How to remove software causing redirects to the searches-world.com website

Also Known As: searches-world.com browser hijacker
Damage level: Medium

What kind of website is searches-world.com?

While investigating deceptive sites, our researchers found an installer containing a browser hijacker that promotes the searches-world.com fake search engine.

Typically, browser-hijacking software endorses (via redirects) such sites by modifying browser settings. However, this setup made no alterations to the browser on our test machine. It also used an intricate persistence-ensuring mechanism to complicate its removal.

searches-world.com browser hijacker

Searches-world.com promoting browser hijacker overview

With a setup promoting searches-world.com installed on our testing system, search queries entered into the URL bar resulted in redirects to this website. Illegitimate search engines are usually incapable of providing search results, so they lead to genuine Internet search sites (e.g., Bing, Google, Yahoo, etc.).

However, where searches-world.com lands varies greatly. The redirects (and redirection chains) appear randomized but are also somewhat influenced by the user's geolocation. At the time of research, we observed searches-world.com landing on the legitimate Bing search engine (bing.com) and on several nonfunctional pages.

As mentioned in the introduction, this browser hijacker utilizes a persistence-ensuring technique to prevent users from recovering their browsers.

The redirects are facilitated through a process called "UITheme.exe" – however, it cannot be easily removed. The hijacker employs a legitimate Windows tool from Microsoft's Deployment ToolKit called "ServiceUI", which ensures that that "UITheme.exe" is rerun after its process is terminated via Task Manager and following system reboots.

Therefore, there is a specific sequence to removing the searches-world.com promoting browser hijacker; the removal steps can be found below.

Threat Summary:
Name searches-world.com redirect
Threat Type Browser Hijacker, Redirect, Search Hijacker, Toolbar, Unwanted New Tab
Detection Names (malicious installer) Avast (FileRepMalware [Adw]), DrWeb (Trojan.Adject.1), McAfee (Artemis!1C5FE79233C4), Webroot (W32.Adware.Gen), Full List Of Detections (VirusTotal)
Detection Names (UITheme.exe) Bkav Pro (W64.AIDetectMalware), CrowdStrike Falcon (Win/malicious_confidence_70% (D)), Full List Of Detections (VirusTotal)
Promoted URL searches-world.com
Affected Browser Settings Homepage, new tab URL, default search engine
Symptoms Users are forced to visit the hijacker's website and search the Internet using their search engines.
Distribution methods Deceptive pop-up ads, free software installers (bundling).
Damage Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner
To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Browser hijacker in general

In most cases, browser hijackers appear legitimate and ordinary. They are commonly endorsed as useful tools with a broad range of functionalities. However, these features are usually fake and nonoperational.

Keep in mind that even if a piece of software works as indicated by its promotional material – that is not definitive proof of either legitimacy or safety.

Standard browser hijackers change browsers' default search engines, homepages, and new tab/window URLs to the addresses of promoted websites. These modifications allow this software to generate redirects whenever a new browser tab/window is opened or a Web search is performed through the URL bar.

It is noteworthy that browser hijackers often have data-tracking functionalities and use them to target browsing and search engine histories, Internet cookies, usernames/passwords, credit card numbers, and other sensitive information.

We have analyzed thousands of browser hijackers; New keyCute Goats TabHoroscope HarmonyExtreme Sports WallpapersSharks TabThe Weather Mom – are just some of our latest finds.

How did searches-world.com promoting software install on my computer?

We downloaded an installer for software promoting searches-world.com from a deceptive page that used an adult-themed lure.

Browser hijackers are endorsed on various scam sites and on official-looking promotional webpages. Most visitors access such pages via redirects generated by misspelled URLs, websites that employ rogue advertising networks, spam browser notifications, intrusive ads, or installed adware.

Browser-hijacking software can also be bundled with ordinary programs. The risk of inadvertently allowing bundled content into the system is increased by downloading from dubious channels (e.g., freeware and third-party sites, P2P sharing networks, etc.) and by treating installations with negligence (e.g., using "Easy/Express" settings, etc.).

Intrusive advertisements proliferate browser hijackers as well. Some of these adverts can execute scripts to perform stealthy downloads/installations upon being clicked.

How to avoid installation of browser hijackers?

We strongly recommend researching software and downloading it only from official/trustworthy sources. Additionally, installation processes must be treated with care, e.g., by reading terms, exploring possible options, using the "Custom/Advanced" settings, and opting out of all supplementary apps, extensions, tools, etc.

Another recommendation is to be vigilant while browsing since fraudulent and malicious online content usually appears legitimate and innocuous. For example, intrusive advertisements may look harmless – yet redirect to unreliable and questionable websites (e.g., scam-promoting, gambling, adult dating, pornography, etc.).

In the case of continuous encounters with such ads/redirects, check the system and immediately remove all suspect applications and browser extensions/plug-ins. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate this browser hijacker.

Appearance of searches-world.com redirecting to the Bing search engine (GIF):

searches-world.com browser hijacker redirecting to Bing (GIF)

Screenshots of deceptive websites promoting an installer containing this browser hijacker:

Deceptive website used to promote searches-world.com browser hijacker 1 Deceptive website used to promote searches-world.com browser hijacker 2 Website promoting searches-world.com and ook.gg browser hijackers (sample 1) Website promoting searches-world.com and ook.gg browser hijackers (sample 2)

Removal steps for this browser hijacker:

searches-world.com browser hijacker removal step 1

Open Windows Task Manager, locate the "ServiceUI.exe" process and terminate it by clicking "End task".

searches-world.com browser hijacker removal step 2

Afterward, locate "UITheme.exe" on Windows Task Manager and end this process by clicking "End task".

searches-world.com browser hijacker removal step 3

Open the "System32" Windows folder (C:\Windows\System32), locate "UITheme.exe" and delete it.

Video showing how to remove searches-world.com redirect using Combo Cleaner:

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:


declining installation of browser hijackers while downloading free software sampleA browser hijacker is a type of adware infection that modifies Internet browser settings by assigning the homepage and default Internet search engine settings to some other (unwanted) website URL. Commonly, this type of adware infiltrates operating systems through free software downloads. If your download is managed by a download client, ensure that you decline offers to install advertised toolbars or applications that seek to change your homepage and default Internet search engine settings.

Post a comment:
If you have additional information on searches-world.com browser hijacker or it's removal please share your knowledge in the comments section below.

Frequently Asked Questions (FAQ)

What is the purpose of forcing users to visit searches-world.com website?

Cyber criminals (e.g., developers of fake search engines and browser hijackers, etc.) generate revenue through redirects to webpages like searches-world.com.

Is visiting searches-world.com a threat to my privacy?

Most likely, yes. Websites classified as fake search engines usually collect (and sell) visitor data.

How did a browser hijacker infiltrate my computer?

Browser-hijacking software is primarily distributed via deceptive promotional webpages, bundled installers, online scams, freeware and free file-hosting websites, P2P sharing networks, intrusive ads, and spam browser notifications.

Will Combo Cleaner help me remove browser hijackers?

Combo Cleaner can scan systems and eliminate installed browser-hijacking applications. Note that manual removal (unaided by security software) might be ineffective, especially when multiple browser hijackers have infiltrated the system. In these instances, after one is removed – the others may reinstall it. Furthermore, browser-hijacking software might be capable of denying access to removal-related settings and/or undoing user-made changes. Therefore, it is essential to eliminate browser hijackers thoroughly and all at once.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
Software uninstall instructions
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
searches-world.com browser hijacker QR code
Scan this QR code to have an easy access removal guide of searches-world.com browser hijacker on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.