Malware Removal Instructions

Sunday, May 19, 2013

Remove "You shall not pass" virus (Uninstall Guide)

This page contains removal instructions for the "You shall not pass" virus. Once you're infected with this virus you won't be able to access Google, Facebook, Tumblr and some other popular websites. When you go to any of these websites, the virus will show you a picture of Gandalf saying You shall not pass. OK, so at first I thought someone is just trolling since the virus doesn't ask you to complete a survey or pay a ransom to restore access to these websites. The virus simply modifies Windows Hosts file. Web browser then loads "You shall not pass" notification from remote web server controlled by cyber crooks instead of your requested website.

I got this virus after downloading free Minecraft account generator. I was looking for this virus, so I had to download and install it but you shouldn't download such shady software. As you can see, such software drops malware on your computer, so don't take the risk. What is more, "You shall not pass" virus notification maybe be a sign of a very dangerous infection. You shall not pass virus fix isn't very difficult but it's not the only problem you have. If you downloaded some free Minecraft software etc., there's a good chance you also got this really nasty infection called Backdoor:Win32/Fynloski.AA. Just a few minutes after I removed the virus, I saw unusual web traffic. This backdoor Trojan was downloaded addition RAT components that were probably necessary to gain access to the compromised system and hide its presence from a security solution. Cyber crooks simply wanted to turn my test machine into a zombie computer, part of a botnet or maybe they wanted so steal sensitive information. One way or another, that's a huge security threat. While Gandalf "You shall not pass" notification might be funny, the other malware that maybe be installed along with it, isn't fanny at all. To remove You shall not pass virus from your computer, please follow the removal guide below. And don't forget to scan your computer with recommend anti-malware software. As I said, the situation may be a lot worse than you think. If you have any questions or suggestions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

"You shall not pass" virus removal instructions:

1. Download recommended anti-malware software and run a full system scan to remove this virus and related malware from your computer.

2. Reset Windows HOSTS file.

a. Close your web browser.
b. Go to: C:\WINDOWS\system32\drivers\etc
c. Double-click "hosts" file to open it. Choose to open with Notepad or any other text editor.

The Windows hosts file should look the same as in the image below (Windows XP). There should be only one line:

127.0.0.1 localhost (Windows XP)

127.0.0.1 localhost ::1 (Windows Vista/7/8).

If there are more lines, then remove them and save changes. Read more about Windows Hosts file here: http://support.microsoft.com/kb/972034

If you can't reset Windows Hosts file manually then download and run Microsoft Fix it tool and follow the steps in the Fix it wizard. If you can't download it, then simply delete Hosts file.

3. Download CCleaner and tidy up your computer, remove temp files, etc.

4. If the problem persists, please read this web document and follow the steps carefully: http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html

SnapDo.exe - Smartbar by ReSoft LTD

What is SnapDo.exe?

SnapDo.exe is not essential for Windows and may cause problems. It's a part of Span.do browser hijacker. Very often, this application comes bundled with freeware and software downloaders. It works on all major web browsers. SnapDo.exe runs automatically at startup. Once installed, it modifies web browsers' preferences, changes default home pages and search providers and installs a browser helper object. Sometimes this process may cause high CPU usage and web browser crashes. It may also collect certain information about your computer and browsing habits. It's a potentially unwanted application, we highly recommend you to remove SnapDo.exe from your computer.

Security Rating: Potentially Dangerous

File name: snapdo.exe
Publisher: Smartbar by ReSoft LTD
File Location: C:\Documents and Settings\[User Name]\Local Settings\Application Data\Smartbar\Application\SnapDo.exe

Remove ad.xtendmedia pop-up "virus", removal instructions

Instructions to remove ad.xtendmedia virus. A friend asked me to help to remove this "virus" from his computer. He said that his computer is infected with ad.extendmedia.com and also the search engine is changed to Delta Search. OK, so first things first, is xtendmedia really a virus? No, definitely not. It's an ad server, it's no different than Google or Yahoo servers. However, if you are getting obscene popup ads from ad.xtendmedia.com then there's a good chance that your computer is infected with adware or potentially unwanted application, for instance web browser add-on. Very often cyber crooks use adware and PUPs to show advertisements on infected computers willing to earn some quick money from advertising companies. They may even succeed because tracking click fraud and similar schemes isn't easy, even for leading companies.

These days there’s no escaping the constant stream of adverts that we are bombarded with in our day to day existences but it’s not just magazines and television that are constantly selling to us – even our computers are in on the act too!

Many websites run advertising, whether it’s banners for their own products or for another company, or Google ads. However you may have also noticed the increasing existence of pop-up adverts which thanks to advertising-supported software (normally known as adware) is a software package that downloads, displays or plays an advert for a product or service on your computer, including pop-up ads from ad.xtendmedia.

If we’re being honest the majority of us find pop-up ads pretty irritating. Most of us don’t give them any more than a cursory glance – normally followed with an irritable “Go away!” The strange thing is though that they must be at least a little effective because companies certainly seem to keep on using them as a means of advertising.

But that’s not all there is to adware and you shouldn’t be fooled into thinking that pop-ups are merely trying to sell you something as besides generating income for their creator, adware can also be used to install unwanted software – or worse, Spyware - onto your PC.

Spyware, as the name suggests is software which monitors, or more accurately, spies, upon you and it can have two functions: some spyware gathers data about your computer usage and which websites you use so that it can tailor further adverts to your interests (thus making you more likely to click on them) but other spyware has a little more than marketing in mind. Of course, this isn't the case because ad.xtendmedia doesn't collect any sensitive or personally identifiable information. But still, you should not the risks of adware and spyware infections.

Unscrupulous makers of adware that is bundled with spyware will either use this data to further their own gain or sell the information on to a third party. Malicious spyware can also corrupt the files and documents that you have stored on your computer.

It must be pointed out that not all adware is malware and when it isn’t being used to steal data it has most likely been created so that the developer of a website can recoup some of their costs. Sometimes it may be given to the user for free or at least at a reduced price with income being derived from the adverts meaning that the software developer is more likely to develop and maintain the software product and create regular upgrades.

Some adware might be what is known as shareware – also sometimes called trialware or demoware. Shareware is software which you will only be given a sample of for a limited time period. It is usually also only a ‘sneak preview’ of the full software package and used to whet our appetites and make us want to purchase the full package. Shareware software will hint at the amazing things that the real deal has to offer whilst giving us a little taster of the benefits we could experience if the full package was downloaded. Take email for example; an email program might have something called an adware mode integrated in their coding. You’ll download this new email inbox, enjoy using your account with all of its functions and benefits however once your trial period is up you’ll then be given three choices. Use your account as it now is in its diminished (and probably annoying!) version, get the full upgrade for free BUT with adverts and pop-up windows, or finally you can get the full version with all features and no adverts – but for a price.

So as we’ve seen some adware is simply irritating, some sucks us in to paying for something we perhaps never knew we wanted and could very likely get for free (should you really be paying for your email account…) and other adware is bundled with unwanted software such as spyware which can do great damage. So how do you protect yourself from the nuisance and potential danger caused by ad.xtendmedia? The answer is simple; install the best antivirus software you can find on your computer and make sure it’s always bang up to date! What is more, I will show how to opt-our from ad.xtendmedia service and how to disable digital identifiers and tracking cookies.

To remove ad.xtendmedia from your computer, please follow the removal instructions below. If you have any questions or suggestions, please leave a comment below. I will try to help you or answers your questions. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

ad.xtendmedia removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall recently installed web browser toolbars and other web browser add-ons. You should also remove recently installed software, especially freeware and shareware because there's a good chance that the popups and ad.xtendmedia redirects you are experiencing are caused by either these programs or web browser add-ons that came with them.

3. Opt-out from ad.xtendmedia here: http://xtendmedia.com/opt-out

Remove VisualBee, removal instructions

This page contains removal instructions for the VisualBee Toolbar and VisualBee Search engine. Please use this guide to remove VisualBee from Firefox, Chrome and Internet Explorer.

Browser hijacking is both an irritation and a danger when using the internet these days and whether you’re being plagued by annoying pop-up adverts and windows or malicious software or coding which have taken over (i.e. hijacked) your browser, it’s probably safe to say that all of us have fallen victim to hijacking at some point in the not too distant past. While Visualbee advertises itself as a graphic designer for PowerPoint presentations some users think it's actually malware. Of course, it's not the same thing as spyware, trojans or rootkits. I would say browser hijackers can be fairly classified as potentially unwanted software.

But what is browser hijacking exactly and what will happen to you if you’ve been attacked? The term browser hijacking actually covers a number of different malwares - malicious software. Generally it is agreed by computer experts that browser hijacking software is an external code that changes your web browser settings, without either your knowledge or, in many cases, your permission. Most of the time, VisualBee gets installed along with other software. It can be really difficult to get rid of all references to VisualBee, so always "opt out" of any extras being installed.

When your settings have been changed you’ll no doubt then find that your home page has been changed too and that new favourite websites have been added to your desktop or favourites folder. In the majority of cases, these new ‘favourites’ will direct you to websites containing crappy content – which can be potentially embarrassing and difficult to explain to your significant other or your boss! Not only this but generally the hijacker will also have made system changes meaning that even if you change your computer settings back to your old home page, it will automatically revert back to the unwanted one. Typically, "VisualBee" appears on a new tab and redirects users to http://visaulbee.delta-search.com or search.conduit.com.

So how do browser hijackers install themselves on your computer in the first place, and what are the things you should be looking out for to limit the chances of it happening to you? In most cases a browser hijacker will exploit Microsoft Internet Explorer's ability to run ActiveX scripts directly from a web page. When used maliciously, you will often see a pop-up box which asks you if it can install itself on your PC. What you may not realise is that this is the hijacking program and should you give it the go ahead to install itself, Internet Explorer will then unwittingly execute the program – which then changes your settings.

In fact, the majority of browser hijacking programs will request your permission before installing anything – although this can be done in such a way that you don’t realise you’re giving them the right to install. For example if the ‘check box’ to give permission is already ticked, then you may be tricked into accepting is as you actually need to UN-tick the box to say yes, or vice versa. So, the lesson to be learned here is always read the small print in pop-up boxes and if a program requests permission to install itself on your computer while you are surfing the web, unless you are 100% sure what it is, always reject it. There are, however, many installers that will install VisualBee in Chrome and Firefox even when you opt-out it or cancel the installation.

Having said that, the really sneaky browser hijackers will further take advantage of security loop holes within web browsers and will install themselves completely without your knowledge.

Scary stuff but thankfully there are ways to avoid being hijacked providing that you take a few precautions. Read on and we’ll tell you how you can take steps to make sure the browser hijackers don’t get to you.

First things first and if you haven’t got anti-malware software installed on your computer you should do so right now (or as soon as you finish reading this article anyway!) Using a reputable anti-malware package will greatly diminish your chances of being hijacked by VisualBee, as will making sure that it is always up to date. You can also try using anti-malware 'auto protection' for further security. Consider keeping an anti-hijacking 'toolkit' handy for emergencies too – you can download one of these from the internet, the same way that you would with anti-malware software.

Changing your web browser security settings can help too – if your settings are set to their weakest you could be laying yourself open for attack.

Another thing to consider is changing your actual browser. Although you might really like Internet Explorer, or at least use it because it’s the one you’re ‘used to’ it might be worth considering stopping using it altogether. Because the majority of malware, spyware and browser hijacker programs are coded specifically for IE (thanks to the security lapses) switching browsers should stop them from affecting you, therefore it might be worth choosing an alternative such as Mozilla Firefox or Google Chrome. Even though, nowadays most browser hijackers works perfectly fine on all major web browsers but Firefox for example uses very strict rules to determine whether toolbars and search engines are malicious or not.

Finally, it may go without saying but use your common sense – don’t click on links in emails sent from someone who you don’t recognize and don’t click on pop-up ads or banners offering the latest ‘awesome’ free game, no matter how tempting it looks. If it’s too good to be true then it probably is.

To remove VisualBee toolbar and VisualBee Search, please follow the removal guide below. If you have any questions or comments, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

VisualBee toolbar removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall VisualBee toolbar from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove VisualBee toolbar application and also other applications you have recently installed.

Simply the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove VisualBee from Google Chrome:

1. Click on Chrome menu button. Select Settings.

2. Click Set pages under the On startup.

Remove Visualbee Search by clicking the "X" mark as shown in the image below.

3. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

4. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select VisualBee Search from the list and remove it by clicking the "X" mark as shown in the image below.

Remove VisualBee from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools → Add-ons.

2. Select Extensions. Remove VisualBee toolbar extension. Close the window.

3. Click on the VisualBee Search search icon as shown in the image below and select Manage Search Engines....

4. Select VisualBee Search from the list and click Remove to remove it. Click OK to save changes.

5. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: visualbee

Now, you should see all the preferences that were changed by VisualBee. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove VisualBee from Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.

2. Select Toolbars and Extensions. Remove visualbee toolbar and visualbee Helper Object Internet Explorer add-ons.

3. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

4. Select VisualBee Search and click Remove to remove it. Close the window.

Remove Mysearchdial, removal instructions

If start.mysearchdial.com has taken over your browser, please follow this removal guide. This page contains removal instructions for the Mysearchdial search redirect and Mysearchdial toolbar. As if viruses, spyware, malware, Trojan horses and rogue anti-virus software weren’t enough to put up with, computer users need to also be aware of something called browser hijacking. Whilst this does sound rather ominous, having your browser hijacked can have a knock on effect that can run the gamut of simply being annoying to being downright dangerous.

Let’s take a look at what browser hijacking is first of all. When you log onto your PC and launch the internet, the first page you see is your home page, whether this is your computer’s default page, or you’ve changed the settings so that it’s a search engine or your favorite gossip or news website. When you’re searching for something on the internet, naturally you use a search engine such as Google or Bing. What do these three things have in common? They can all be hijacked by start.mysearchdial.com when you’re browsing the web or reading content online.

What this means is that a hijacker takes control of how your browser works and is configured – often in the format of a new toolbar. It may also change what is displayed on your home page. Some people refer to this as a ‘drive-by download’ due to the fact that if your computer’s operating system isn’t very secure, the toolbar will be installed without your knowledge. And whilst it may look as if it is there to help, what it will do instead is just redirect you to websites that you probably have no interest in visiting.

Most of the times, the Mysearchdial toolbar is installed by malicious computer code that is embedded in a web site or in online content that you’ve looked at, but it can also be caused by corrupt documents or files, by software or shareware that you’ve downloaded or even from an infected email.

The good news is that it’s not rocket science to tell if you’ve been the victim of browser hijacking as this isn’t a particularly subtle attack on your computer, unlike spyware which will remain hidden in the background and be virtually undetectable, even for experts. If your browser has been hijacked your home page may have been changed so that you’re seeing – at best - adverts and at worst pornographic images. When you search directly from the omnibox or the address bar you suddenly get results from start.mysearchdial.com instead of Google or any other web search engine of your choice. You will very likely also be bombarded with annoying pop-up adverts - some of which may have the ability to install spyware or other malicious software on your PC if you click on them. You’ll also find that your tried and trusted tool bar has changed and that a number of browser helper objects (BHO) may have appeared. A browser helper object is an application which extends web browser to enable increased functionality. Mysearchdial toolbar and extension definitely changes the way your web browser works. Here's a list of things it can do with your data:

Access your data on all websites
Read and modify your bookmarks
Read and modify your browsing history
Access your tabs and browsing activity
Manage your apps, extensions, and themes

You may also find internet shortcuts that you have no knowledge of saving having suddenly appeared in your favorites menu. Again, these short cuts will either direct you to sites that you don’t want to visit or alternatively they will be pulling the old spyware or adware trick and monitoring your browsing habits so they can compile a user profile on you and send you even more irritating adverts.

Having said that, not all browser helper objects are malicious. Take Google’s toolbar as an example; this includes a BHO when you install it. It is true that some features of the Google toolbar do collect data which is sent back to Google, however Google make this clear before you install it and give you the option of disabling it without uninstallation having a detrimental effect on the search capabilities.

However, Google is clearly a reputable search engine and if you have been hijacked, it is unlikely that the person or company behind the act has very honorable intentions. Take Surfbar (also known as Junkbar) for example; this is a browser helper object which is installed upon your machine without your knowledge or permission. It works by exploiting a vulnerable spot in Microsoft Internet Explorer and once in place it will change your chosen home page to its own. It then, very kindly, downloads multiple shortcuts (and we’re talking in the hundreds!) to adult websites to your desktop and into your favorites folder. Not only that but it will then install the decidedly un-functional toolbar which will direct you to many more. Of course, Mysearchdial doesn't exploit software vulnerabilities. Most of the time, it comes bundled with freeware and software downloaders.

Obviously the first thing you’ll want to do if you’ve had your browser hijacked is to remove the rogue software as quickly as possible, but do be careful as it can be tricky and is often not just a case of clicking ‘delete’ or ‘uninstall’. If a browser hijacker is not removed correctly there can be nasty knock-on effects ranging from programs no longer working to you finding that you can no longer connect to the internet. Therefore, if you have been hijacked by Mysearchdial and you’re not sure what you’re doing, please follow the removal instructions below. If you have any questions or comments, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Mysearchdial removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Mysearchdial from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove Mysearchdial application and also other applications you have recently installed.

Remove Mysearchdial from Google Chrome:

1. Click on Chrome menu button. Go to Tools → Extensions.

2. Click on the trashcan icon to remove the Mysearchdial extension:

3. Click on Chrome menu button once again. Select Settings.

4. Click Set pages under the On startup.

Remove start.mysearchdial.com by clicking the "X" mark as shown in the image below.

5. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

6. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select Mysearchdial from the list and remove it by clicking the "X" mark as shown in the image below.

Remove Mysearchdial from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools → Add-ons.

2. Select Extensions. Remove Mysearchdial and mysearchdial.com extensions. Close the window.

3. Click on the Mysearchdial search icon as shown in the image below and select Manage Search Engines....

4. Select Mysearchdial from the list and click Remove to remove it. Click OK to save changes.

5. In the URL address bar, type about:config and hit Enter.

Click I'll be careful, I promise! to continue.

In the search filter at the top, type: mysearchdial

Now, you should see all the preferences that were changed by Mysearchdial. Right-click on the preference and select Reset to restore default value. Reset all found preferences!