Multi-License Discount Quote

Change Region

English Português
Threat Database Adware Searchgo

Searchgo

By CagedTech in Adware
Translate To:
English

Threat Scorecard

Ranking: 4,661
Threat Level: 20 % (Normal)
Infected Computers: 48,717
First Seen: May 2, 2016
Last Seen: March 29, 2024
OS(es) Affected: Windows

The Searchgo program is categorized as adware, and it is advised to remove it from computers. The Searchgo program is known to arrive on computers via freeware bundles and fake updates to Adobe Flash and Java. Researchers have seen the Searchgo adware load from
C:\Users\username\AppData\Local\SearchGo\searchgo.exe and C:\Users\username\AppData\Local\DuckGo\DuckGo.exe. PC users affected by the Searchgo (a.k.a. DuckkGo) adware may notice new tasks being registered in the Windows Task Scheduler from C:\Windows\System32\Tasks\SearchGo Task and C:\Windows\System32\Tasks\DuckGo Task.

The Searchgo adware is known to connect to the h[tt]p://robyego[.]ru/searchgo.json URL and the 178.132.6.45 IP address. It is believed that third parties are using Searchgo (DuckGo) to collect non-personally identifiable data, show targeted advertisements, drop persistent tracking cookies to infected computers, and sell identification numbers for the cookies to ad publishers. The Searchgo adware is recorded to inject code into Internet Explorer and change the way the pages are loaded on the screen for the users. The Searchgo adware may show hyperlinked words, video advertisements in floating windows, generate pop-up windows and alter the header of Web pages. The Searchgo adware may load insecure resources on supposedly safe pages, as well as track the user across SSL-encrypted pages. Ad publishers who are working with the Searchgo developers may show targeted promotional materials based on the infected user's recent activity on the Internet. Searchgo may record the user's browsing history, recent downloads, IP address, system type, browser version, software configuration and approximate geographical location. It is recommended to remove the Searchgo (DuckGo) adware using help from a reliable anti-spyware instrument. Av engines may flag files created by the Searchgo adware as:

  • ADWARE/Agent.415233
  • ADW_SEARCHGO
  • AdWare.Searchgo.a
  • Adware ( 004e25111 )
  • Adware.SearchGo.Win32.1
  • Adware.Searcher.2781
  • HEUR/QVM10.1.Malware.Gen
  • Malware.Generic!PojyymQ5vsM@5 (Thunder)
  • Montiera
  • PUP/Win32.Searchgo.R195203
  • Trojan.LoadMoney.1441
  • W32/S-1b731156!Eldorado
  • Win32.Adware.Searchgo.Wozw
  • not-a-virus:AdWare.Win32.Searchgo.a

    • SpyHunter Detects & Remove Searchgo

    File System Details

    Searchgo may create the following file(s):
    Expand All | Collapse All
    # File Name MD5 Detections
    1. searchgo.dll 0f21077acd26b74e219aaa824e7581c4 1,500
    2. searchgo.exe 64a8157837d5df49827f232f1295dec2 1,411
    3. searchgo.exe e7dc5f07c89cc136b1087636579155a7 1,372
    4. searchgo0.dll.old 41aa9ba47db027de7f6d68e0b027fc48 947
    5. searchgo.exe 1e572812793e2f7672110617c8eb7c21 912
    6. searchgo0.dll.old 59d05c0c9fdef13cab0d5fdde0836901 380
    7. adv_93.exe d6fe35e5a40e727f191d96536baf0c1c 1
    8. adv_93.exe 87e1844260a46d37f2a3d09a8c108314 1

    Registry Details

    Searchgo may create the following registry entry or registry entries:
    CLSID
    {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}
    {598AEFC6-DD3C-4A63-9AC3-53FCF6155931}
    {AF5EE270-A22B-4E9A-B253-A91E8882BEC5}
    Regexp file mask
    %TEMP%\duckgo0.dll.old
    %WINDIR%\System32\Tasks\DuckGo Task
    %WINDIR%\System32\Tasks\SearchGo Task
    HKEY..\..\..\..{RegistryKeys}
    SOFTWARE\Classes\Interface\{37C81B92-FBD1-4D51-892F-AC1343578928}
    SOFTWARE\Classes\Interface\{EA1996FB-3431-4103-A88B-F1ADE1EBD415}
    SOFTWARE\Classes\SearchBar.SearchBarMain
    SOFTWARE\Classes\SearchBar.SearchBarMain.1
    SOFTWARE\Classes\TypeLib\{AB775775-BE4A-4CD9-B5F4-5C63DA27DEAF}
    SOFTWARE\Classes\Wow6432Node\TypeLib\{AB775775-BE4A-4CD9-B5F4-5C63DA27DEAF}
    Software\Microsoft\Go\nb_lifetime
    Software\Microsoft\Gosearch
    Software\Microsoft\Gosearchq
    Software\Microsoft\guardPlagin
    Software\Microsoft\Internet Explorer\Approved Extensions\{2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}
    Software\Microsoft\Internet Explorer\Approved Extensions\{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}
    Software\Microsoft\Internet Explorer\LowRegistry\searchgo
    Software\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}
    SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SearchGo Task
    SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}
    SOFTWARE\Wow6432Node\Classes\Interface\{37C81B92-FBD1-4D51-892F-AC1343578928}
    SOFTWARE\Wow6432Node\Classes\Interface\{EA1996FB-3431-4103-A88B-F1ADE1EBD415}
    SOFTWARE\Wow6432Node\Classes\TypeLib\{AB775775-BE4A-4CD9-B5F4-5C63DA27DEAF}
    SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}
    SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}

    Directories

    Searchgo may create the following directory or directories:

    %LOCALAPPDATA%\DuckGo
    %LOCALAPPDATA%\SearchGo
    %USERPROFILE%\AppData\LocalLow\DuckGo
    %USERPROFILE%\AppData\LocalLow\SearchGo
    %UserProfile%\Local Settings\Application Data\DuckGo
    %UserProfile%\Local Settings\Application Data\SearchGo

Related Posts

Trending

Most Viewed

Loading...