“Yes Searches” is a Potentially Unwanted Program (PUP) that after being installed on a computer will attach itself to all browsers, change their homepage, new tab page and search engine. The user may be redirected to websites with potentially malicious content and may be shown various sponsored results.
Threat Summary
Name | Yes Searches, ShortcutBoost.exe |
Type | Browser Hijacker, PUP |
Short Description | The homepage of a browser may look like a legitimate search engine, and there can be page redirects from the search results. |
Symptoms | The user may have installed the application without his agreement. Sets a custom homepage, search engine and may also change the new tab setting for all available browsers. |
Distribution Method | Freeware Installers, Bundling |
Detection Tool |
See If Your System Has Been Affected by malware
Download
Malware Removal Tool
|
User Experience | Join our forum to Discuss YesSearches. |
Yes Searches – How Did I Get It?
The “Yes Searches” PUP usually gets into your computer through third-party installers. It can sneak into your computer without your consent, by hiding itself in freeware installations and bundled packages. In these packages, additional components for installation are usually not disclosed in a proper way and people get tricked into installing potentially undesirable programs such as “ShortcutBoost.exe”. Sometimes that can be avoided by clicking on the “Advanced” or “Custom” setting in an installation setup to see what may be installed.
Other ways of getting infected are by opening spam emails and downloading e-mail attachments, or by clicking on different advertisements and banners containing potentially malicious content which may also add a browser extension. The domain name is the same: “www.YesSearches.com”.
Yes Searches – More About It
“Yes Searches” is classified as a browser hijacker and known to be developed in China. When it is installed on your computer, it may change DNS settings, different browser settings, such as the homepage, new tab and search engine of all browsers, and may also install browser extensions. All these settings are to make “Yes Searches” a default search engine and for you to use the “YesSearches.com” domain whenever you try making a search query. It is known to affect all browsers, especially popular ones such as Mozilla Firefox, Google Chrome, Internet Explorer and Safari.
The hijacker uses a secondary technique to keep browsers under its influence. It uses a standalone process called “ShortcutBoost.exe”. That process rearranges the launch options of the Desktop and Quick Launch items of all browsers, so they all project “Yes Searches” upon initiating any browser. The homepage of all browsers is changed to “YesSearches.com”.
If you try to uninstall the hijacker, you can, and even on the setup it will state that every setting will be changed back to normal. The truth is, after the required restart of the computer, all browsers are still hijacked and “ShortcutBoost.exe” cannot be simply just deleted from its folder yessearchesbnd:
Also, when searching for something in any browser, the hijacker can display incorrect or no results and sponsored links. You may also be shown advertisements in the form of pop-ups or banners. The sites which you may be redirected to, generate profit when on a pay-per-click basis and they could contain potentially malicious code to further infect your PC.
There are Terms and Conditions, and a Privacy Policy (EULA) sections on the official “YesSearches.com” domain that you can view. The hijacker may potentially collect different information about your internet activity and usage, such as your search queries, the sites you visited, your IP address, what you clicked on and other private data. It also says it may share all information about you to third parties if certain conditions are met and all email correspondence with them is kept on record. All that private data is collected by cookies of all browsers you have on your computer, so it is important you remove this malware.
Remove Yes Searches Completely
To remove “Yes Searches” manually from your system, be certain to follow the step-by-step removal instructions provided below. In case the manual removal does not get rid of this browser hijacker completely, you should search for and remove any leftover files with an advanced anti-malware program. Installing such software will also make sure that your system is safe from other threats that you encounter in the future.