Home Malware Programs Browser Hijackers Search.babylon.com


Posted: October 3, 2011

Search.babylon.com is a fake search engine website that imitates Google, as well as using browser hijackers to steal Google's traffic and lock down other aspects of web-browsing applications. SpywareRemove.com malware researchers have found that most Search.babylon.com infections occur from compromised software installations that also contain Search.babylon.com's malicious Browser Helper Object (also known as a BHO) and may install it without consent. You shouldn't try to combat the symptoms of a Search.babylon.com browser hijack by changing your browser; instead, delete the browser hijacker itself by using a suitable anti-malware program.

Finding Your Way to Search.babylon.com (and Why You'll Want to Come Back)

The majority of Search.babylon.com attacks happen only after the victim has installed Babylon-brand translation software, which often contains a Search.babylon.com browser hijacker that it also installs. SpywareRemove.com malware researchers have noted that, much like a ,Google Redirect Virus, ,Google Redirect Hijacker or Redirecting Google Searches infection, Search.babylon.com's browser hijacker can redirect you from Google searches to Search.babylon.com's own search page without your permission. These attacks may target any popular browser, including Firefox, Chrome and Internet Explorer.

Unlike some forms of search engine hijackers, however, Search.babylon.com will also hijack your homepage and lock it to Search.babylon.com. Meanwhile, browser settings will be 'grayed out' to prevent you from changing their values back to normal. Although keeping your web browser and security software up-to-date can help to reduce these forms of security vulnerabilities, nothing except avoiding a Search.babylon.com browser hijacker infection altogether can perfectly protect your computer from Search.babylon.com redirects.

Browsing Search.babylon.com's Fraudulent Search Result Scenery

Search.babylon.com tries to appeal to casual visitors by using the same interface as Google, but SpywareRemove.com malware experts have noted huge differences between Google's search results and Search.babylon.com's – namely, in the fact that Search.babylon.com's search results aren't useful at all! Visiting Search.babylon.com's search result links can result in any or all of the following issues:

  • Losing private information to phishing websites that imitate the appearance, but not the security of a legitimate website. Phishing sites may appear to be identical to a normal website in all ways, save for a mismatched web address or URL.
  • Being attacked by automatically-installed infections through drive-by-download Flash or JavaScript scripts. Disabling Java and Flash can reduce, but does not eliminate the chances of such drive-by-download attacks.
  • Being exposed to fake system alerts, error messages and system scans that warn you about infections and other problems that aren't on your PC. Websites that use these attacks may attempt to sell rogue security software, which try to ask for money while simultaneously pretending that your PC is being threatened by countless Trojans, worms and other types of harmful software.

You can remove Search.babylon.com browser hijackers with suitably-powerful anti-malware software, although, in the meantime, SpywareRemove.com malware analysts strongly encourage you to use Safe Mode and avoid usage of your browser.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Search.babylon.com may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%Windows%\system32\DRIVERS\mrxsmb.sys File name: %Windows%\system32\DRIVERS\mrxsmb.sys
File type: System file
Mime Type: unknown/sys
%Windows%\system32\consrv.dll File name: %Windows%\system32\consrv.dll
File type: Dynamic link library
Mime Type: unknown/dll
BabylonToolbar.dll File name: BabylonToolbar.dll
File type: Dynamic link library
Mime Type: unknown/dll
BabylonToolbarsrv.exe File name: BabylonToolbarsrv.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{CLSID Path}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\Instl\DataHKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\VersionIndependentProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}HKEY..\..\..\..{Subkeys}SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar\BabylonToolbar

Related Posts

One Comment