A DNS modifying browser hijacker has been reported on security forums to intercept internet traffic and cause browser redirects to other websites. The hijacker is hosted by a reputable company which provides custom networks known as Level3. It automatically sets the Searchguide(dot)level3(dot)com search engine as a home page of the user and causes browser redirects every time a user types an invalid URL in the address bar. All users who have seen this and any other Level3 associated websites appearing without their approval should remove it and change the DNS, as illustrated in this article.
|Short Description||The domain may do various dangerous or unhealthy to the PC activities.|
|Symptoms||The user may witness redirects to other potentially harmful domains.|
|Distribution Method||Via PUPs, installed by bundling or by visiting a suspicious third-party site that is advertising it.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Searchguide(.)level3(.)com|
|User Experience||Join our forum to discuss Searchguide(.)level3(.)com.|
Searchguide(.)level3(.)com – Distribution
To spread onto user PCs, this potentially unwanted program (PUP) may use different practices. Yes, it can enter on your computer if you have a Trojan.Downloader. But it can also become a part of it in case you have downloaded a bundled installer. Such installers may include a Searchguide(.)level3(.)com product added: “as a free extra” to the installation. However, the user may “pay a hefty price” by unknowingly installing it.
Searchguide(.)level3(.)com In Detail
The software itself may not be dangerous to the user and may have nothing to do with Level3. However, the browser hijacker associated with the Searchguide(.)level3(.)com engine may perform various unwanted activities on your computer.
To begin with, the software may assume permissions over the management of the home page and the new tab page of your web browser. It then may create registry entries of your browser to perform different activities such as browser redirects. If you are using Google Chrome, for example, the Searchguide(.)level3(.)com browser hijacker may create custom keys with values and data in the following Windows Registry subkey:
The same principle may go for Mozilla Firefox, Internet Explorer and Safari. Such modified settings via registry keys are known as privilege escalation. It allows the software to perform different activities such as changing your DNS address:
When we researched the search engine itself it was established that it does not support HTTPs encryption which is highly untypical for a search engine:
Not only this but Searchguide(.)level3(.)com notifies users that they may see advertisements by third-party websites upon searching something.
Not only this but in this very policy, the developers claim that information may be used to display advertisements to users. One user on DSLReports has reported the following situation:
“In the last week I have noticed if I enter an invalid URL such as www.mauisun.orgf I AM DIRECTED TO
»searchguide.level3.com/s ··· sun.orgf
I used to get just a 404 error WHICH IS WHAT I WANT!!!! (I dont use the cable companies DNS servers because I DONT WANNA SEE THIS CRAP)
ANYONE KNOW HOW TO GET RID OF THIS GARBAGE??”
Furthermore, the DNS servers used in relation to Searchguide(.)level3(.)com that may cause such browser redirects have been reported to be the following:
Such servers may not only intercept ALL internet traffic but they may also indirectly allow other activities not suitable for the user to be performed. The main indirect danger with the browser hijacker associated with searchguide(.)level3(.)com may be with suspicious third-party webistes:
- They may be sites part of pay-per-click schemes.
- They could be malicious websites that may infect the user with malware.
- They might be scamming sites that phish for your financial data.
The bottom line is that this search engine may not be created by Level3, but instead by a third-party looking forward to making profits by redirecting traffic to “custom” third-party sites. Since there may be dangerous third-party sites out there and it may collect certain information from the user, its removal is a should.
Remove Searchguide(.)level3(.)com from Your Browser and Restore Your DNS
Before restoring your DNS server back to normal, we strongly advise to remove the software first. You may do this manually by following the step-by-step instructions illustrated below. We strongly advise for the usage of an advanced anti-malware tool to scan for every object associated with this software and also check for other threats.
After removing the software you should follow these steps:
1. Open your Windows search and type “View Network Connections”.
2. Open it, right click on your current connection (Wireless or LAN) and click Properties.
3. Mark the Internet Protocol Version you are using (It is most likely IPV4 – Version 4) and click on Properties.
4. Go over at your DNS server box and click “Obtain DNS server automatically” then click Apply and then on Ok. Your network connection may reset which may take up to 30 40 seconds the most and then you may connect again with your original DNS.