Home Rogue Websites Globasearch.com

Globasearch.com

Posted: October 10, 2011

Globasearch.com is a fake search engine website that steals legitimate results from other search engines instead of creating Globasearch.com's own results. SpywareRemove.com malware experts have also noted that Globasearch.com tampers with Globasearch.com's results by adding irrelevant advertisements and forces traffic to itself by using browser hijacker infections. Globasearch.com browser hijackers are often bundled with unrelated gaming applications that are downloaded from untrustworthy websites. If you find that you've been attacked by a Globasearch.com hijacker, you shouldn't try to remove the Globasearch.com infection manually – Globasearch.com hijackers have been known to overwrite certain system settings, and improper Globasearch.com removal may cause harm to your web browser or Windows. The safest method of removing Globasearch.com is to use an anti-malware program that can delete all Globasearch.com components while also reversing any changes to your browser or operating system.

Keeping Your Search Results Safe from Globasearch.com

SpywareRemove.com malware research team has traced the majority of Globasearch.com hijacker infections back to Monopoly game downloads that are hosted by Cnet, a generic software website. Avoiding these types of applications from Cnet.com and equally-suspicious sites can help reduce your chances of catching a Globasearch.com infection. However, even one visit to Globasearch.com may also be enough to endanger your browser, since Globasearch.com and similar sites have been known to use drive-by-download scripts to install their browser hijackers without permission.

Globasearch.com redirect attacks can be recognized easily, since they have displayed a preference for triggering only after visits to Google.com. If you attempt to use this website and find that you're redirected to Globasearch.com, your PC has been compromised by Globasearch.com's browser hijacker, and you should respond with appropriate anti-malware software. SpywareRemove.com malware experts also note that, unlike some browser hijacker attacks, Globasearch.com's redirects will often continue to use a mutilated variant of the original URL (such as googlesearch.uuuq.com) instead of displaying Globasearch.com's URL.

Why Globasearch.com's Search Results are a Glob of Nothing

Although Globasearch.com looks like a normal search engine website, and even Globasearch.com's search results may, at a passing glance, appear to be safe, Globasearch.com is a fraudulent site that has no real search-related capabilities. SpywareRemove.com malware researchers have caught Globasearch.com stealing the search results of other search engines, most notably Google, which gives you zero reason to use Globasearch.com over the site that it's stealing its results from in the first place.

In addition to the ever-present risk of drive-by-download scripts that can install a Globasearch.com browser hijacker, Globasearch.com will also alter your search results by exposing you to advertisements that are mixed in with the normal results. These advertisement may be misleading or actively dangerous, and have no point except to drive revenue back to Globasearch.com. To protect your PC from possible infections, phishing attempts and other attacks, it's strongly encouraged for you to stay away from both Globasearch.com and Globasearch.com's links.

Technical Details

File System Modifications

The following files were created in the system:



UAC.tmp File name: UAC.tmp
File type: Temporary File
Mime Type: unknown/tmp
_VOIDtmp File name: _VOIDtmp
4DW4R3.sys File name: 4DW4R3.sys
File type: System file
Mime Type: unknown/sys
UAC.sys File name: UAC.sys
File type: System file
Mime Type: unknown/sys
_VOID.sys File name: _VOID.sys
File type: System file
Mime Type: unknown/sys
4DW4R3.dll File name: 4DW4R3.dll
File type: Dynamic link library
Mime Type: unknown/dll
_VOIDmainqt.dll File name: _VOIDmainqt.dll
File type: Dynamic link library
Mime Type: unknown/dll
_VOID.dll File name: _VOID.dll
File type: Dynamic link library
Mime Type: unknown/dll
_VOID.tmp File name: _VOID.tmp
File type: Temporary File
Mime Type: unknown/tmp
4DW4R3sv.dat File name: 4DW4R3sv.dat
File type: Data file
Mime Type: unknown/dat
4DW4R3c.dll File name: 4DW4R3c.dll
File type: Dynamic link library
Mime Type: unknown/dll
uacinit.dll File name: uacinit.dll
File type: Dynamic link library
Mime Type: unknown/dll
UAC.dll File name: UAC.dll
File type: Dynamic link library
Mime Type: unknown/dll
uactmp.db File name: uactmp.db
Mime Type: unknown/db
_VOID.dat File name: _VOID.dat
File type: Data file
Mime Type: unknown/dat
UAC.dat File name: UAC.dat
File type: Data file
Mime Type: unknown/dat
UAC.db File name: UAC.db
Mime Type: unknown/db
wdmaud.sys File name: wdmaud.sys
File type: System file
Mime Type: unknown/sys
%Temp%\tmp[RANDOM NUMBERS].tmp File name: %Temp%\tmp[RANDOM NUMBERS].tmp
File type: Temporary File
Mime Type: unknown/tmp
%System%\UAC[RANDOM CHARACTERS].dat File name: %System%\UAC[RANDOM CHARACTERS].dat
File type: Data file
Mime Type: unknown/dat

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar=[WEBSITE ADDRESS]HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CustomizeSearch = [WEBSITE ADDRESS]HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchAssistant = [WEBSITE ADDRESS]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch = [WEBSITE ADDRESS]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID[RANDOM CHARACTERS]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CD_ProxyHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sysHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
Loading...