Threat Database Browser Hijackers

By GoldSparrow in Browser Hijackers

Screenshot and the 'searchsystem' Family of Rogue Websites

In 2011, the Internet was flooded with an influx of fake search engines following similar patterns in their domain name. These websites would use the words 'search system' with a randomly-chosen adjective preceding them (for example, 'somesearchsystem') and a .com address. However, ESG security researchers suspect that the possible names for these websites have started to run out, as new versions of these started to dwindle towards the end of 2011. belongs to a new batch of fake search engines that follows the same naming convention, adding a random adjective to the words 'davinci server.' Like its predecessors, is a fake search engine associated with browser hijackers and the ZeroAccess Trojan. Performing searches on leads victims to pages such as, which are nothing more than advertisements. If you have visited for any reason, ESG security researchers strongly recommend taking steps to safeguard your data and protect your computer system. There is an extremely high chance that your computer system is already infected with dangerous malware.

Why Criminals Want You to Visit Repeatedly

It is well known that, online, traffic equals money. Most of the revenue generated on the Internet is due to advertisements and affiliate marketing links. Hackers can use fake search engines like to direct their victims to websites containing nothing but links and advertisements. Avoiding is not as easy as simply not visiting this malicious website; hackers use a browser hijacker in order to force their victims to visit repeatedly. A browser hijacker, such as the Google Redirect Virus (a component of the ZeroAccess rootkit, which is linked to the family of fake search engines) is designed to force the victim's Internet browser to return to constantly. Other ways in which browser hijackers associated with force visitors to go to, is by altering Google search results, so that the links lead to this fraudulent search engine and by changing the victim's homepage to Do not let criminals profit from your online activity! ESG malware analysts recommend using a strong, fully-updated anti-malware tool to scan your hard drives and remove any traces of malware associated with Allowing stay on your PC will lead to the loss of your data, further malware intrusions into your system and exposing yourself to credit card fraud or identity theft.

File System Details may create the following file(s):
# File Name Detections
1. %Windows%\system32\DRIVERS\mrxsmb.sys
2. %Windows%\system32\consrv.dll
3. %Windows%\system32\svchost.exe

Registry Details may create the following registry entry or registry entries:
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\System Index\Crawls\ll@IsCatalogLevel 0


Most Viewed