Yet another browser hijacker based on Google Custom Search results has been spotted on the cyber-security radar by researchers. It sets the host Search.So-V(dot)com as a home page of your Google Chrome, Mozilla Firefox, Internet Explorer and other web browsers. It may look like a useful browser extension and may also be software installed directly onto your Programs and Features in Windows. Since it is capable of displaying different ads, leading to third-party websites, the hijacker is considered riskware. Users are advised towards its swift removal.
|Short Description||The software may do various dangerous or unhealthy to the PC activities.|
|Symptoms||The user may witness fake Update downloads as well as redirects and advertisements leading to other potentially harmful domains.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Search.So-V(dot)com|
|User Experience||Join our forum to discuss Search.So-V(dot)com.|
Search.So-V(dot)com Browser Hijacker – How Did I Get It
There are several methods, used to distribute such software out in the open. The primary ones include bundling which is the most often used tactic to slither such programs into a PC. It is essentially the including of such suspicious ad-supported program in a setup of a free software that is often sought after and downloaded via the web. There are many websites offering to bundle any app for profit and they are the ones users should stay away from. It is strongly advisable to look for the official site of the software and always check for “free extras” in the “Advanced” and “Custom” options of your installer.
Search.So-V(dot)com – How Does It Work
After it has been situated onto your PC, the So-V browser hijacker may create different files in several locations of your Windows device:
- %Program Files%
This hijacker also makes several registry values and keys with custom data in them to support it’s activity and assure it goes uninterrupted. Examples of keys are the following:
→ “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Internet Explorer\Control Panel
Values created in those keys may exist with different purposes – to conceal the application’s processes, to make it harder to uninstall, etc. They may not be malicious but they are risky since this application may use tracking technologies to obtain user information such as:
- IP address.
- Browsing History.
- Online searches.
- Online clicks.
All of this information may be collected to display different types of advertisements to the user. Ads may include pop-ups, banners, highlighted text and ad-supported search results. When we searched for “smartphones” this browser hijacker displayed the same advertisements as another one, called Searchinworld(.)com.
Alexa has classified the world ranking of this website at pretty decent at the moment of writing this – 600,232 with most users visiting it from Brasil.
Furthermore, we have established that this site uses different types of tracking tools such as cookies, pixels, LSOs and others:
The primary reason this suspicious search engine is considered indirectly dangerous is the third-party websites it may advertise to the user. It may redirect the user or advertise websites of malicious content. There are two main types of such sites that exist at the moment:
- Scamming sites that may extract different information from the user (ex. Tech Support scams, Phishing, etc.)
- Malicious websites that may directly infect the user’s computer with malware.
Remove Search.So-V(dot)com Completely
In order to fully get rid of this software residing on your PC, you should focus in taking methodological steps towards swiftly erasing its files. Since it may modify the registry entries and gain permissions we recommend following the step-by-step instructions below.