Remove and SearchMe Toolbar from Your PC

Remove and SearchMe Toolbar from Your PC


A browser hijacker, named SearchMe Toolbar has been reported to be associated with the search engine. Conduit search engine is infamous and notorious for being a part of a large advertising network which uses PUA (Potentially Unwanted Applications) like the SearchMe toolbar to spread across user computers. The toolbar may collect different information via the search engine and share it with third-parties, redirect to third-party websites that may be dangerous and slow down the computer. This is the primary reason why malware researchers strongly recommend removing software from your computer in case you have it.

Threat Summary and SearchMe Toolbar
TypeBrowser Hijacker and PUA
Short DescriptionModifies the web browsers, collects information, may display advertisements, may share information with third parties.
SymptomsSlow PC, changed new tab and home page to
Distribution MethodVia bundled packages, other PUPs
Detection Tool See If Your System Has Been Affected by and SearchMe Toolbar


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss and SearchMe Toolbar and SearchMe Toolbar – How Are They Spread

The browser hijacker may be redistributed via several different methods, the primary of which is bundling. Applications like the SearchMe toolbar may be added in the installers of free programs downloaded from the web. Usually, such installers can be found on third-party software-providing websites that offer a massive variety of freeware for download in one place. Since a lot of users do not mind where they download installers from they usually download the installers and do not notice the added programs as free extras in the installers, for example:


Such free programs may be anything, ranging from your free media player to free games, torrent downloaders, and other useful freeware often downloaded. Since some websites make a profit by adding third-party application, they do not mind what kind of apps they bundle. Researchers strongly advise users to pay attention to the Advanced and Custom installation options when they install a program and if possible to only download it from its official site to prevent such PUAs from slithering onto your computer.

SearchMe Toolbar – More Information

The SearchMe Toolbar itself is classified by ESG malware researchers to be a potentially unwanted application. The toolbar can heavily modify the web browser on the affected computers. There are a lot of versions of this software that are interconnected with the infamous Conduit search engine, which is associated with a large number of other toolbars and browser add-ons just like it.

After the SearchMe Toolbar has been installed on your computer, the software may start to modify these Windows folders:

→ C:\Users\%UserProfile%\Administrator\AppData \Local\ Google\ Chrome\User Data \Default\Secure Preferences
C:\Users\%UserProfile%\Administrator\AppData\Local \Google\ Chrome\User Data\Default\ Web Data

SearchMe may also modify heavily the registry entries of the affected computer, changing numerous Windows settings, similar to malware. Symantec researchers have reported the following entries being targeted:

→ HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”fcv” = “251”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”isn” = “7C0095E782494A16B14F78FEB0C7428C”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”WS_IE_IB” = “{searchTerms}”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”WS_FF_IB” = “”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”WS_FF_AB” = “”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”WS_GC_IB” = “{searchTerms}”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”HP_IE” = “”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”HP_FF” = “”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”HP_GC” = “”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”ping_ts” = 0x578DB4BE
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”GCDSFailed” = “0”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”GCHPFailed” = “0”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”IEDSFailed” = “0”
HKEY_USERS\S-1-5-21-1183130530-2106554489-1195938152-500\Software\SearchmeToolbarST\”IEHPFailed” = “0” Source: Symantec Security Response

After modifying these keys, the SearchMe Toolbar may change the default new tab and home page of the web browsers Firefox, Chome and Internet Explorer to

search-conduit-searchme-toolbar-sensorstechforum – More Information

The search engine itself also shows suspicious behavior. Initially, we have noticed during our research that the search engine not only does not have an encrypted HTTPs connection, which is highly untypical for search engines, but it also uses cookies linking to third-parties:


These cookies may be used by the creators of this search engine to collect your:

  • IP address.
  • MAC address.
  • Information about the software installed on your computer.
  • Browsing history.
  • Online clicks.
  • Online search history.
  • Personal information.

What was even more interesting is that we have found a connection between Conduit and Trovi, which is another advertising network. This happened when we checked the privacy policy, where they clearly state that they may collect non-identifiable and personally identifiable information from any users:

search-conduit-sensorstechforum-privacy-policy and SearchMe Toolbar – Conclusion and Removal Instructions

As a bottom line, we have a toolbar that unknowingly slips into your computer, heavily modifies it, making itself hard to delete and allowing it to display various advertisements. The toolbar is associated with two very big advertising “companies” – Trovi and Conduit, which make their profit by having a vast number of unwanted programs that are actively running on the computers of affected users. This is done to make a profit at the expense of you, the user by causing browser redirects and generating unoriginal traffic to vendors that may or may not be their clients. It is also believed that some of the profit these companies generate may come from thick pay-per-click schemes and other ad-networks. It is also likely too see advertisements in different forms that may redirect to different third-party websites, in case you have the SearchMe Toolbar.

Since those third-party sites may be dangerous to your computer, we strongly advise you to immediately remove and SearchMe Toolbar from your computer and make sure it is protected in the future as well. To do this swiftly and effectively, we recommend following the removal instructions below and also scanning your computer with an advanced anti-malware program for best results. Doing this will not only delete all associated objects with these threats, but it will also make sure that you stay protected in the future as well.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share