Yessearches.com

By GoldSparrow in Browser Hijackers

Threat Scorecard

Ranking: 1,499
Threat Level: 50 % (Medium)
Infected Computers: 98,619
First Seen: September 25, 2015
Last Seen: January 4, 2024
OS(es) Affected: Windows

The Yessearches.com domain is associated with a browser hijacker that may be offered to users in freeware installers as a search enhancer named YesSearch by Hongkong zoekyu Technology Limited. The YesSearch browser hijacker linked to www.yessearches.com may use the Shortcutboost.exe file and be detected under the names of PUP.Optional.YesSearch, Win32/Injector.CMNX, HEUR/QVM03.0.Malware.Gen and HW32.Packed.385E. Also, the YesSearch browser hijacker may create a folder named yesseachesbnd in your ProgramFiles directory to store its components. The YesSearch browser hijacker may make an entry in your 'Programs and Features' panel that is named yessearches Uninstall and attach a browser extension and add-on to your installed Web browsers. The YesSearches.com website may resemble the design of Google closely, and redirect users to search results on Google. However, the Yessearches.com domain is a redirect-gateway and can not provide search results on its own.

The YesSearch browser hijacker may redirect users to harmful domains and invite them to install riskware such as Mp3Fabulous and Oxy Torrent that may crash your Internet browser and slow down your computer. The YesSearch browser hijacker may use JavaScript to show pop-up and pop-under windows that may bypass ad blockers. Security analysts warn users that the YesSearch browser hijacker may display unsafe advertisements and sell information about you like IP address, browser type, MAC address, bookmarks collection and software configuration to advertisers. Computer users can resolve the problems caused by the Yessearches.com domain by installing a credible anti-malware suite on their computers.

SpyHunter Detects & Remove Yessearches.com

File System Details

Yessearches.com may create the following file(s):
# File Name MD5 Detections
1. awpNdftes.exe b499e0483fd9bc5f36e4676a5bbd74f1 699
2. trzD6FE.tmp b8c052284a44628f82352b225d3b1fa5 647
3. awpndfs.xhtm5 52d702a08821924ca364199cdfc7b0ad 634
4. CepetyDebugerPlotutbnotain.exe 8a0bbfbfa377e516dee885baf8720106 622
5. ArhCnttask.exe 2f40045b1d8ef55d74c3f19de276357c 535
6. AtibuckManagers.xhtm5 55e99451f30d89a05d30d664544398dd 468
7. DrfghphcogeMdltes.exe 177cff992977befd34a69c9dd24c19be 439
8. ddophprokalymdls.xhtm5 b5ac8c504948578804db470c630789d4 408
9. DrfghphcogeMdls.xhtm5 0f65c7ce27bf9568962b2cd6da0878fa 406
10. ukerydrpasControlss.xhtm5 76ac438d932e6f591ae8ddd1de955ddf 403
11. Phifutainmoduleraqegh.exe cc0d1a8be0cbddd0c52f251825ac9e9e 362
12. ptwdebugertask.exe 8c81c4de47d8b247af795e928aaa2fba 340
13. LkncchJrh.exe 7623065ddadbf704895c136aa199fb57 321
14. LkncchMlt.exe 683c2f3f9d816ab96cfe9432d681cb27 279
15. ArkconfigurationTsk.exe 6572368270cf1c7f9a299286d4fc4606 275
16. plohisAdapterGrq.exe 5544fb9b0a83c51dd2d61ec85c683ff9 272
17. quztionnodifierrrs.exe 09c66bc226b68d6ee350b1c3761b5e75 224
18. SmgBldts.exe 2e26b8c09f4d7189233c5f52a04ce0f1 216
19. odtclienttsk.exe 1425952fb3cee5185e308e1f72a39437 94
20. GawosnuwoseReportsTask.exe eca362ecf62db570952f95cde7b32e9d 89
21. ArhCnttask.exe cfc99ce7eb3a82f2e4b30a347a0c7fa4 71
22. PlzcmmTask.exe de30544bc25adc457598aeaa5840743f 33
23. NwtcntTsk.exe ae4f027e083489ad69a6ef00a754886a 16
24. NwtcntTsk.exe 13c911d3bf89615c816206061721b9e8 10
25. awpNdfs.xhtm5 b1e99b994fffb18803973a1e110cb127 3
26. plmDbgtask.exe 25bd0397e2a3802d6d276a3625db11a2 1
27. ddophprokalymdls.xhtm5 8e1ccdf75bf359e82a988a1d5034cd1b 1
28. CepetyDebugerPlotutbnotain.exe e7eb23491228559c71f10afaadc843d3 1
More files

Registry Details

Yessearches.com may create the following registry entry or registry entries:
CLSID
{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F}
{98C066AB-D735-4339-9E52-A34875141B56}
File name without path
http_www.yessearches.com_0.localstorage
http_www.yessearches.com_0.localstorage-journal
http_yessearches.com_0.localstorage
http_yessearches.com_0.localstorage-journal
Regexp file mask
%WINDIR%\System32\Tasks\ACGPro Update
%WINDIR%\System32\Tasks\Arerack Server
%WINDIR%\System32\Tasks\Celywosh Module
%WINDIR%\System32\Tasks\Jejochclipasp Schedule
%WINDIR%\System32\Tasks\Pucogestaceried Client
%WINDIR%\System32\Tasks\Reogich Launcher
%WinDir%\System32\Tasks\Thowekmigush Cache
%WINDIR%\Tasks\Jejochclipasp Schedule.job
SOFTWARE\Classes\Local Settings\ms-ptid-key\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Software\Microsoft\Internet Explorer\DOMStorage\yessearches.com
SOFTWARE\Microsoft\Tracing\Winsere_RASAPI32
SOFTWARE\Microsoft\Tracing\Winsere_RASMANCS
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACGPro Update
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Arerack Server
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Coollevalaly Configuration
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pucogestaceried Client
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reogich Launcher
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F}
SOFTWARE\Wow6432Node\Microsoft\Tracing\Winsere_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\Winsere_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F}
SOFTWARE\Wow6432Node\yessearchesSoftware
SOFTWARE\Wow6432Node\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
SOFTWARE\Wow6432Node\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
SOFTWARE\yessearchesSoftware
SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
SYSTEM\ControlSet001\services\celywoshModuleSrv
SYSTEM\ControlSet001\services\Poletherclnsrv
SYSTEM\ControlSet001\services\QqrCloudsrv
SYSTEM\ControlSet001\services\ReogichLauncherservice
SYSTEM\ControlSet002\services\celywoshModuleSrv
SYSTEM\ControlSet002\services\Poletherclnsrv
SYSTEM\ControlSet002\services\QqrCloudsrv
SYSTEM\ControlSet002\services\ReogichLauncherservice
SYSTEM\CurrentControlSet\services\celywoshModuleSrv
SYSTEM\CurrentControlSet\services\Poletherclnsrv
SYSTEM\CurrentControlSet\services\QqrCloudsrv
SYSTEM\CurrentControlSet\services\ReogichLauncherservice
SYSTEM\CurrentControlSet\Services\Winsere

Directories

Yessearches.com may create the following directory or directories:

%APPDATA%\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
%PROGRAMFILES%\ACGPro
%PROGRAMFILES%\Anaqatoch
%PROGRAMFILES%\Anidentjeniy
%PROGRAMFILES%\Arahick
%PROGRAMFILES%\Arerack
%PROGRAMFILES%\Ateredomkefisp
%PROGRAMFILES%\Atibuck
%PROGRAMFILES%\Atuqoiedtharech
%PROGRAMFILES%\Atusogh
%PROGRAMFILES%\Atuzackplfuly
%PROGRAMFILES%\Awaphhogecult
%PROGRAMFILES%\Begoch
%PROGRAMFILES%\Cahodom
%PROGRAMFILES%\Cegitdzege
%PROGRAMFILES%\Celywosh
%PROGRAMFILES%\Chekuph
%PROGRAMFILES%\Chulot
%PROGRAMFILES%\Cideyguvay
%PROGRAMFILES%\Ckigtsakile
%PROGRAMFILES%\Claqogeheqther
%PROGRAMFILES%\Clcegh
%PROGRAMFILES%\Cneleprupoch
%PROGRAMFILES%\Coewother
%PROGRAMFILES%\Coollevalaly
%PROGRAMFILES%\Difeward
%PROGRAMFILES%\Doroghtshejas
%PROGRAMFILES%\Drfghphcoge
%PROGRAMFILES%\Duvoshlecition
%PROGRAMFILES%\Ghaneckugick
%PROGRAMFILES%\Ghmese
%PROGRAMFILES%\Ghulotion
%PROGRAMFILES%\Gnirygnuied
%PROGRAMFILES%\Gredisfopudom
%PROGRAMFILES%\GtkFree
%PROGRAMFILES%\Jatosydinodom
%PROGRAMFILES%\Jejochclipasp
%PROGRAMFILES%\Nekatynufoch
%PROGRAMFILES%\Norseanuhition
%PROGRAMFILES%\Odtheratezotain
%PROGRAMFILES%\Pacicult
%PROGRAMFILES%\Phakichreenash
%PROGRAMFILES%\Phifackdujk
%PROGRAMFILES%\Plewught
%PROGRAMFILES%\Polether
%PROGRAMFILES%\Prakph
%PROGRAMFILES%\Praosh
%PROGRAMFILES%\Prooch
%PROGRAMFILES%\Pwaied
%PROGRAMFILES%\Qifiryplohele
%PROGRAMFILES%\Qiqerylugase
%PROGRAMFILES%\Reermadom
%PROGRAMFILES%\Reofesy
%PROGRAMFILES%\Reujosestogle
%PROGRAMFILES%\Rozenaock
%PROGRAMFILES%\Ruotygutght
%PROGRAMFILES%\SearchesToYesbnd
%PROGRAMFILES%\SearchesToYesbnd_
%PROGRAMFILES%\Semughdabuck
%PROGRAMFILES%\Shakoph
%PROGRAMFILES%\Shamotawoph
%PROGRAMFILES%\Shefale
%PROGRAMFILES%\Skusenzecult
%PROGRAMFILES%\Sosition
%PROGRAMFILES%\SpeedSearchesbnd
%PROGRAMFILES%\SpeedSearchesbnd_
%PROGRAMFILES%\Stbied
%PROGRAMFILES%\Stuheybunaward
%PROGRAMFILES%\Sudient
%PROGRAMFILES%\Tamisthivicult
%PROGRAMFILES%\Thacationqkk
%PROGRAMFILES%\Thicasrifty
%PROGRAMFILES%\Thofuckcukaent
%PROGRAMFILES%\Thquse
%PROGRAMFILES%\Ukerydrpas
%PROGRAMFILES%\Vimotyanisose
%PROGRAMFILES%\Vorayvkapy
%PROGRAMFILES%\WinSvces
%PROGRAMFILES%\WinTsks
%PROGRAMFILES%\Zepashchcacult
%PROGRAMFILES%\Ziwecultkorus
%PROGRAMFILES%\bevconesy
%PROGRAMFILES%\yesbnd
%PROGRAMFILES%\yesforsearchesbnd
%PROGRAMFILES%\yessearches-bnd
%PROGRAMFILES%\yessearches_bnd
%PROGRAMFILES%\yessearches_bnd_
%PROGRAMFILES%\yessearchesbnd
%PROGRAMFILES(x86)%\ACGPro
%PROGRAMFILES(x86)%\Anaqatoch
%PROGRAMFILES(x86)%\Anidentjeniy
%PROGRAMFILES(x86)%\Arahick
%PROGRAMFILES(x86)%\Arerack
%PROGRAMFILES(x86)%\Ateredomkefisp
%PROGRAMFILES(x86)%\Atibuck
%PROGRAMFILES(x86)%\Atuqoiedtharech
%PROGRAMFILES(x86)%\Atusogh
%PROGRAMFILES(x86)%\Atuzackplfuly
%PROGRAMFILES(x86)%\Awaphhogecult
%PROGRAMFILES(x86)%\Begoch
%PROGRAMFILES(x86)%\Bgdomckededom
%PROGRAMFILES(x86)%\Cahodom
%PROGRAMFILES(x86)%\Cegitdzege
%PROGRAMFILES(x86)%\Celywosh
%PROGRAMFILES(x86)%\Chekuph
%PROGRAMFILES(x86)%\Chewashqigusp
%PROGRAMFILES(x86)%\Chulot
%PROGRAMFILES(x86)%\Cideyguvay
%PROGRAMFILES(x86)%\Ckigtsakile
%PROGRAMFILES(x86)%\Ckiusydrovetion
%PROGRAMFILES(x86)%\Claqogeheqther
%PROGRAMFILES(x86)%\Clcegh
%PROGRAMFILES(x86)%\Clocksnutain
%PROGRAMFILES(x86)%\Cneleprupoch
%PROGRAMFILES(x86)%\Coewother
%PROGRAMFILES(x86)%\Coollevalaly
%PROGRAMFILES(x86)%\Ddophprokaly
%PROGRAMFILES(x86)%\Difeward
%PROGRAMFILES(x86)%\Doroghtshejas
%PROGRAMFILES(x86)%\Drfghphcoge
%PROGRAMFILES(x86)%\Duvoshlecition
%PROGRAMFILES(x86)%\Ghaneckugick
%PROGRAMFILES(x86)%\Ghmese
%PROGRAMFILES(x86)%\Ghulotion
%PROGRAMFILES(x86)%\Gnirygnuied
%PROGRAMFILES(x86)%\GtkFree
%PROGRAMFILES(x86)%\Jatosydinodom
%PROGRAMFILES(x86)%\Jejochclipasp
%PROGRAMFILES(x86)%\Kijogh
%PROGRAMFILES(x86)%\Nekatynufoch
%PROGRAMFILES(x86)%\Norseanuhition
%PROGRAMFILES(x86)%\Odtheratezotain
%PROGRAMFILES(x86)%\Pacicult
%PROGRAMFILES(x86)%\Phakichreenash
%PROGRAMFILES(x86)%\Phifackdujk
%PROGRAMFILES(x86)%\Plewught
%PROGRAMFILES(x86)%\Plimik
%PROGRAMFILES(x86)%\Polether
%PROGRAMFILES(x86)%\Prakph
%PROGRAMFILES(x86)%\Praosh
%PROGRAMFILES(x86)%\Prooch
%PROGRAMFILES(x86)%\Pwaied
%PROGRAMFILES(x86)%\Qaheck
%PROGRAMFILES(x86)%\Qifiryplohele
%PROGRAMFILES(x86)%\Qiqerylugase
%PROGRAMFILES(x86)%\Reermadom
%PROGRAMFILES(x86)%\Reofesy
%PROGRAMFILES(x86)%\Reujosestogle
%PROGRAMFILES(x86)%\Rozenaock
%PROGRAMFILES(x86)%\Ruotygutght
%PROGRAMFILES(x86)%\SearchesToYesbnd
%PROGRAMFILES(x86)%\SearchesToYesbnd_
%PROGRAMFILES(x86)%\Semughdabuck
%PROGRAMFILES(x86)%\Shakoph
%PROGRAMFILES(x86)%\Shamotawoph
%PROGRAMFILES(x86)%\Shefale
%PROGRAMFILES(x86)%\Skusenzecult
%PROGRAMFILES(x86)%\Sosition
%PROGRAMFILES(x86)%\SpeedSearchesbnd
%PROGRAMFILES(x86)%\SpeedSearchesbnd_
%PROGRAMFILES(x86)%\Stbied
%PROGRAMFILES(x86)%\Stuheybunaward
%PROGRAMFILES(x86)%\Sudient
%PROGRAMFILES(x86)%\Tamisthivicult
%PROGRAMFILES(x86)%\Thacationqkk
%PROGRAMFILES(x86)%\Thicasrifty
%PROGRAMFILES(x86)%\Thofuckcukaent
%PROGRAMFILES(x86)%\Thowekmigush
%PROGRAMFILES(x86)%\Thquse
%PROGRAMFILES(x86)%\Ukerydrpas
%PROGRAMFILES(x86)%\Vimotyanisose
%PROGRAMFILES(x86)%\Vorayvkapy
%PROGRAMFILES(x86)%\WinSvces
%PROGRAMFILES(x86)%\WinTsks
%PROGRAMFILES(x86)%\Zepashchcacult
%PROGRAMFILES(x86)%\Zihirycoupaing
%PROGRAMFILES(x86)%\Zivuleclahtain
%PROGRAMFILES(x86)%\Ziwecultkorus
%PROGRAMFILES(x86)%\bevconesy
%PROGRAMFILES(x86)%\yesbnd
%PROGRAMFILES(x86)%\yesforsearchesbnd
%PROGRAMFILES(x86)%\yessearches-bnd
%PROGRAMFILES(x86)%\yessearches_bnd
%PROGRAMFILES(x86)%\yessearchesbnd
%ProgramFiles%\Rritckesock
%ProgramFiles%\Sorawardanagck
%ProgramFiles(x86)%\Bvaing
%ProgramFiles(x86)%\Reogich
%ProgramFiles(x86)%\Rritckesock
%ProgramFiles(x86)%\Sorawardanagck
%TEMP%\1D906534-09DB-4839-812B-4B417EBBB3FC

URLs

Yessearches.com may call the following URLs:

", "yessearches");
yessearches.com
yessearches.com/

Trending

Most Viewed

Loading...