Gala Search

6th January 2012

Gala Search: Beware of this Search “Helper”

There are more than 29 million search queries entered each minute.  We depend on Google, Bing, Yahoo and other search engines for everything from the latest entertainment news to recipes to product information and how-to help articles.  An indispensable part of nearly everyone’s Web experience, search engines help tame the incredibly vast amount of information in the cyber-world and make it more accessible.  Because they are so necessary, they are also a favorite target for malware developers.  Gala Search is known as a search hijacker and it is much better at directing users to rogue websites than to relevant information.  A form of adware, Gala Search is more of a hindrance than help for online searchers.

What is Adware?

Adware is software that is supported, or paid for, by ads.  In itself, that does not mean that all adware is malicious.  In fact, adware can be great for consumers because the cost is paid for by ads and the consumer gets free or greatly reduced software in exchange.  There are scores of legitimate, useful ad-supported programs available on the market today.  Adware programs like Gala Search, however, cross the line into malware when they obscure their purposes and reroute users to rogue websites that are peppered with advertisements.

How Does Gala Search Work?

What if this adware program is installed in your computer system?  When you attempt to run searches via Google, Yahoo, MSN, or Bing, you will be rerouted to the Gala Search “search engine.”  The site displays links to malicious or rogue websites and displays copious ads.  The URL most commonly associated with the adware program is galasearch .com, but there are other .com sites that are used as well.  This adware program affects Internet Explorer, Firefox, and Chrome browsers. 

The problem with search hijackers like this is that they take over your settings and make it difficult to search for the information you need or navigate to the pages you want.  Gala Search continually redirects you to its associated websites, forcing you to increase the traffic to those sites.  This makes them more popular and increases revenue from pay-per-click campaigns.  The adware program is profiting as it alters your system’s performance and stability.

What Will You Notice?

The most obvious indication that a search hijacker has been installed in your machine is, of course, the difficulty you will encounter when trying to enter in queries and the increased frequency of distracting ads.  As mentioned, you will be redirected to the Search Gala site, where you will be urged to enter your search terms.  Regardless of what you enter, the site will generate malicious or rogue links.

At first glance, the false search engine mimics Google.  It borrows the legitimate engine’s signature colour scheme, and while the “Gala Search” name is printed on the left side, a bar reading “Google Search” erroneously indicates that the search will be powered by this trusted engine. The links displayed after a “search” all lead to rogue sites hosting the irritating ads.

There are other changes that you may become aware of as well.  These include:

·         Logging your browsing activity to target ads.  Ads will be related to websites and/or products you have searched for.

·         Hijacking your homepage.  If you reset your homepage, the adware program simply reverts back after reboot.

·         Blocking access to legitimate security websites.  This is characteristic of many other forms of malware.  In an effort to run undetected and unhindered, these programs can block you from seeking help.

·         Spreading additional malware.  Even if the adware is more annoying than malicious, it does pose a threat in that it can create doors through which other forms of malware and spyware can enter.

·         Slow performance.  Rogue programs run in the background, diverting system resources for their own use.  As a result, you may notice ordinary tasks, such as opening browser windows, takes longer than normal.

How Did Search Gala Access Your System?

Like other malware and rogue antivirus programs, this search hijacker depends on stealth entry to access users’ systems.  Most often, Gala Search exploits ActiveX controls, which are like building blocks that connect a computer to various internet functions.  By finding a hole or security vulnerability, the adware program can enter. 

Another mode of entry comes when users browse insecure websites and inadvertently allow Trojans to access their systems.  Traditionally, “insecure” has been a euphemism for sites with adult content, but today, sites with P2P, freeware, shareware, gaming, pirated, or trending content can be affected. 

Removing Search Gala

For many people, search engines are crucial to the overall Web experience.  When that functionality is impaired, it can render a computer virtually unusable.  Adware like this not only makes it difficult to find and access the information you need, it can leave your system vulnerable to other threats.  For these reasons, it is important that you take steps to remove Search Gala as soon as possible.

Most people try to use the “Add or Remove” option.  This may remove surface traces of the program, but there may be files, processes, and registry keys that remain hidden and, therefore, active.  Running an antivirus scan is similarly ineffective because this program is not classified as a virus.  What can computer owners do then?

Automatic removal.  This is the best option, particularly for those without extensive technical experience.  Using a program like Enigma's SpyHunter or Malwarebytes Anti-Malware (Malwarebytes has free malware removal)  can immediately and effectively remove all traces of the adware from your computer.  It will not be able to recreate itself, and you run no risk of further damage.

Manual removal.  This method is only recommended for those who are familiar with their system registry – and have a lot of time on their hands.  You must meticulously remove each file and key associated with the rogue program. If you miss even one, Gala Search can recreate itself.  On the other hand, you could inadvertently delete a necessary file and impair your computer’s performance.  If you have experience, try the following steps for manual removal, and do not hesitate to contact us for assistance.



HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Gala Search"


All content copyright 2006-2017, Bonobo Pty Limited. All Rights Reserved.
Privacy Policy | Terms Of Service