Search Marquise Search Marquise CREDIT: David Blaine

How to remove Search Marquis

Saturday 28 August 2021, 2:48AM
By David Blaine

The entry is in essence an all-encompassing profile of the web browser infection generally known as Search Marquis as per the URL appearing in its victims’ address bar. The information covered includes behavioral analysis of this adware and do-it-yourself removal recommendations.

Whereas the more typical adware programs at large hijack browsers to display undisguised sponsored links, the cyber threat called Search Marquis sticks to a considerably different technique. The “good old” jack-up part is similar: this virus redirects Internet traffic to a pre-specified landing page. This happens both when the web browser process gets executed, that is, as a result of unauthorized replacement of the homepage for Chrome and Firefox; and randomly throughout a regular web surfing session. That’s basically it for the common features adware-wise. The rest is trickier and more intrusive – the page that users end up on renders a spoof error stating that the desired page cannot be accessed.

The landing page design does not really invoke skeptical thoughts because it’s obviously been scraped off of the genuine warning script. Of course it wouldn’t make sense if the authors of Search Marquis adware were only after displaying a fake alert to their victims and nothing else – there’s always an undertone in what these guys do. The honeypot here is the diagnostic button which many affected users will presumably click, expecting a quick fix from the browser vendor. What happens instead, though, is a drive-by download. The fraudsters can associate the said diagnostic button with any malicious file, executable or exploit which thus gets into the computer and propagates throughout the system or uses software vulnerabilities to otherwise compromise it.

Since the Search Marquis malware spreads as a built-in component of other files and applications – typically free ones – it won’t be listed anywhere on the system under some self-explanatory name. It’s therefore recommended to give the browser reset a shot, also try the Control Panel technique, and definitely have the infected PC scanned with a trustworthy security tool.