Description Screenshot is a fraudulent search engine that’s also known by one of its sub-domains, Because is incapable of providing legitimate search results and may even redirect you to websites that sell scamware or make other attacks on your PC, malware researchers recommend that you keep well away from Though has been around for some time as of December 2011, there has been an observed resurgence in browser redirect attacks that force web browsers to open As is typically true, anti-malware programs can remove browser hijackers that are part of’s simple scam. However, failure to use standard security techniques before scanning your system may fail to remove any infections since PC threats have been known to use rootkit-based techniques to avoid deletion. – Not Even Functional on the Outside (Let Alone the Inside) has the appearance of a low-budget search engine, but unlike real search engines, can’t provide search results that are relevant to queries or sorted to avoid malicious websites. Appropriately, even’s site description even includes a default apology for being unable to find ‘search.’, which may also be referred to as (due to redirect attacks that have this URL as their end destination), has a past that’s tainted by association with rogue security programs, rootkits and browser hijackers.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

For safety’s sake, malware experts recommend that you scan your PC with anti-malware programs after any contact, no matter how minor, with, any of its sub-domains or any of its affiliates.

Disabling scripts for and similarly suspicious sites can be one important means of avoiding common infection routes for PC threats that distributes. Browser redirects for commonly take the form of homepage changes for certain types of browsers, especially Firefox. However, because’s browser hijackers alter basic Windows components (and not your browser) to launch their redirect attacks, changing or deleting your browser will not get rid of a browser hijacker that’s linked to

Appropriate Solutions to Dispel This Poor Adviser from Your Browser malware research team has found that even competent and up-to-date anti-malware programs can be unable to remove a browser hijacker without appropriate precursory safeguards. Since browser hijackers for have been known to name themselves after basic system components, use rootkit-level techniques to infect other processes and conceal themselves in OS-critical folders, manual removal isn’t suggested due to the high risk involved. Using Safe Mode, booting your PC from a removable drive-based device or booting your PC into a secondary OS will allow you to disable all PC threats, after which you can proceed with a standard anti-malware scan.

You should also be certain that your browser’s settings have been returned to their normal values prior to actually launching your browser, since redirects to and other methods of exposure to malicious sites can automatically re-infect your PC and require yet another system scan. However, damage to your PC should be nonexistent if you follow standard anti-malware procedures and use reputable software to get rid of PC threats. Automatic Detection Tool (Recommended)

Is your PC infected with To safely & quickly detect we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name
    1 %Windows%\system32\consrv.dll
    2 %Windows%\system32\DRIVERS\mrxsmb.sys
    3 %Windows%\system32\svchost.exe

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\System Index\Crawls\ll@IsCatalogLevel 0SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
Posted: December 22, 2011 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 5/10

Leave a Reply

What is 13 + 9 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)