Description is a fake search engine website that imitates Google, as well as using browser hijackers to steal Google’s traffic and lock down other aspects of web-browsing applications. malware researchers have found that most infections occur from compromised software installations that also contain’s malicious Browser Helper Object (also known as a BHO) and may install it without consent. You shouldn’t try to combat the symptoms of a browser hijack by changing your browser; instead, delete the browser hijacker itself by using a suitable anti-malware program.

Finding Your Way to (and Why You’ll Want to Come Back)

The majority of attacks happen only after the victim has installed Babylon-brand translation software, which often contains a browser hijacker that it also installs. malware researchers have noted that, much like a ,Google Redirect Virus, ,Google Redirect Hijacker or Redirecting Google Searches infection,’s browser hijacker can redirect you from Google searches to’s own search page without your permission. These attacks may target any popular browser, including Firefox, Chrome and Internet Explorer.

Unlike some forms of search engine hijackers, however, will also hijack your homepage and lock it to

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Meanwhile, browser settings will be ‘grayed out’ to prevent you from changing their values back to normal. Although keeping your web browser and security software up-to-date can help to reduce these forms of security vulnerabilities, nothing except avoiding a browser hijacker infection altogether can perfectly protect your computer from redirects.

Browsing’s Fraudulent Search Result Scenery tries to appeal to casual visitors by using the same interface as Google, but malware experts have noted huge differences between Google’s search results and’s – namely, in the fact that’s search results aren’t useful at all! Visiting’s search result links can result in any or all of the following issues:
  • Losing private information to phishing websites that imitate the appearance, but not the security of a legitimate website. Phishing sites may appear to be identical to a normal website in all ways, save for a mismatched web address or URL.
  • Being attacked by automatically-installed infections through drive-by-download Flash or JavaScript scripts. Disabling Java and Flash can reduce, but does not eliminate the chances of such drive-by-download attacks.
  • Being exposed to fake system alerts, error messages and system scans that warn you about infections and other problems that aren’t on your PC. Websites that use these attacks may attempt to sell rogue security software, which try to ask for money while simultaneously pretending that your PC is being threatened by countless Trojans, worms and other types of harmful software.

You can remove browser hijackers with suitably-powerful anti-malware software, although, in the meantime, malware analysts strongly encourage you to use Safe Mode and avoid usage of your browser. Automatic Detection Tool (Recommended)

Is your PC infected with To safely & quickly detect we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name
    1 %Windows%\system32\consrv.dll
    2 %Windows%\system32\DRIVERS\mrxsmb.sys
    3 BabylonToolbar.dll
    4 BabylonToolbarsrv.exe

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar\BabylonToolbarSubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\Instl\DataHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\VersionIndependentProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
Posted: October 3, 2011 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 5/10

One Comment

Leave a Reply

What is 10 + 15 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)