What is Search4Moviex?
The Malwarebytes research team has determined that Search4Moviex is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
How do I know if my computer is affected by Search4Moviex?
You may see this entry in your list of installed Chrome extensions:
and these warnings during install:
You will see this icon in your Chrome menu-bar:
and this changed setting:
How did Search4Moviex get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:
How do I remove Search4Moviex?
Our program Malwarebytes can detect and remove this potentially unwanted program.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes removes Search4Moviex completely.
We hope our application and this guide have helped you eradicate this hijacker.
Technical details for experts
Possible signs in FRST logs:
CHR DefaultSearchURL: Default -> hxxps://www.blpsearch.com/search?sid=846&src=ds&p={searchTerms} CHR DefaultSearchKeyword: Default -> Default-Search CHR Extension: (Search4Moviex) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd [2019-03-06]Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0 Adds the file Archive created by free jZip.url"="11/26/2013 10:21 AM, 58 bytes, A Adds the file manifest.json"="3/6/2019 4:51 PM, 2014 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\_metadata Adds the file computed_hashes.json"="3/6/2019 4:51 PM, 735 bytes, A Adds the file verified_contents.json"="1/24/2019 6:12 PM, 2165 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\icons Adds the file checker.gif"="1/24/2019 6:08 PM, 1095 bytes, A Adds the file Search4Moviex-128.png"="3/6/2019 4:51 PM, 3848 bytes, A Adds the file Search4Moviex-16.png"="3/6/2019 4:51 PM, 409 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\js Adds the file background.js"="1/24/2019 6:08 PM, 14947 bytes, A Adds the file brand.js"="1/24/2019 6:08 PM, 653 bytes, A Adds the file contentScript.js"="1/24/2019 6:08 PM, 972 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\adnfpfmodihlaedmaigidfalcnbfbjcd Adds the file 000003.log"="3/6/2019 4:51 PM, 1233 bytes, A Adds the file CURRENT"="3/6/2019 4:51 PM, 16 bytes, A Adds the file LOCK"="3/6/2019 4:51 PM, 0 bytes, A Adds the file LOG"="3/6/2019 4:51 PM, 184 bytes, A Adds the file MANIFEST-000001"="3/6/2019 4:51 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "adnfpfmodihlaedmaigidfalcnbfbjcd"="REG_SZ", "A45672155ED0165DBB74EC84FFB91DFFF6BBF62FFD39DE554E04072A85C2B895"Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/6/19 Scan Time: 5:10 PM Log File: 5a2c9f34-402a-11e9-8de3-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9566 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236356 Threats Detected: 26 Threats Quarantined: 26 Time Elapsed: 4 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.BlpSearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|adnfpfmodihlaedmaigidfalcnbfbjcd, Quarantined, [14673], [443081],1.0.9566 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 6 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\adnfpfmodihlaedmaigidfalcnbfbjcd, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\_metadata, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\icons, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\js, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ADNFPFMODIHLAEDMAIGIDFALCNBFBJCD\1.0.846.435_0, Quarantined, [14673], [443081],1.0.9566 File: 19 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\adnfpfmodihlaedmaigidfalcnbfbjcd\000003.log, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\adnfpfmodihlaedmaigidfalcnbfbjcd\CURRENT, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\adnfpfmodihlaedmaigidfalcnbfbjcd\LOCK, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\adnfpfmodihlaedmaigidfalcnbfbjcd\LOG, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\adnfpfmodihlaedmaigidfalcnbfbjcd\MANIFEST-000001, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ADNFPFMODIHLAEDMAIGIDFALCNBFBJCD\1.0.846.435_0\JS\BRAND.JS, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\icons\checker.gif, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\icons\Search4Moviex-128.png, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\icons\Search4Moviex-16.png, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\js\background.js, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\js\contentScript.js, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\_metadata\computed_hashes.json, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\_metadata\verified_contents.json, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\Archive created by free jZip.url, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnfpfmodihlaedmaigidfalcnbfbjcd\1.0.846.435_0\manifest.json, Quarantined, [14673], [443081],1.0.9566 PUP.Optional.BlpSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [404], [496134],1.0.9566 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)The full version of Malwarebytes uses different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention