Searchex is a homepage- and search-hijacker pointing at searchex.com.

Instead of directly changing the Start Page setting directly, it uses an Internet Explorer Browser Helper Object to redirect newly-opened windows. This results in the original Start Page being briefly visible then being replaced.

An IE Search Hook is used to redirect address bar searches and invalid domain name pages to cantfind.com. At times in the past this server redirected to MSN or 7Search.

Variants

Searchex/HomePage : original version, installs files IEBrw.dll and HomePage.dll in the System folder.

Searchex/Hotlink : updated version which also installs Hotlink.dll. The file HomePage.dll is renamed HmePge.dll.

Also known as

Searchex/Hotlink is detected by some anti-virus tools as Troj/AdwareDropper.A .

Distribution

Searchex/HomePage was bundled with 'NetSpeed' software from winstream.com (the authors of Searchex).

Searchex/Hotlink was distributed with an 'e-card' from valentines-ecard.com, which was heavily promoted by misleading junk e-mail.

Advertising

The Hotlink variant is suspected of advertising, but a sample has not yet been obtained for analysis.

Privacy violation

No.

Security issues

No.

Stability problems

No.

Removal

There is no uninstall option, but Most anti-spyware software and later can remove Searchex automatically.

Manual removal

Before you can delete the DLLs Searchex installs, you must deregister them. To do this, open a DOS command prompt (from Start->Programs->Accessories) and enter, for the HomePage variant:

Or, for the Hotlink variant:

You can then restart and delete the files IEBrw.dll and either HomePage.dll or HmePge.dll and Hotlink.dll from the System folder (Windows\System under Windows 95/98/Me, or Windows\System32 under Windows NT/2000/XP).

Finally, reset your homepage (Internet Options->General->Start page) and search settings (Internet Options->Programs->Reset Web Settings).