Hi all.

I can not find very much regarding "Highlightsearches" online. But it is annoying as hell and I would certainly consider it Malware/PUP maybe even worse.

Issue - unknown process discovered in process explorer - abengine.exe - located in Program(x86) in a folder named "Highlightsearches"

There is no entry in Windows 7 Programs and Features for an installed application of this name.

HighlightSearches "uninstall" located in the folder appears to work.....but the application returns....it appears to reinstall itself!

What it does.

It ads a bunch of ad-related / only vaguely relevant hits right at the top of any google search. Both Firefox and Chrome.

It is NOT a browser extension! (I have checked. - no unknown or suspicious ad-ons or plugins etc in either browser.)

Scan of folder with Spybot returns all files in the folder as clear.....and apparently whitelisted!

This is a nasty and persistent annoyance of a piece of software.....

Has anybody seen or heard anythhing about this?

Can we have this included in the kill list?

Hello somethingbrite, :welcome:

It might have been installed as third party software bundled with a download.

Regarding abengine.exe note Virus Total (Analysis date: 2015-04-22):

https://www.virustotal.com/en/file/94b4eeaed271618db13776af178579c568cd08fc9633eeb1cb072091fd106b9f/analysis/

Please list:



Version of Spybot: http://www.safer-networking.org/shop/

All security programs installed.

Any other issues with the computer's performance.


Please respond to my list before I direct you to our malware removal forum. :)

Best regards.

Hi

I am normally quite careful to avoid unwanted installs, but I accept that it can happen.

However, the behaviour (persistent reinstalling itself automatically, not appearing in Windows Programs and Features as an installed application) etc all make this a very unwelcome and I would consider even malicious software.

A scan with the standalone Kaspersky tool almost immediately identified abengine.dll as a threat - and I would agree with their classification.

I eventually stripped everything I could find - registry entries etc and traced it back to a possible application called "tabnav" (which also does not appear to be installed - certainly as far as Windows 7 Programs and Features is concerned.

So far after one restart all seems well. :-)

Hello somethingbrite,


Hi

I am normally quite careful to avoid unwanted installs, but I accept that it can happen.

Indeed: http://forums.spybot.info/showthread.php?279-So-how-did-I-get-infected-in-the-first-place&p=286306&viewfull=1#post286306



However, the behaviour (persistent reinstalling itself automatically, not appearing in Windows Programs and Features as an installed application) etc all make this a very unwelcome and I would consider even malicious software.

A scan with the standalone Kaspersky tool almost immediately identified abengine.dll as a threat - and I would agree with their classification.

I eventually stripped everything I could find - registry entries etc and traced it back to a possible application called "tabnav" (which also does not appear to be installed - certainly as far as Windows 7 Programs and Features is concerned.

So far after one restart all seems well. :-)

Thats good, I'd still like a response to my questions, especially which version of Spybot you have installed. :)

Kind regards,

Hi (and sorry for the delay in response)

I am running Spybot Free Edition / Private user and Mcafee 4.8.0.1938
I have also used standalone free hunter/killer from Kaspersky.

Manual searches / uninstall and Registry cleanup in addition to automated regsitry cleanup with Piriform CC cleaner.

Hello somethingbrite,

Someone can take a look at the system in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

To begin that process please start a new topic there after reading that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then a volunteer analyst will advise as soon as available. :)

Best regards.