Exterminate It! Antimalware


Known threats:700,086 Last Update:March 16, 12:51


After scanning my computer many times using big name anti-virus and malware programs I still had several problems. Finally Exterminate It found multiple infections from NetSky. I sent Exterminate It a sample and the next day I received an e-mail instructing me to update and rescan. After following the instructions ZAP the worm/trojan was gone. My computer seems to be completly back to normal now. Good Job Exterminate It!


File: do-search.xml

Location of do-search.xml and Associated Malware

Check whether do-search.xml is present in the following locations:

do-search.xml file locations that are Windows version independent:

  • C:\Program Files\Mozilla Firefox\browser\searchPlugins\do-search.xml

Windows 2000, Windows XP, Windows Server 2003 specific do-search.xml file locations:

  • C:\Documents And Settings\USER_NAME\Application Data\mozilla\firefox\profiles\[%PROFILE_FOLDER%]\searchPlugins\do-search.xml

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific do-search.xml file locations:

  • C:\Users\USER_NAME\AppData\Roaming\mozilla\firefox\profiles\[%PROFILE_FOLDER%]\searchPlugins\do-search.xml

If you find do-search.xml file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The do-search.xml file is associated with malware only if found in the locations listed above.


Different Variations of do-search.xml File^

File SizeFile Md5Last Seen
557C26EC35DCD7CA5CCEF3558DD51B5A4BDNov 29, 2013
5586090864C401ADE621C69070554A56094Nov 29, 2013
55866DC78A552C424C4B1A700CA8450C813Dec 7, 2013
5556EBCD130DBF6E38BCECB8A4693404610Dec 10, 2013
5546B3A4E155084353B89FAD5B6B54DB0F0Feb 3, 2014
5563956D711B76752A1D744417AF337C807Feb 15, 2014
55990575210B94CF494FDAD31756A6474F7Apr 13, 2014
562EE0BB87E8179920E4E7CA59BCA61582FMay 10, 2014
553AA8E5D29D06FE4C564CB4765945E878BSep 5, 2014
5482734F51EDEB8D5845112687FDD654511Apr 28, 2015
56171632095643523C2026F6FC765624252Jun 8, 2015
554DFBE4E08BEB402F17AA9EC4E0DC6D8A4Jul 26, 2015
55420108BB87504995CA927FA6CD196F6D1Sep 17, 2015
2069E906BA0BB06FCD84EF84375D352B394AApr 23, 2015
2122B9B87522C41FDEB4CC3E98E351DDF05CMay 7, 2015
2059C7714DF0DE5BC6CDDC55F2834E4F6389May 9, 2015
2110A4B9126E01BD4FB1F5F7E459C0F8C49CMay 24, 2015
21206C6F7BEAE46B3C7E954B89ADB1592351May 31, 2015
2120D8697FC3556492CBEAC17728523AA6D1Jul 17, 2015
21202436F8A6154A3F0F9CCE19B272F42001Jul 18, 2015
2059124E8B29C6561D161D2B4C0DF956D7D2Sep 4, 2015
2122356590BF484D8F0115B73D40C3398DACSep 16, 2015
2071C7F3D1D554686B5E9FC0F68BA70B28A0Oct 19, 2015
20980C78D24F79DE573FE689D2C4355976BBNov 8, 2015
2072BEA243CD5D03345B2F7BAD729CD127E6Nov 26, 2015
2111815BB7556B7BB6484E0698CFBB356C00Jan 16, 2016
20747C10CD77D1074D1E31E4E7D9594426F6Feb 2, 2016
207164DD5716D51997DCBEAD570CFB697EA1Apr 28, 2016
2160913614D680166965DB11C553CA7D7168May 7, 2016
206857083A74ECFCD8B1121E8F5EF0F7180FMay 12, 2016
2122FB0C4D1CA275326E15344CFF9E901283May 31, 2016
2121D3402C9CB3A8B52F13887F0B533EC823Aug 8, 2016
20629F922DDC1A9451BAB0714D5E66CB9FE1Oct 29, 2016
55661D523779A15758C40C6BF4A412A2A8FDec 7, 2016
216340C0EBC841F8BAA70E67C564BBE7839CDec 10, 2016
2123416557038FA665F390797632D6C19C90Jan 27, 2017

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove do-search.xml^

  1. To enable deleting the do-search.xml file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select do-search.xml and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of do-search.xml and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of do-search.xml and Associated Malware.
  6. Notes:

    • The deletion of do-search.xml will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of do-search.xml will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a do-search.xml malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type do-search.xml. The name of the first found registry value referencing do-search.xml is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to do-search.xml, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of do-search.xml and Associated Malware.