Searchtabs.io
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 5,530 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 64 |
| First Seen: | October 20, 2023 |
| Last Seen: | October 23, 2023 |
| OS(es) Affected: | Windows |
Searchtabs.io is the web address associated with a fraudulent search engine. Researchers have discovered a deceptive Web page that employs a bait-and-switch tactic, utilizing explicit content as a lure to entice users into downloading an installation setup. What's particularly concerning is that this installer includes a browser hijacker that promotes the searchtabs.io website.
Typically, software in this category alters browser settings to redirect users to certain websites or inundate them with unwanted ads. Surprisingly, in this instance, the setup did not make any visible changes to the user's browser. However, it's crucial to note that this hijacker employs a persistence-ensuring mechanism. It takes measures to ensure it remains on the user's system and prevents them from easily recovering their hijacked browsers. This persistence mechanism could make it challenging for users to regain control over their browsing experience.
Table of Contents
Browser Hijackers Often Promote Dubious Sites through Intrusive Tactics
Upon conducting a thorough analysis of the setup that promotes searchtabs.io, information security researchers have uncovered a unique and intriguing behavior pattern. This setup, upon installation, exerts its influence primarily on new browser tabs. Each time a new tab is opened, a redirect is initiated, directing the user to the searchtabs.io website. What sets this particular browser hijacker apart is that it generates these redirects with randomized search queries, introducing a level of unpredictability to its operation.
The term 'fake search engine' is used to categorize such deceptive online tools, as they typically fall short of delivering legitimate search results. Instead, they consistently reroute users to established search engines like Bing, Google, Yahoo, and others. Normally, browser-hijacking software is known for redirecting users to illegitimate search engines whenever they open a new tab or input a search query into the URL bar. However, as we've previously noted, the behavior exhibited by the searchtabs.io browser hijacker is notably distinct.
What adds an additional layer of complexity to this situation is the hijacker's employment of a persistence-ensuring mechanism. In this context, these redirects are facilitated through a process referred to as 'UITheme.exe.' Surprisingly, merely terminating this process does not bring an end to the redirects. The browser hijacker leverages a tool from the Microsoft Deployment Toolkit known as 'ServiceUI' to ensure that 'UITheme.exe' is automatically restarted after it's forcibly terminated through the Windows Task Manager or following system reboots. This persistence-ensuring technique poses a challenge to users attempting to eradicate unwanted redirects and regain control of their browser's behavior.
How to Get Rid of the Searchtabs.io Redirects?
To stop the unwanted and disruptive redirects to Searchtabs.io, follow these comprehensive steps:
- Open Windows Task Manager: First, you need to access the Windows Task Manager. You can get this result by pressing Ctrl + Shift + Esc or Ctrl + Alt + Delete and then selecting "Task Manager."
- Terminate 'ServiceUI.exe' Process: Inside Task Manager, navigate to the list of running processes. Look for the process labeled "ServiceUI.exe" and select it. To terminate this process, click on "End task."
- End the 'UITheme.exe' Process: Continue by locating the process named "UITheme.exe" within the Task Manager. Once found, select it, and then, similar to the previous step, click on "End task" to stop this process.
- Navigate to the 'System32' Windows Folder: Now, you'll need to open the 'System32' folder in the Windows directory. You will find this folder at 'C:\Windows\System32.'
- Locate 'UITheme.exe' and Delete It: Inside the 'System32' folder, search for the file named 'UITheme.exe.' Once you've identified it, proceed to delete this file.
By following the instructions, you'll effectively terminate the problematic processes and remove the 'UITheme.exe' file from your Windows System32 directory, which should help address the issues associated with the browser hijacker and its persistence mechanisms.
URLs
Searchtabs.io may call the following URLs:
| searchtabs.io |
