What kind of website is searches-world.com?
While investigating deceptive sites, our researchers found an installer containing a browser hijacker that promotes the searches-world.com fake search engine.
Typically, browser-hijacking software endorses (via redirects) such sites by modifying browser settings. However, this setup made no alterations to the browser on our test machine. It also used an intricate persistence-ensuring mechanism to complicate its removal.
Searches-world.com promoting browser hijacker overview
With a setup promoting searches-world.com installed on our testing system, search queries entered into the URL bar resulted in redirects to this website. Illegitimate search engines are usually incapable of providing search results, so they lead to genuine Internet search sites (e.g., Bing, Google, Yahoo, etc.).
However, where searches-world.com lands varies greatly. The redirects (and redirection chains) appear randomized but are also somewhat influenced by the user's geolocation. At the time of research, we observed searches-world.com landing on the legitimate Bing search engine (bing.com) and on several nonfunctional pages.
As mentioned in the introduction, this browser hijacker utilizes a persistence-ensuring technique to prevent users from recovering their browsers.
The redirects are facilitated through a process called "UITheme.exe" – however, it cannot be easily removed. The hijacker employs a legitimate Windows tool from Microsoft's Deployment ToolKit called "ServiceUI", which ensures that that "UITheme.exe" is rerun after its process is terminated via Task Manager and following system reboots.
Therefore, there is a specific sequence to removing the searches-world.com promoting browser hijacker; the removal steps can be found below.
|Threat Type||Browser Hijacker, Redirect, Search Hijacker, Toolbar, Unwanted New Tab|
|Detection Names (malicious installer)||Avast (FileRepMalware [Adw]), DrWeb (Trojan.Adject.1), McAfee (Artemis!1C5FE79233C4), Webroot (W32.Adware.Gen), Full List Of Detections (VirusTotal)|
|Detection Names (UITheme.exe)||Bkav Pro (W64.AIDetectMalware), CrowdStrike Falcon (Win/malicious_confidence_70% (D)), Full List Of Detections (VirusTotal)|
|Affected Browser Settings||Homepage, new tab URL, default search engine|
|Symptoms||Users are forced to visit the hijacker's website and search the Internet using their search engines.|
|Distribution methods||Deceptive pop-up ads, free software installers (bundling).|
|Damage||Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
Browser hijacker in general
In most cases, browser hijackers appear legitimate and ordinary. They are commonly endorsed as useful tools with a broad range of functionalities. However, these features are usually fake and nonoperational.
Keep in mind that even if a piece of software works as indicated by its promotional material – that is not definitive proof of either legitimacy or safety.
Standard browser hijackers change browsers' default search engines, homepages, and new tab/window URLs to the addresses of promoted websites. These modifications allow this software to generate redirects whenever a new browser tab/window is opened or a Web search is performed through the URL bar.
It is noteworthy that browser hijackers often have data-tracking functionalities and use them to target browsing and search engine histories, Internet cookies, usernames/passwords, credit card numbers, and other sensitive information.
How did searches-world.com promoting software install on my computer?
We downloaded an installer for software promoting searches-world.com from a deceptive page that used an adult-themed lure.
Browser hijackers are endorsed on various scam sites and on official-looking promotional webpages. Most visitors access such pages via redirects generated by misspelled URLs, websites that employ rogue advertising networks, spam browser notifications, intrusive ads, or installed adware.
Browser-hijacking software can also be bundled with ordinary programs. The risk of inadvertently allowing bundled content into the system is increased by downloading from dubious channels (e.g., freeware and third-party sites, P2P sharing networks, etc.) and by treating installations with negligence (e.g., using "Easy/Express" settings, etc.).
Intrusive advertisements proliferate browser hijackers as well. Some of these adverts can execute scripts to perform stealthy downloads/installations upon being clicked.
How to avoid installation of browser hijackers?
We strongly recommend researching software and downloading it only from official/trustworthy sources. Additionally, installation processes must be treated with care, e.g., by reading terms, exploring possible options, using the "Custom/Advanced" settings, and opting out of all supplementary apps, extensions, tools, etc.
Another recommendation is to be vigilant while browsing since fraudulent and malicious online content usually appears legitimate and innocuous. For example, intrusive advertisements may look harmless – yet redirect to unreliable and questionable websites (e.g., scam-promoting, gambling, adult dating, pornography, etc.).
In the case of continuous encounters with such ads/redirects, check the system and immediately remove all suspect applications and browser extensions/plug-ins. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate this browser hijacker.
Appearance of searches-world.com redirecting to the Bing search engine (GIF):
Screenshots of deceptive websites promoting an installer containing this browser hijacker:
Removal steps for this browser hijacker:
Open Windows Task Manager, locate the "ServiceUI.exe" process and terminate it by clicking "End task".
Afterward, locate "UITheme.exe" on Windows Task Manager and end this process by clicking "End task".
Open the "System32" Windows folder (C:\Windows\System32), locate "UITheme.exe" and delete it.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
A browser hijacker is a type of adware infection that modifies Internet browser settings by assigning the homepage and default Internet search engine settings to some other (unwanted) website URL. Commonly, this type of adware infiltrates operating systems through free software downloads. If your download is managed by a download client, ensure that you decline offers to install advertised toolbars or applications that seek to change your homepage and default Internet search engine settings.
Post a comment:
If you have additional information on searches-world.com browser hijacker or it's removal please share your knowledge in the comments section below.
Frequently Asked Questions (FAQ)
What is the purpose of forcing users to visit searches-world.com website?
Cyber criminals (e.g., developers of fake search engines and browser hijackers, etc.) generate revenue through redirects to webpages like searches-world.com.
Is visiting searches-world.com a threat to my privacy?
Most likely, yes. Websites classified as fake search engines usually collect (and sell) visitor data.
How did a browser hijacker infiltrate my computer?
Browser-hijacking software is primarily distributed via deceptive promotional webpages, bundled installers, online scams, freeware and free file-hosting websites, P2P sharing networks, intrusive ads, and spam browser notifications.
Will Combo Cleaner help me remove browser hijackers?
Combo Cleaner can scan systems and eliminate installed browser-hijacking applications. Note that manual removal (unaided by security software) might be ineffective, especially when multiple browser hijackers have infiltrated the system. In these instances, after one is removed – the others may reinstall it. Furthermore, browser-hijacking software might be capable of denying access to removal-related settings and/or undoing user-made changes. Therefore, it is essential to eliminate browser hijackers thoroughly and all at once.