1 of 3
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine


Searchl.ru slightly differs from typical browser hijackers which change homepages, default search engines, and New Tab pages on all web browsers they find installed on the computer in order promote some kind of domain and the content it has. Instead of modifying browsers’ settings, the Searchl.ru browser hijacker hijacks web browsers’ shortcuts in order to point them to batch files (e.g. exe.xoferif.bat, exe.erolpxei.bat, and exe.arepo.bat) located in %APPDATA%\Browsers folder created by the browser hijacker itself. Because of this, it is not so easy to delete this browser hijacker fully from the computer. Of course, it does not mean that it is impossible to fix those hijacked shortcuts of Internet Explorer, Google Chrome, and Mozilla Firefox or delete the folder with all its files. Find the detailed information about the deletion of this browser hijacker in the last paragraph after reading this description of Searchl.ru.

As mentioned in the first paragraph, the Searchl.ru browser hijacker applies two changes right after the successful infiltration on the computer. First, it hijacks shortcuts of all web browsers. It does that by deleting the existing data from the Target line and entering its own data there, e.g. %Homedrive%:\Users\{username}\AppData\Roaming\Browsers\exe.xoferif.bat. It does that to point browsers to files having the .bat extension. Second, users who get infected with the Searchl.ru browser hijacker can locate a new folder on their computers. This folder contains those files with the .bat filename extensions. To find out more about this browser hijacker, researchers at pcthreat.com have looked inside those files, and they have made an interesting finding. Researchers have noticed that all these files web browsers point to contain obfuscated commands, e.g. start "" "c:\PROGRA~2\google\chrome\APPLIC~1\chrome.exe" "http://searchl.ru" that automatically open the Searchl.ru domain. Not all the users notice this URL in their address bars because it immediately redirects them to other pages, e.g. http://thirafileb-uk.ru/?token=a2iuc, http://msk.apypxl.com/redir/a208ca02-93fb-d1df-f14f-015adc5a6dea, http://thirafileb-uk.ru/?token=a2iuc&pid=17122, http://traffic-media.co/mghtml/framehtml/c/1/t/603162.html, and others. They all contain the commercial content, for example, some of them might present users with commercial advertisements while others might offer them to take surveys. Ignore all these surveys and advertisements you see completely and go to uninstall the browser hijacker you have on your PC fully. If you do not take care of this malicious application soon, it will keep redirecting you to suspicious pages containing ads.

Clicking on ads might result not only in security, but also in privacy-related problems. Numerous third-party pages collect information about users. For example, you might be offered to participate in a lottery to win an expensive cell phone, but, in exchange, you will be asked to provide your name, surname, telephone number, and your current location. Needless to say, there is “zero” chance of winning this item, but it is very likely that the information you submit will end up in the hands of bad people and then will be used for fraudulent purposes. As you have probably understood, the deletion of a browser hijacker is a must both to lower the chances of ending up on dangerous pages and to prevent the violation of online privacy from taking place.

Since we already know how the Searchl.ru browser hijacker acts, we should talk about the distribution method used to spread this computer infection too. Specialists are 99% sure that it enters computers next to free applications. Both this browser hijacker and those free programs travel in one software bundle, and all get installed on the computer. This computer infection has not entered the computer secretly. Users are usually informed about the installation of additional software, but they do not know that because they do not read the information provided for them on the installation wizard and never choose the Advanced installation option which reveals the list of names of applications that are going to be installed. You can avoid the undesirable software in the future by being more attentive the next time and installing a security application.

It is advisable to remove Searchl.ru as soon as possible because redirections to suspicious pages might quickly result in problems associated with the computer security. What you need to do to erase this threat is to uninstall the Browsers folder from %APPDATA%, and fix all those hijacked shortcuts. If you are busy and do not have time for this, or just do not consider yourself an advanced user to erase threats manually, let a reputable automatic tool, e.g. SpyHunter to take care of this browser hijacker. It will fix browsers’ shortcuts as well.

Delete Searchl.ru in a manual way

  1. Press Win+R and type explorer.exe in the box.
  2. Click OK.
  3. Type %APPDATA% in the address bar at the top and press Enter.
  4. Delete hijacked shortcuts from the following directories:
  • %ALLUSERSPROFILE%\Start Menu\Programs
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs
  • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
  • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs
  • %USERPROFILE%\Desktop
  1. Create new shortcuts in these places.

How to create new shortcuts

  1. Move to a place where you want to create a shortcut.
  2. Right-click on an empty space.
  3. Click New and select Shortcut.
  4. Click Shortcut/Create Shortcut.
  5. Follow the Microsoft’s wizard.
Download Spyware Removal Tool to Remove* Searchl.ru
  • Quick & tested solution for Searchl.ru removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.