How To Remove The All Search Redirection Virus – Allsearch.com Browser Hijacker (Browser Seek)

What is All Search (Allsearch.com, BrowserSeek)?

All Search (Allsearch, Allsearch.com, BrowserSeek, Browser Seek Toolbar) is a virus (defined as a redirection virus), categorized as a relatively unknown and very dangerous browser hijacker. Many victims notice their computers and internet browsers have become infected by All Search when internet browser settings have changed, such as home page (startup page), search tools (BrowserSeek: adware/rootkit), extensions, and webpage redirections. Website redirections activated by the All Search virus cause search terms and URLs inputted into the internet browsers address bar to redirect to malicious websites or Allsearch.com, which is a malicious website in itself. Access to Allsearch.com without being infected is almost impossible; You are only allowed to view a blank webpage with a possible loading bar (pictured).

All Search Virus
“Browser Seek” standalone is also known as Gen.Variant.AdWare.Zwangi [Ikarus] and is distributed as freeware (with adware) as well as being bundled with All Search. (Gen: generic Trojan)
BrowserSeek Virus

Why is the All Search virus considered very dangerous?

The All Search virus is extremely dangerous because of it’s malicious capabilities.

  • AllSearch can track information and trace online activity.
  • Allsearch allows other malware access to your computer such as adware, spyware, and trojans which can be used for extortion schemes and identity theft.

All Search Virus Symptoms

Symptoms of the All Search virus  range. Some infected users may notice only a few symptoms, some may have severe issues, and some infected computer users may never detect any symptoms.

  • The All Search virus uses browser helper objects (in this case search tools) and infects some users by installing extensions and toolbars (BrowserSeek Toolbar) onto their internet browser which redirects internet users to Allsearch.com or other drive by websites. Some internet users are redirected for every search or webpage they visit.
  • User initiated browsing and search is redirected to malicious websites while using the internet
  • High levels of CPU usage is used due to the All Search processes, which can cause systems to crash or become malformed.
  • The All Search virus may also bundle with adware causing spam advertisements.

How to remove the All Search (Allsearch.com) virus

There are different options to remove browser hijacker viruses.

All Search virus removal options
  1. Antivirus/Anti-Malware Software – Scan and remove malware.
  2. Manual Removal – Kill process, remove entries, and remove files.
  3. System Restore – Restore your computer to a date and time before infection.

Once the All Search virus is removed from your computer, if your internet settings are still altered, please refer to our tutorial on how to remove the MyStart browser hijacker infection. This article will explain details on how to remove malicious extensions/toolbars and how to repair internet settings back to normal.

Depending on your internet browser you can chose to block Browser Seek IP addresses and URLs. This is not a necessity and will not remove the infection but will block adware displayed by Browser Seek. We have written a previous article concerning Text Enhance adware which details how to block URLs using different options per browser. If you wish to block All Search and Browser Seek IP addresses or URLs please refer to the previous post and use the URLs described below. BrowserSeek also uses the sub: upgrade.browserseek.com.

http://browserseek.com
http://allsearch.com

1. Antivirus/Anti-Malware Software

Removing the All Search infection is simple using Malwarebytes. Not many removal software besides Malwarebytes has samples for the All Search virus, therefore are not suggested.

Malwarebytes Sample Size

  1. Install Malwarebytes (free or paid versions)
  2. Scan and remove malware

To learn more about Antivirus software please click here.

2. Manual Removal

The Allsearch.com virus creates values and files on an infected system. Removing them all will also remove the virus.

Kill Process

The first step in remove a browser hijacker is to kill the process to stop the infection from currently running.

1. Press Ctrl+Shift+ESC to enter Window’s Task Manager

Windows Task Manager Processes Tab

2. On the “Processes” tab find the random All Search virus process and remove it. The processes may be titled similar to the Browser Seek processes described below.

browserseek.exe
browserseek170.exe
browserseek.dll
allsearch.exe
allsearch.dll
Remove Registry Entries (Values)

Remove the registry values created by All Search.

1. Type regedit into the Window’s Start Menu search field and press Enter to access Window’s Registry Editor.

Regedit

2. Search for the registry values below and remove them.

HKEY_LOCAL_MACHINESOFTWAREClassesBrowserSeekIEHelper.DNSGuardCLSID
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar “BrowserSeek Toolbar”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} “BrowserSeek Toolbar”
HKEY_LOCAL_MACHINESOFTWAREClassesBrowserSeekIEHelper.DNSGuardCurVer
HKEY_LOCAL_MACHINESOFTWAREClassesBrowserSeekIEHelper.DNSGuard.1
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 “C:PROGRA~1WINDOW~4ToolBarBrowserSeekdtx.dll”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID “BrowserSeekIEHelper.UrlHelper.1″
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} “UrlHelper Class”
HKEY_LOCAL_MACHINESOFTWAREClassesBrowserSeekIEHelper.DNSGuard
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7}”BrowserSeek BrowserSeek Toolbar”
HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID “BrowserSeekIEHelper.UrlHelper”
Remove Directory Files

Finally remove the files created by Allsearch.com and the Browser Seek Toolbar.

1. You can do this different ways.

  • Simply search for the files below using Windows search.
  • Or: Type %AppData% (followed by %Temp%) into Window’s Start Menu search field and press enter to access the Application Data folder (or temp folder). AppData is a hidden folder. To learn how to show hidden folders please click here.

%Appdata%

2. Proceed to search for and remove the malicious files.

%AppData%BrowserSeektoolbardtx.ini
%AppData%BrowserSeektoolbarguid.dat
%AppData%BrowserSeektoolbaruninstallIE.dat
%AppData%BrowserSeektoolbaruninstallStatIE.dat
%AppData%BrowserSeektoolbarcouponsmerchants2.xml
%AppData%BrowserSeektoolbarcouponsmerchants.xml
%AppData%BrowserSeektoolbarstats.dat
%AppData%BrowserSeektoolbarstat.log
%Temp%BrowserSeektoolbar-manifest.xml
%AppData%BrowserSeektoolbarcouponscategories.xml
%AppData%BrowserSeektoolbarlog.txt
%AppData%BrowserSeektoolbarpreferences.dat
%AppData%BrowserSeektoolbarversion.xml

3. System Restore

Restore your computer to a date and time before infection using Microsoft’s automated restore points. Restoring your computer is the simple way around the Allsearch.com virus and Browser Seek toolbar.

Windows Recommended Restore And Choose A Restore Point

There are many ways to restore a Window’s computer. We have written in detail how to perform a system restore here.

Sean Doyle

Sean is a distinguished tech author and entrepreneur with over 20 years of extensive experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and various other tech domains. His expertise and contributions to the industry have been recognized in numerous esteemed publications. Sean is widely acclaimed for his sharp intellect and innovative insights, solidifying his reputation as a leading figure in the tech community. His work not only advances the field but also helps businesses and individuals navigate the complexities of the digital world.

2 Responses

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.