Exterminate It! Antimalware

malpedia

Known threats:700,086 Last Update:March 16, 12:51

Testimonials

After scanning my computer many times using big name anti-virus and malware programs I still had several problems. Finally Exterminate It found multiple infections from NetSky. I sent Exterminate It a sample and the next day I received an e-mail instructing me to update and rescan. After following the instructions ZAP the worm/trojan was gone. My computer seems to be completly back to normal now. Good Job Exterminate It!

Melvin

File: Search_Results.xml

Location of Search_Results.xml and Associated Malware

Check whether Search_Results.xml is present in the following locations:

Windows 2000, Windows XP, Windows Server 2003 specific Search_Results.xml file locations:

  • C:\Documents And Settings\USER_NAME\Application Data\mozilla\firefox\profiles\[%PROFILE_FOLDER%]\searchPlugins\Search_Results.xml

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific Search_Results.xml file locations:

  • C:\Users\USER_NAME\AppData\Roaming\mozilla\firefox\profiles\[%PROFILE_FOLDER%]\searchPlugins\Search_Results.xml

If you find Search_Results.xml file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The Search_Results.xml file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of Search_Results.xml File^

File SizeFile Md5Last Seen
268589070671A20D0B2B9BF08D7FA5AFBBF4Oct 20, 2014
26874A13F6CE35AF28E48E8A72E51D718758Oct 27, 2014
268747F932D122AC1A53618BAA19C68C86A0Oct 30, 2014
2683406F53B3FC49980B9028512E4DACB0A8Oct 31, 2014
2646981A9AF0E41591D59004282986F3E1CANov 1, 2014
26466492060A57482770E637A70EC9B93DF3Nov 2, 2014
268774A34A59680BE29BA27FAD00866B13ACNov 5, 2014
2687F46E7508922F019E31D26ABB70849710Nov 6, 2014
26879B71EB802218587316B8BDEE5815B050Nov 6, 2014
268732F1322C35EE2DFCD6C450B8213CC1F4Nov 7, 2014
264652826380C03CB9B1B585813B6A13D73CNov 9, 2014
2517BA98A6988E68654627BDA9F238C7ED2FNov 9, 2014
2687C6F856AAADCA5897C90C8247E1053483Nov 11, 2014
2688638BAC200A980AD30329E97ECE6ABD1DNov 12, 2014
2687383963FF81C929FC98F4C26C58F6965DNov 12, 2014
2646DF7FD86EF9D0BDDC5010710B60FE9D75Nov 14, 2014
2519D271381796DB98B349713A19052E684ANov 14, 2014
2519F6A00F751284272BDCDBE9FE22905603Nov 18, 2014
268727E83D010B68A1B35EF059BFF0B0AADFJan 31, 2015
268704F1B562BDFB8E91CD7E94B3E22ADB44Feb 7, 2015
268356AA1E78A75DB49B1D73E8E2761E6BEEFeb 15, 2015
2519091B75F5FBB9EEE400BBC07552556E7DMar 3, 2015
251504FF5B0E3B2C2356027BE3E178FF6253Mar 19, 2015
2517CD6353AC11D35E3307CAC469CB6A8605Apr 15, 2015
2519A597439F3EC60ACED1CD0498C0E05DD2Apr 24, 2015
2644BDB3422BF4CE3717592552A3F3735F80Apr 29, 2015
2519BA8F5DF77389092B54C0C4843B0A8B32May 27, 2015
2685173677C2A74254D61C112D4F82325A38Jun 9, 2015
2687C52C2604FCE0AC86EF2A01124790821AJun 26, 2015
25156ECE04A301C3DD1EF5D96409459B91FAJul 31, 2015
2687988CA0FEAF8590E0A602EF09D36D6EEFAug 2, 2015
2687A55B5F936FBF9EAAE489A76BEBEFDC12Aug 14, 2015
2687CB5B73895B43C102B952DC4430E3136DAug 17, 2015
2683C50666ED909553C4ECE3685CD5A08472Aug 27, 2015
2511FCA20B64946F02CA78EB13672C56FBAASep 14, 2015
251962B219B6882796303FB5321368D5E78FSep 29, 2015
25191F9D2E78E7902EBADA0693A8373812CDOct 16, 2015
2683752928F7DA0E715D4F2E0B529E343AF0Nov 9, 2015
2519B7F8EF72833704A2C7374FC0C5228CE0Nov 10, 2015
26870B776F08BF76499D0C9C6687D0381EBBDec 13, 2015
26850E10592B96250126E6AAB7528FB8101CDec 25, 2015
2683DD4CFF2D6701F16A917A92A9CA0AE0ECDec 27, 2015
264630910F4BE95413C64177C71BB0DD8D3CDec 28, 2015
2683E477175BF8AC7711E1C221C4BD464CA5Jan 3, 2016
26465BFCF9B450316E18C424D57B8F886A8FJan 4, 2016
26838A27A994A70FE6296938455F7E771842Jan 5, 2016
2646158AC4B10ACFBFD6467B10911632C1F6Jan 7, 2016
251913388CF46218391DAD230067D16523C4Jan 10, 2016
2515BDFB9152323ED12E47D143F2A6B7F3D7Jan 12, 2016
264875CFF98B43796F033D8AF1FF2AF896B6Jan 23, 2016
26833A975A0116E5AC3DF6C0DED318F46B55Feb 1, 2016
2681E26BFAC64869B353BF3F41A95C66F8CDFeb 12, 2016
25156C5A5598AD02EA0060957E103004B21FFeb 12, 2016
2687FF52AE82A5D39F6E7B0B0FFC2B174FF2Feb 27, 2016
2687A87D662870CDBC41B060C2EC5B68A855Mar 2, 2016
2519933804ADDB0CDD3A410A672B4EE282A4Mar 31, 2016
25137987859B99B314DFF0F4CD043077F8B7Apr 10, 2016
2519516B921B72AB8AFAAB30C340912CDB90Apr 26, 2016
26872E382305BE1A58B3E57ABAD360474ED5May 2, 2016
2687C516E65039CB45A0EC82342862A21C97May 2, 2016
26874B7E862615E5CA91436CF8C1BD553285May 19, 2016
25194E85A08677659FD8001422A4880505D0May 19, 2016
2687101F27E3BFE0DA0475E03700B883556FMay 21, 2016
25116BC4A9ED0DC2DA781B26C962E9988DA6May 22, 2016
2681757A91939DFE74589A90F6A8E286485DMay 28, 2016
2513BAF3D0B950512F9323DEA29EE28DEB0CMay 30, 2016
26879F1EAB803FA9A308A7B3AC5340CDC9BDMay 30, 2016
26834C0F86D40B0C4499133A9A37EE3DBD2CJun 6, 2016
2646BF8532626FB344F6CF29DA338B691E53Jun 9, 2016
26465D1682EFB0C174C546E93090E9955ECFJun 9, 2016
2519D899A435955D83275AB77F70EB873C24Jun 23, 2016
2519A04BFA427A4AA54BBA30C4D5CE5725E7Jul 8, 2016
2646FB2141EA12AF82ABBEA75ECF5F52785CJul 21, 2016
2644B33DE801DCA3F6B8F8757FA8027105E9Jul 26, 2016
2519AB7DB16A3E09092A3ECF5527836B6022Aug 7, 2016
2646ABE6ACD415B539BD273EA79749FF5600Aug 8, 2016
2519ECADABDF74E0C1AAFE70CCD6D0A1A938Aug 12, 2016
2685187E2530A54FC092DA93B8C92F761B09Aug 17, 2016
26464B4334676D2B160F075A3A289A306479Sep 2, 2016
268731D8CDC784AFBA12F05C30AB1493C430Sep 11, 2016
2519E4682AE047E6825024B17083FC9AAAE6Sep 17, 2016
2515C0BF84F68AA3EAC269034CB45666AA25Sep 27, 2016
2687C35014DCC3E1AE1AA0B0E544D424C6CFOct 8, 2016
25152CF71F27F3270D0521CF2E09A0CA936EOct 10, 2016
26875E41F50A84659570736A41CCDC841A2FOct 21, 2016
26877FDA10151AB3E989F46A54C2AD64E521Oct 30, 2016
25158D818E1D0A459FD241BA2F2D8012126BNov 12, 2016
2687238DD358E55F90A8F3C65F25862CA68FDec 5, 2016
251539A0E70C2F8FCC08E54B00021CF80878Dec 14, 2016
251922E665C88840215BF38555C50A7B69ABJan 5, 2017
26872445888AFF72B12B2BDF7F5FBFDF5CEBJan 17, 2017
26871597ED6E70C8DB5F9D827F9C2AB974B7Feb 2, 2017
268762FE72BAF6500B1088A3DE73051AB8DDFeb 2, 2017
26886FB8293F50F4D639B7C7A28F82D2BB42Feb 6, 2017
25199B85FD649534EC1900D909E2DD7BC076Feb 14, 2017
2687E109828FDE6A3B60BCD930E2BA1A6416Feb 20, 2017

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove Search_Results.xml^

  1. To enable deleting the Search_Results.xml file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select Search_Results.xml and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of Search_Results.xml and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of Search_Results.xml and Associated Malware.
  6. Notes:

    • The deletion of Search_Results.xml will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of Search_Results.xml will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a Search_Results.xml malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type Search_Results.xml. The name of the first found registry value referencing Search_Results.xml is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to Search_Results.xml, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of Search_Results.xml and Associated Malware.