How to remove u-search.net?
Solved
KiTe37
Posted messages
12
Status
Member
-
noreply -
noreply -
Hello,
I recently downloaded the software Groovedown, but it seems to be targeted by the virus/malware u-search.net.
As a result, my PC is infected :(
I have run an antivirus scan (Avast), launched Malwarebytes, and used Spybot, all in safe mode, without success.
I have no abnormal processes, I found nothing in the registry (I deleted everything that came up when searching for "u-search.net"), and nothing seems abnormal in my PC's boot log (I can post it if needed).
I also ran a scan with HijackThis, but found no striking results; I could post the report if necessary.
Furthermore, I couldn't find any reliable and functional source online to get rid of this mess.
Does anyone know how to remove it?
I can post all the mentioned logs here if needed.
Thank you in advance!
Configuration: Windows 7 / Firefox 15.0.1
I recently downloaded the software Groovedown, but it seems to be targeted by the virus/malware u-search.net.
As a result, my PC is infected :(
I have run an antivirus scan (Avast), launched Malwarebytes, and used Spybot, all in safe mode, without success.
I have no abnormal processes, I found nothing in the registry (I deleted everything that came up when searching for "u-search.net"), and nothing seems abnormal in my PC's boot log (I can post it if needed).
I also ran a scan with HijackThis, but found no striking results; I could post the report if necessary.
Furthermore, I couldn't find any reliable and functional source online to get rid of this mess.
Does anyone know how to remove it?
I can post all the mentioned logs here if needed.
Thank you in advance!
Configuration: Windows 7 / Firefox 15.0.1
15 answers
In fact, it’s not exactly an infection.
You installed GrooveShark with the "default installation" profile. By choosing "Custom installation," it would have offered you the option to not set "u-search" as your homepage on your browsers.
It’s a bit hidden, it’s true. Generally speaking, that’s why I recommend that you always choose "custom installation" for any software.
If you want to clean it up, here’s the procedure:
http://frickinexcuse.net/u-search-net-and-the-groovedown-trojan-fix/#comment-62
Basically, a Firefox preferences file (prefs.js / user.js in your profile folder), extensions, and settings for other browsers (default homepage, proxy to check).
You installed GrooveShark with the "default installation" profile. By choosing "Custom installation," it would have offered you the option to not set "u-search" as your homepage on your browsers.
It’s a bit hidden, it’s true. Generally speaking, that’s why I recommend that you always choose "custom installation" for any software.
If you want to clean it up, here’s the procedure:
http://frickinexcuse.net/u-search-net-and-the-groovedown-trojan-fix/#comment-62
Basically, a Firefox preferences file (prefs.js / user.js in your profile folder), extensions, and settings for other browsers (default homepage, proxy to check).
Hello
Download and save ADWcleaner to your desktop:
ADWCleaner (Thanks to Xplode)
Run it,
(For Vista and Seven => right-click "run as administrator")
click on delete and post its report.
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
Download and save ADWcleaner to your desktop:
ADWCleaner (Thanks to Xplode)
Run it,
(For Vista and Seven => right-click "run as administrator")
click on delete and post its report.
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
Here is the report:
# AdwCleaner v2.003 - Report created on 09/25/2012 at 11:45:06 PM
# Updated on 09/23/2012 by Xplode
# Operating system: Windows 7 Home Premium Service Pack 1 (64 bits)
# Username: KiTe - THEWORLD
# Boot mode: Normal
# Executed from: C:\Users\KiTe\Desktop\adwcleaner.exe
# Option [Removal]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
***** [Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored: [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-21-3229955345-1190243535-2953811619-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0.1 (fr)
Profile name: default
File: C:\Users\KiTe\AppData\Roaming\Mozilla\Firefox\Profiles\vpa97ywu.default\prefs.js
C:\Users\KiTe\AppData\Roaming\Mozilla\Firefox\Profiles\vpa97ywu.default\user.js ... Deleted!
[OK] The file contains no illegitimate entries.
-\\ Google Chrome v [Unable to get version]
File: C:\Users\KiTe\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] The file contains no illegitimate entries.
*************************
AdwCleaner[S1].txt - [2092 bytes] - [09/25/2012 11:45:06 PM]
########## EOF - C:\AdwCleaner[S1].txt - [2152 bytes] ##########
And apparently, I can change the Firefox homepage again.
# AdwCleaner v2.003 - Report created on 09/25/2012 at 11:45:06 PM
# Updated on 09/23/2012 by Xplode
# Operating system: Windows 7 Home Premium Service Pack 1 (64 bits)
# Username: KiTe - THEWORLD
# Boot mode: Normal
# Executed from: C:\Users\KiTe\Desktop\adwcleaner.exe
# Option [Removal]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
***** [Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored: [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored: [HKU\S-1-5-21-3229955345-1190243535-2953811619-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0.1 (fr)
Profile name: default
File: C:\Users\KiTe\AppData\Roaming\Mozilla\Firefox\Profiles\vpa97ywu.default\prefs.js
C:\Users\KiTe\AppData\Roaming\Mozilla\Firefox\Profiles\vpa97ywu.default\user.js ... Deleted!
[OK] The file contains no illegitimate entries.
-\\ Google Chrome v [Unable to get version]
File: C:\Users\KiTe\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] The file contains no illegitimate entries.
*************************
AdwCleaner[S1].txt - [2092 bytes] - [09/25/2012 11:45:06 PM]
########## EOF - C:\AdwCleaner[S1].txt - [2152 bytes] ##########
And apparently, I can change the Firefox homepage again.
After 30 minutes and a reboot, the tool shut down without generating any logs on the desktop.
Should I proceed with a guess and start over?
Should I proceed with a guess and start over?
My bad, the tool seemed to keep running in the background and the log appeared.
The site to post it seems inaccessible for now; I will post it tomorrow.
The site to post it seems inaccessible for now; I will post it tomorrow.
Here is the link to the report: https://pjjoint.malekal.com/files.php?id=20120926_d107y85e7
password: usearch
password: usearch
ok restart the tool, click on "Chk.SVC" then host the report
if it doesn't appear, right-click on the desktop => refresh
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
if it doesn't appear, right-click on the desktop => refresh
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
Uninstall Spybot Search and Destroy nothing at all
====
Attention!!! Remember to re-disable your protections
Click on this link: https://www.cjoint.com/?BIAvpzAb7eC
Select all the text found there CTRL+A then CTRL+C or right click/copy
Restart Pre_scan then choose the "Script" option
A page will open
Logically, the text you selected should already be there, so close it and the program will work.
Otherwise, paste it (right click/paste or ctrl+V) into the blank page.
Then file tab => save (not save as...), then close the text
Black windows may blink, it's normal, it's the program working
A Pre_Script.txt file will appear on the desktop when the work is finished
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
====
Attention!!! Remember to re-disable your protections
Click on this link: https://www.cjoint.com/?BIAvpzAb7eC
Select all the text found there CTRL+A then CTRL+C or right click/copy
Restart Pre_scan then choose the "Script" option
A page will open
Logically, the text you selected should already be there, so close it and the program will work.
Otherwise, paste it (right click/paste or ctrl+V) into the blank page.
Then file tab => save (not save as...), then close the text
Black windows may blink, it's normal, it's the program working
A Pre_Script.txt file will appear on the desktop when the work is finished
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
Close all windows and applications during installation and analysis.
▶ Download here:
Malwarebytes
▶ Install it (make sure to choose "French"; do not change the installation settings) and update it.
Restart Malwarebytes by carefully following these instructions:
! Disconnect and close all running applications!
▶ Launch Malwarebytes.
Perform a "Complete" scan.
▶ Let the program run (and do nothing else with the PC during the scan).
▶ At the end, click on "Results."
▶ Check that all infected objects are selected, then click on "Remove."
▶ Note: if you need to restart your PC to complete the cleaning, do it!
▶ Post the saved report after removing infected objects (in the "Report/Log" tab of Malwarebytes, the latest date)
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
▶ Download here:
Malwarebytes
▶ Install it (make sure to choose "French"; do not change the installation settings) and update it.
Restart Malwarebytes by carefully following these instructions:
! Disconnect and close all running applications!
▶ Launch Malwarebytes.
Perform a "Complete" scan.
▶ Let the program run (and do nothing else with the PC during the scan).
▶ At the end, click on "Results."
▶ Check that all infected objects are selected, then click on "Remove."
▶ Note: if you need to restart your PC to complete the cleaning, do it!
▶ Post the saved report after removing infected objects (in the "Report/Log" tab of Malwarebytes, the latest date)
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤