OurSearches is a browser hijacker that forcibly redirects your web searches through oursearches.com and similar domains, often modifying your homepage, default search engine, and new tab settings without consent. This potentially unwanted program (PUP) typically infiltrates systems bundled with freeware installers, then manipulates browser configurations to generate advertising revenue through forced traffic and affiliate links. While not a virus in the traditional sense, OurSearches degrades system performance, compromises privacy by tracking browsing habits, and exposes users to potentially malicious advertising networks that can lead to more serious infections.
Threat Profile
| Attribute | Details |
|---|---|
| Threat Family | Browser Hijacker / Potentially Unwanted Program (PUP) |
| Also Known As | Oursearches.com, Our Searches Redirect, OurSearches Toolbar |
| Affected Platforms | Windows (7/8/8.1/10/11), macOS; primarily affects Chrome, Firefox, Edge, Safari |
| Distribution Method | Software bundling, fake updates, deceptive advertisements, freeware installers |
| Persistence Mechanisms | Browser extension installation, scheduled tasks, registry Run keys, browser policies, profile modifications |
| Primary Capabilities | Search redirection, homepage modification, new tab hijacking, tracking cookie installation, advertising injection |
| Data Collection | Browsing history, search queries, IP addresses, clicked links, potentially form data and credentials |
| Network Behavior | Contacts oursearches.com and affiliated advertising servers; redirects searches through multiple intermediary domains |
| Typical Artifacts | Browser extensions with random names, modified shortcuts with "--homepage" flags, browser policy files, tracking cookies |
| Payload Delivery | May download additional PUPs, adware, or tracking components post-installation |
| Removal Difficulty | Moderate — resists simple uninstallation through persistence mechanisms and browser policy enforcement |
| Associated Risks | Privacy violation, exposure to malicious ads, secondary infections, credential theft through phishing redirects |
How It Spreads
OurSearches rarely arrives alone. The hijacker spreads primarily through software bundling, where legitimate-looking free programs carry the unwanted payload in their installation packages. Users downloading video converters, PDF creators, system optimizers, or media players from third-party download sites frequently encounter bundled offers that install OurSearches alongside the desired application. The installation screens often use deceptive interface patterns — pre-checked boxes, misleading "Decline" button placements, or multi-page agreements that bury the hijacker consent in dense legal text.
Beyond bundling, OurSearches exploits users' trust in update notifications. Fake browser update prompts and Flash Player installation warnings serve as common delivery mechanisms, particularly on websites hosting pirated content or free streaming services. These fraudulent update pages mimic legitimate software interfaces closely enough to fool casual users, but deliver the hijacker instead of genuine updates.
Common distribution vectors include:
- Bundled freeware installers from download aggregator sites like Softonic, Download.com (historically), or CNET Downloads
- Fake update notifications warning that your Flash Player, Chrome, or video codec is outdated
- Malicious advertising networks that serve drive-by downloads or deceptive "Your system is infected" warnings
- Torrent files and cracked software packaged with additional unwanted programs
- Email attachments disguised as documents or invoices that trigger installer downloads
- Compromised websites where legitimate pages have been injected with redirect scripts leading to hijacker installers
What It Does On Your Machine
Once installed, OurSearches immediately targets your browser configurations. The hijacker modifies critical browser settings to force all search queries through oursearches.com or related redirect chains. Your homepage changes without permission, new tabs open to unfamiliar search pages, and your default search engine switches to OurSearches regardless of how many times you attempt to change it back. These modifications persist because the hijacker implements multiple redundant mechanisms — it doesn't just change a setting once, but creates enforcement systems that continuously revert any manual corrections you attempt.
The redirection mechanism itself operates through several layers. When you perform a search, OurSearches first captures your query, then routes it through one or more intermediary tracking domains before eventually forwarding you to a legitimate search engine like Google or Bing. This routing serves two purposes: it allows the hijacker operators to collect comprehensive data about your search behavior, and it generates affiliate revenue by crediting the traffic to their accounts. Along the way, you may see injected advertisements or sponsored results that have nothing to do with your actual search terms.
OurSearches also installs browser extensions with misleading names or descriptions. These extensions possess extensive permissions — access to read and change data on all websites, manage your downloads, control browser tabs, and monitor your browsing history. While the extensions may claim to provide useful features like weather updates or quick access to websites, their primary function is enforcing the hijacker's search redirection and collecting data for advertising networks.
The privacy implications extend beyond simple annoyance. OurSearches collects detailed browsing profiles that include search terms, visited websites, clicked links, time spent on pages, and device information. This data aggregates into valuable marketing profiles that get sold to advertising networks or used to serve increasingly targeted ads. More concerning, the hijacker's tracking capabilities can capture sensitive information inadvertently — searches for medical conditions, financial services, or personal legal matters all contribute to your profile. In some cases, poorly secured hijacker infrastructure has leaked collected data to third parties or been exploited by more malicious actors to distribute actual malware.
Manual Removal — Step by Step
Disconnect and Boot to Safe Mode
Disconnect your computer from the internet (unplug Ethernet or disable Wi-Fi) to prevent the hijacker from receiving updates or downloading additional components. Restart your computer in Safe Mode with Networking: on Windows 10/11, hold Shift while clicking Restart, then navigate to Troubleshoot > Advanced Options > Startup Settings > Restart, then press 5 for Safe Mode with Networking. This prevents most hijacker components from loading automatically.
Uninstall Suspicious Programs
Open Control Panel (Windows) or Applications folder (Mac) and review recently installed programs. Look for anything installed around the time the hijacking started, especially programs you don't remember installing. Uninstall anything named OurSearches, SearchAssist, BrowserHelper, or other unfamiliar utilities. Check installation dates carefully — hijackers often install multiple components with slightly different names.
Remove Browser Extensions
Open each installed browser and navigate to the extensions/add-ons management page (Chrome: chrome://extensions, Firefox: about:addons, Edge: edge://extensions). Remove any extensions you didn't intentionally install, especially those with generic names, missing icons, or vague descriptions. OurSearches often installs multiple extensions, so remove anything suspicious even if it doesn't explicitly mention searches or toolbars.
Reset Browser Settings
For each affected browser, manually check and correct your homepage, default search engine, and new tab page settings. In Chrome, go to Settings > Search Engine and Settings > On Startup. In Firefox, check Options > Home and Options > Search. Delete any unfamiliar search engines from the list. Check browser shortcuts (right-click desktop/taskbar icons > Properties) and remove any "--homepage" or "--new-tab" flags added to the Target field.
Clean Registry and Scheduled Tasks (Windows)
Press Win+R, type "regedit", and navigate to HKCU\Software and HKLM\Software to look for OurSearches-related keys and delete them. Check HKCU\Software\Microsoft\Windows\CurrentVersion\Run for suspicious startup entries. Open Task Scheduler (type "taskschd.msc" in Run dialog) and review scheduled tasks for anything related to OurSearches or browser updaters you didn't create — delete these tasks.
Delete Hijacker Files
Navigate to %LOCALAPPDATA%, %PROGRAMFILES%, and %APPDATA% folders (paste these into Windows Explorer address bar) and look for OurSearches folders or folders with random alphanumeric names created around the infection date. Delete these folders completely. Check your browser profile directories for leftover extension files: Chrome stores these in %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\, while Firefox uses %APPDATA%\Mozilla\Firefox\Profiles\.
Scan with Malwarebytes
Download and install Malwarebytes (free version is sufficient) and run a complete system scan. This will catch hijacker components, tracking cookies, and related PUPs that manual removal might have missed. Malwarebytes specifically targets browser hijackers and maintains updated signatures for OurSearches variants. Quarantine and remove everything it identifies.
Reset Browser Completely (If Needed)
If the hijacker persists, perform a full browser reset. In Chrome, go to Settings > Reset and clean up > Restore settings to original defaults. In Firefox, go to about:support and click "Refresh Firefox". This removes all extensions, themes, and customizations but preserves bookmarks and passwords. You'll need to reconfigure your preferences afterward, but it eliminates stubborn hijacker modifications.
Change Passwords
Once you're confident the hijacker is removed, change passwords for important accounts — email, banking, shopping sites — especially if you entered any credentials while the hijacker was active. Use a different device for critical password changes if possible, in case secondary infections remain undetected. Enable two-factor authentication on accounts that support it.
Reboot and Verify Clean State
Restart your computer normally (not in Safe Mode) and reconnect to the internet. Test your browsers thoroughly — perform searches, check your homepage and new tab behavior, verify your default search engine. Monitor system performance over the next few days. If redirects return or you notice unusual behavior, the infection may have deeper persistence mechanisms requiring professional cleaning.
Prevention
- Download software only from official sources. Avoid third-party download sites, file aggregators, and torrent platforms. Get programs directly from the developer's website or verified app stores. These sources rarely bundle unwanted software.
- Read installation screens carefully. Never click "Next" rapidly through installers. Choose "Custom" or "Advanced" installation options instead of "Express" or "Recommended", and carefully uncheck any offers for additional software, browser toolbars, or search engine changes.
- Keep browsers and systems updated. Legitimate updates come through the software's built-in update mechanism, not through pop-up warnings on websites. Ignore any webpage that claims your browser, Flash Player, or video codec needs updating.
- Install a reputable ad blocker. Extensions like uBlock Origin prevent many malicious advertising networks from serving hijacker installers and deceptive download prompts. This cuts off a primary infection vector.
- Use standard user accounts for daily computing. Don't operate Windows with administrator privileges all the time. Standard accounts can't install system-level software without entering an admin password, which gives you a chance to stop unauthorized installations.
- Review browser extensions regularly. Once per month, check your installed extensions and remove anything you don't actively use or don't remember installing. Hijackers often slip in unnoticed among legitimate add-ons.
- Maintain reputable security software. Real-time protection from Windows Defender (built into Windows 10/11) or a quality third-party antivirus catches many PUP installers before they execute. Keep definitions updated and don't ignore warnings.
- Be skeptical of "too good to be true" offers. Free versions of normally expensive software, dramatic system warnings, or prizes requiring immediate download are almost always delivery mechanisms for unwanted programs. If an offer seems suspiciously generous, it probably comes with hidden costs.
When we clean browser hijackers from your system, we don't just remove the obvious components — we dig deep to eliminate persistence mechanisms, validate your browser configurations, and verify your system is genuinely clean. Our malware removal service includes a 90-day warranty: if OurSearches or related hijackers return within three months, we'll clean your system again at no additional charge. We stand behind our work.
Bring It In
Browser hijackers like OurSearches appear simple on the surface, but they implement surprisingly sophisticated persistence mechanisms that frustrate home users attempting DIY removal. After you manually delete the obvious components, the hijacker often reinstalls itself within hours through scheduled tasks, hidden browser policies, or secondary installer components that survived the initial cleanup. At Computer Repair Roswell, we've removed thousands of hijacker infections from Roswell-area computers. We know where these programs hide, which registry keys they exploit, and which browser configurations they manipulate. Our technicians use professional-grade tools and thorough verification procedures to ensure your system is genuinely clean, not just temporarily symptom-free.
If you're experiencing persistent search redirects, browser slowdowns, or unfamiliar homepages that keep returning no matter how many times you remove them, bring your computer to our shop at 1350 Hembree Road in Roswell. We offer same-day service for most malware removal cases, transparent pricing with no hidden fees, and patient explanations of what infected your system and how to prevent reinfection. Call us at (770) 871-9141 to schedule an appointment or drop by during business hours — we'll have you back to safe, fast browsing typically within a few hours.