Sunday, October 23, 2011

Searchqu Malware Virus

My computer is infested with searchqu malware

It's not a virus, it hijacks browsers such as Internet Explorer, Firefox and Google Chrome

whois search for

Registrar: GODADDY.COM, INC.
Whois Server:
Name Servers:

whois search for
person: Liora Barak
address: Netvision Ltd
address: Omega Center , Matam
address: Haifa
address: 31905
address: Israel

phone: 04-8560600 (answering service)
fax-no: 04-8551004


person: Wide Area Network Group
address: NetVision - Israeli ISP

address: Advanced Technology Center Haifa, 31905, send SPAM and ABUSE complaints to abuse AT
address: as above
phone: 04 8560 634 (not connected)

Main Office013 Netvision
15 Hamelacha St., Rosh Ha’ayin 48091
Fax: 972-3-9001113
Omega Center, Matam Haifa 31905
Tel: 972-4-8560660 Fax: 972-3-5201960 SalesTel: 1-800-013-013
customer service Tel: 972-4-8560660 Fax: 972-3-5201960

Support Tel: 972-4-8560570
Spokesperson Dana Friedman
Telephone: + 972 3 9001861 (leave message)
Cell: 972 52 3133300


Several phone calls to Dana Friedman's landline have not been returned, and she has not responded to mobile calls either. is owned and operated by Bandoo, Inc.
Postal: Bandoo, Inc., Attention: Privacy Policy Administrator, 40 kimonos st.3095 Limassol, Cyprus


The scumware installed by ilivid is very difficult to remove, if you believe the hundreds of forum posts on the subject. I have run both Malwarebytes and another removal tool which both picked up trojans and trackers, but so far nothing will remove Searchqu - it just keeps coming back.

Here's a post I've not yet tried:

Not directly related, an article about suing malware distributors:


On my XP machine I found an entry in Program Files/searchcore for browsers and ran the uninstall.exe, then deleted the remaining dlls and directories. I then uninstalled all mention of the scumware from IE again. 24 hours later, so far, so good.
Several days later, it's back.

Searchqu on Wikipedia

Removing Searchqu from Google Chrome
Step 1. Press ctrl+shift+del in Chrome, and clear your private data, cookies etc

Step 2. Click on Tools (the spanner icon, top right) > Options > Basics then click the Manage Search Engines button. If the nasty is in there, remove it by clicking X on the right side when you highlight it. It will probably have a name like Web Search.

Hard to believe, but this scumware is distributed not only by shady fly-by-night software sites, but also by some of the largest and ostenibly most trustworthy around, including cnet, which, to its credit, displays numerous negative review which say ie ""DANGER DO NOT INSTALL"
Postscript Dec 2011
I posted something about Ilivid, searchqu and malware on Wikipedia. It was deleted with a warning indicating it was rather naughty to say whatever I said. Can't have been very complimentary!

No comments:

Post a Comment