How to get rid of Browser Hijackers and Browser Malware Toolbars

7 05 2014

Malware! Adware! Viruses!

You risk getting these when things are installed on your browser!

If your browser looks like this, you probably have malware.

If your browser looks like this, you probably have malware.

In my line of work, I have come across an issue that I see time and time again.  It’s called BO Malware- no not Body Odor, but kinda, when you think about.

Browser Helper Objects (BHO’s) is the actual term for these pesky little critters, and they can wreak havoc on your browser if you are not careful, and lead to virus leaks, identity theft, and even a major computer malfunction!  Not all BHO’s are bad, such as Adobe and Java, to name a couple.  Usually, they look like toolbars that belong on the browser.

Ever noticed as time goes by that your browser starts adding toolbars to itself that were never there before?

That’s because they weren’t and you have not been very careful about what you are clicking on.  DO NOT WORRY- most of the time, you add them inadvertently and have no idea that you are installing them.

They can slow down your online experience, not to mention your operating system if they have installed themselves in your hard drive through malware.  Your PC will be infected, your searches will all be controlled and redirected, your home page will be changed, and basically your computer will slowly be taken over.

So how do you prevent and get rid of them??

Your best bet is preventative methods.  When you install a legitimate tool, application, or any software, make sure to read everything carefully.  You would be surprised at what you are agreeing to if you ACTUALLY read some of those Terms & Conditions we all are so guilty of  just clicking and accepting.

Some of these advertisers and promoters are very sneaky and create an extra very small check box, and hide their products very well, within a legitimate product’s terms, such as a trial, complimentary feature, or “helper” object.  That’s why you have to look around very carefully and make sure nothing is already checked off by default whenever you are installing something or updating an already-installed program or utility.

Also, look out for new buttons, icons, or objects on your browser’s main bar.  If you suddenly have something on your browser like “Coupons.com” or “YouTube Downloader” where there was none before, something probably got installed inadvertently. Look at the examples above to familiarize yourself with what these little critters look like.

GETTING RID OF THEM

Often times there are heavy virus removal procedures that are involved, and you should seek professional service in order to not damage your system.  However, if you’d like to try it yourself, here is a basic procedure you can try.

First, your best bet is to restart the PC in Safe Mode.  You do this by tapping F8 when you first turn it on from a complete shutdown.  As soon as you hit the power-on button, you should already be tapping F8- fast and repeatedly until you get to a black screen with white letters that says Advanced Boot Options.  Here, you would select SAFE MODE using your up and down arrow keys on the keyboard, and press Enter.

winxp-safemode2

You will notice files loading and when this has finished, your desktop will look all messed up and the icons will all be very large- this is Normal for SAFE MODE.  ( At the end of all this, to get out of Safe Mode, just restart your PC but don’t do the “F8” thing.)

In Safe Mode, your core Windows components are loaded, and the system is running with minimal services, which is great because that means that if there is Malware (or viruses), they most likely are not loaded and running, since it’s only running the essential operating system components.  This is Safe Mode, ladies and gentlemen.

Now, the first thing you want to do [and hopefully you already have something installed] is run your anti-virus program.  You should keep in mind to update your AV program before you sign into Safe Mode, to ensure you have the latest updated virus definitions.  Once your virus scan is completed, delete or quarantine whatever it finds (if any) and then run it again, and again, until there are ZERO objects detected.

This will have removed any malware and possible viruses.  Once this is complete, you are ready to uninstall the BHO’s from your PC.  Now, in Safe Mode there are ways of uninstalling programs, but it requires some advanced knowledge and editing the registry, which is NOT recommended for a person who is not skilled at editing the registry.

For the sake of keeping this article at a ‘basic level’, we will skip the Advanced method, and REBOOT THE MACHINE back to Normal Mode.

Once the PC is back in Normal Mode and you are on your desktop, go to the Start menu, and open the Control Panel window.  Find the feature to Add/Remove programs or “Uninstall” a program, and begin to start looking for things that you do not recognize and have certain keywords like Search, Conduit, Coupons, Cleaner, and names of System Cleaners that you do not recall purchasing.  A good rule of thumb is, before you delete something you do not recognize, do not assume it is “bad” and look at the Publisher column in this Uninstall window, and make sure it is not a company you recognize, like Microsoft, Adobe, Quicken, and Sun Systems, to name a few.

IMPORTANT:  Do some research- look up the names of the ones you are suspicious about.  Chances are the first couple of search results on a web search will provide a wealth of answers as to what this product is.   If it’s bad, remove it from your system.

Speaking of “search”, your browser is still going to be hijacked, so a good thing to do in combination, or before you start searching for products you are suspicious about, is resetting your browser.  Each browser has a different way of doing this.

NOTE: resetting your browser can sometimes mean losing your favorites.  There is a way of exporting your favorites to a file and importing them back after a reset,but that will not be covered in this article.  A Google search will find those instructions easily.

Internet Explorer

  1. Close all Internet Explorer and Explorer windows that are currently open.
  2. Start Internet Explorer.  Note If you are running Windows 8.1 or Windows 8, start Internet Explorer from the desktop. Changing your settings will affect both Internet Explorer and Internet Explorer that you start from the desktop.
  3. On the Tools menu, tap or click Internet options. If you don’t see the Tools menu, press Alt.
  4. In the Internet Options window, tap or click the Advanced tab.
  5. Tap or click Reset. If you’re using Windows Internet Explorer 6, click Restore Default.

Google Chrome

  1. Click the Chrome menu Chrome menu on the browser toolbar.
  2. Select Settings.
  3. Click Show advanced settings and find the “Reset browser settings” section.
  4. Click Reset browser settings.
  5. In the dialog that appears, click Reset. Note: When the “Help make Google Chrome better by reporting the current settings” checkbox is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyze trends and work to prevent future unwanted settings changes.

Mozilla Firefox

  1. Click the menu button New Fx Menu and then click help Help-29 .
  2. From the Help menu choose Troubleshooting Information.
    If you’re unable to access the Help menu, type about:support in your address bar to bring up the Troubleshooting information page.
  3. Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
    Reset 29 Win
  4. To continue, click Reset Firefox in the confirmation window that opens.
  5. Firefox will close and be reset. When it’s done, a window will list the information that was imported. Click Finish and Firefox will open.

SAFARI

To reset Safari:

  1. Choose Safari > Reset Safari.
  2. Deselect any items you don’t want to reset:
  3. Clear history: Clears the list of webpages you’ve viewed.
  4. Reset Top Sites: Clears any changes you’ve made to Top Sites, such as adding or pinning sites. If you also clear your history, your Top Sites page reverts to showing the webpage previews displayed when you first installed Safari 5.
  5. Remove all webpage preview images: Clears any thumbnail images Safari has saved of webpages you’ve viewed.
  6. Empty the cache: Clears the webpages you’ve viewed from the temporary location on your computer where Safari stores them. The cache helps webpages load more quickly, so you may notice it takes some websites longer to open the first time you visit them after emptying the cache.
  7. Clear the Downloads window: Clears the list of files you’ve downloaded from websites. Only the names are removed; the files themselves are still on your disk until you remove them.
  8. Remove all cookies: Removes cookies that websites have stored on your computer.
  9. Remove all website icons: Removes website icons, which are small graphics that help identify sites on the Internet. You see them in the Safari address field and bookmarks list, and other places. These icons are stored on your computer.
  10. Remove saved names and passwords: Removes user names and passwords that Safari automatically fills in at websites that require them (if the AutoFill feature is turned on).
  11. Remove other AutoFill form text: Removes some personal information, such as telephone numbers, that Safari uses to automatically fill in forms on webpages (if the AutoFill feature is turned on). Removing AutoFill information does not remove information from your address book.
  12. Close all Safari windows: If you don’t close all Safari windows, someone could use the Back and Forward buttons to view the webpages you’ve visited.
  13. Reset all location warnings: Clears any information websites have saved about your location.
  14. Click Reset.

Finally, after resetting your browser, your home page (or the default home page) should return, and not the redirecting search bar that you most likely have been using thinking this is the “normal”  search bar or home page.  You can set the home page at this point to what ever you like, usually Google.com is the preferred industry standard.

Check your browser for objects- if there are still some left, jot down the name(s) and perform a web search and look for similarities in programs and names in the Control Panel.  Uninstall the left overs bad ones.  Usually, you will not catch them all in your first sweeps, and will need to do a little research before the system is safe once again.

TO RECAP.

Start your PC in Safe Mode

Run a Virus Scan until clean

Restart your PC in Normal Mode again

Uninstall unwanted programs via the Control Panel

Reset your browser to its default settings

Lather, and repeat if necessary, like shampoo until your system is clean.

 

Good luck- and for help or service, you can always contact us, and we can provide REMOTE support and do all this for you, for a nominal fee.
Thanks for reading this article!

We hope it helps, and remember, this article is intended for beginners or people who are not very tech-savvy, so Techs…..spare us any technical objections- we know its a little more complicated, but we have faith in our readers that they can DO THIS!!

 

Advertisements




Malicious Viruses and What To Do If Your System Becomes Infected

26 08 2012

Malicious code (sometimes called malware) is a type of software designed to take over or  damage a computer, without the user’s knowledge or approval. Malware includes:

  • Viruses that attach to legitimate files and spread when the files are opened.
  • Worms that infect systems and spread automatically through the network.
  • Trojan horse programs that appear to be useful programs but which perform secret or  malicious acts.
  • Spyware that tracks your computer or browser activity.
  • Adware that displays pop-up advertisements based on your browser activity.
  • Spam that is unwanted, unsolicited e-mail, often carrying viruses or advertisements for    questionable or illegal products.

You should protect all systems with malware protection software to help prevent and control   malware on your system.

Here are two of my favorite programs to use, Malwarebytes and Avast.  Malwarebytes is reactive program that you install in a non-infected system and run and update to keep your computer safe.  You can also use it in a ‘cocktail’ of programs to run in Safe Mode if you ever have to clean up your system from infections.

Avast is a free anti-virus that has worked pretty good to keep our systems protected.  It is simple, very stealth, and low resource-consuming on any operatating systems we have tested it on.  It has picked up many viruses and removed them from infected systems.

  • Common symptoms of malware on your system include:

    • The browser home page or default search page has changed.
    • Excessive pop-ups or strange messages being displayed.
    • Firewall alerts about programs trying to access the Internet.
    • System errors about corrupt or missing files.
    • File extension associations have changed to open files with a different program.
    • Files that disappear, are renamed, or are corrupt.
    • New icons appear on the desktop or taskbar, or new toolbars show in the browser.
    • The firewall or antivirus software is turned off, or you can’t run antivirus scans.
    • The system won’t boot.
  • Some malicious software can hide itself such that there might not be any obvious signs of its presence. Other symptoms of an infection include:
    • Slow Internet access.
    • Excessive network traffic, or traffic during times when no activity should be occurring.
    • Excessive CPU or disk activity.
    • Low system memory.
    • An unusually high volume of outgoing e-mail, or e-mail sent during off hours.
  • Conducting regular system scans can detect and fix many problems.
    • Most software lets you schedule complete system scans, such as daily or weekly.
    • If you suspect a problem, initiate a full system scan immediately.
  • Remediation is the process of correcting any problems that are found. Most antivirus software remediates problems automatically or semi-automatically (i.e. you are prompted to identify the action to take). Possible actions in response to problems are:
    • Repair the infection. Repair is possible for true viruses that have attached themselves to valid files. During the repair, the virus is removed and the file is placed back in its original state (if possible).
    • Quarantine the file. Quarantine moves the infected file to a secure folder where it cannot be opened or run normally. You might quarantine an infected file that cannot be repaired to see if another tool or utility might be able to recover the file at another time.
    • Delete the file. You should delete files that are malicious files such as worms, Trojan horse programs, or spyware or adware programs. In addition, you should periodically review the quarantine folder and delete any files you do not want to recover.
  • If a scan reports a serious problem, disconnect your computer from the network. This prevents your computer from infecting other computers until the problem is corrected.
  • Some malicious software warnings, such as those seen in pop-ups or received through e-mail, are hoax viruses. A hoax virus instructs you to take an action to protect your system, when in fact that action will cause harm. Two common hoaxes are:
    • Instructing you to delete a file that is reported as a virus. The file is actually an important system file that will lead to instability or the inability to boot your computer.
    • Instructing you to download and run a program to see if your system is compromised or to add protection to your system. The file you download is the malicious software.

    Before taking any actions based on notices or e-mails, search the Internet for a list of virus hoaxes and compare your notice to know hoaxes.

Recovery from malware could include the following actions:

  • If scans detect malware, then repair, quarantine, or delete the malicious software.
  • Some malware cannot be removed because it is running.
    • If possible, stop the program from running, then try to remove it.
    • If you are unable to stop the malware, try booting into Safe Mode, then run the scanning software to locate and remove the malware.
  • If malware has caused damage to the system, it may be permanent and could require that you reinstall applications, features, restore files from a backup, or even restore the entire operating system from scratch.
  • If malware has damaged or corrupted system files, you might be able to repair the infected files using Sfc.exe.
    • Before running Sfc, be sure to remove the program that caused the damage (or it might re-introduce the problem after the fix).
    • You might need to boot into the Recovery Console to check system file integrity and repair any problems found.
  • Some malware can corrupt the boot block on the hard disk preventing the system from starting. To repair the problem, try using the Recovery Console in Windows XP, or perform an automatic repair in Windows Vista/7. Use fixmbr or fixboot in the Recovery Console to try to repair the damage.
  • If the organization uses imaging solutions, you can quickly reimage a machine if it is infected with malware. Reimaging or installing from scratch is often faster and more effective than malware removal and cleanup.

To conclude, the best thing to do in case the virus is not removed is to boot up in Safe Mode (restart the computer and right when it turns on press F8 until you are prompted to start in Safe Mode).  Then run your virus removal utilities.  If you will need the Internet, boot in Safe Mode with Networking (this mean you can connect online with minimal resources loaded).

Sometimes virus removal can be like peeling an onion- you remove one and it reveals another one that was not detected before.  IF this happens a lot, then as you go removing the viruses, some parts of your operating system can become corrupt, like system files and applications .  In this case, and in the case of rootkits, sometimes it’s just best to salvage whatever information you can and then re-install the operating system.

If you need help with any of the things mentioned above, or guidance, please feel free to contact technical support by visiting www.techsuperforce.com.

We are always available through phone, chat, or email.

We hope you enjoyed this article, and feel free to leave comments or questions here.