the 'System32' folder, which is typically located in C:\Windows\System32.
- Locate 'UITheme.exe': In the 'System32' folder, look for a file named 'UITheme.exe.'
- Delete 'UITheme.exe': Right-click on 'UITheme.exe' and select 'Delete' from the context menu. Confirm that you want to delete the file when prompted.
By applying these steps, you will have effectively removed the 'UITheme.exe' file associated with the browser hijacker. This should help prevent the hijacker from automatically restarting and ensure a cleaner system without the redirects to Searches-world.com. Do not forget to exercise caution when making changes to your system files and processes, as improper actions can affect your computer's stability and functionality.
Searches-world.com may call the following URLs: