Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Thursday, November 3, 2011

Remove (Uninstall Guide)

Tell your friends: is a web search engine/browser hijacker that may return irrelevant search results and redirect users to sponsored websites having nothing to do with search inquiry. This website is not currently listed as dangerous (it won't infect your computer). It has not hosted malicious software over the past three months either. We added to our database because it appears to be related to rootkits and Trojan horses responsible for click frauds and search redirects. We are fairly sure this is not a coincidence. In a common scenario, a rootkit or a trojan infects a computer and injects malicious code into Windows system files and processes. It may capture network traffic and send network packets to bypass Windows firewall.

Whenever you click on a link while searching with Google (or other web search engine) it would redirect you to either infected websites or such sponsored websites as Sometimes, it may display a blank page. Cyber criminals have to monetize their traffic. Redirecting search results to spammy website is a good way to do so. The redirects happen in all major web browsers. Re-installing your web browser won't help. System Restore won't help either, well it might help for a short period of time, but malware will be re-downloaded after a couple of hours. If you got this annoying redirect problem, your computer is definitely infected by malicious software. Please note that in some cases, malware responsible for click fraud and redirects may block legitimate anti-malware software. Hopefully, you can remove this virus from your computer by following the steps in the removal guide below. If you need help removing redirect virus, please leave a comment below. We will be more than happy to assist you. Good luck and be safe online! web browser hijacker and associated malware removal instructions:

1. First of all, download and run TDSSKiller by Kaspersky.

2. Then download recommended anti-malware software and run a full system scan to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. And finally, use CCleaner to remove temporarily and unnecessary files from your computer.

Associated files:
  • C:\Documents and Settings\All Users\Application Data\mazuki.dll
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
  • C:\WINDOWS\system\BCBSMP35.BPL
  • C:\WINDOWS\system32\sstray.exe
Share this information with your friends:


Anonymous said...

All I did to fix this problem was to delete a registry value in the resgistry. If you go "Computer\HKEY_Current_User\Software\Microsoft\Internet Explorer\TypedURLs", you'll find an entry called "url1" with the url to, just delete that, close IE and reopen and it should be gone. When I tried to re-launch IE, Malware bytes picked up the virus trying to run a process and I had it quarantined. That solved my problem for IE.

donotwant said...

I don't hvve either program on my computer please tell me how to fix this!

Anonymous said...

IT WORKED FOR ME!!!!!!!!!!!

Anonymous said...

I deleted the "associated files" listed above, Deleted "url1" in the registry listed above, and used the "STOPzilla" anti-malware software listed above and now my computer no longer re-directs me to get-answers-fast, what a relief. I also used the "TDSSkiller" mentioned above but it didn't find anything, but that may help someone else so go ahead and run the scan it only took 2 minutes. Good Luck!

Anonymous said...

This is BS. Stopzilla will only remove it if you buy it. Chances are they made the virus to begin with and posted this topic for simply just advertising and reasons to trick people to use it. No thanks. I rather reformat that give .02$ to any app that doesn't at least have a FULLY functional trial. Not just "See what I'm saying is wrong with your system" crap.

Google redirector victim said...

STOPZilla was able to remove multiple copies of the malware, it took a 4-5 hours. The 2 other programs above finished sooner but were not able to find the malware. You don't have to buy the full version of STOPZilla, you can continue to remove the Google redirector. The STOPZilla Freeware includes protection for Spyware & Popups, but not "Siteguard". My PC/browser is working once again! Thanks for tip!

Anonymous said...

TDSSKiller is useless because It won't run. (don't tell me to rename it or any of that jazz because it didn't help. I removed stopzilla because it didn't find anything. Spyware doctor and ccleaner both don't do jack for the rootkit. The only think I've found that SHOULD work is combofix but it keeps crashing on me so I'm screwed might as well throw my computer away.

Anonymous said...

None of the solutions listed here will remove the rootkit, which is the source of any of the secondary trojans/rogues that likely brought you to this site. TDSS Killer will treat the secondary infections, but not the rootkit. MalwareBytes' Anti-malware will also treat the secondary infections, but not the rootkit.

Spyware Doctor will find infections, but conveniently requires you to purchase the program to remove them, so don't even bother unless you can 'acquire' a free version.

Honestly, there are so many bogus websites set up with the keywords 'google redirect virus', etc., that one of these antivirus companies HAS to be responsible for the spread of this virus.


Anonymous said...

The TDSSKiller can't seem to find it. Any advice for why that is? I ran it as an 'admin' too, and it still couldn't find it.

maverickmagali said...

NOTHING is getting rid of this on my system. TDSSKiller does not open (even when I rename it to after unhiding known file extensions), FixTDSS says everything's fine, Malwarebytes occasionally finds something but whatever it is keeps repairing itself and I keep getting redirected. And who knows what else it's doing to my system. HELP ME PLEASE!

Anonymous said...

I had unhide c:\windows\system32\drivers\etc\hosts and remove the read-only attribute. I then edited the hosts file with notepad and commented out two entries that redirects Google and Bing to 94.x.x.x. I then saved the hosts file, re-hid it, and reapplied the read-only attribute. Searching through the registry didn't find anything.

Anonymous said...

This seem to work...give it a try

Anonymous said...

I think they changed their software. Its still pretty 'easy' to remove all that stuff. There are several components. The newest version has two processes, 067.exe and E7B20.exe. I can just assume that they change the name on installation. You need to remove everything from the registry by hand and then restart. You also need to remove the actual spyware and that qmgr0.dat stuff. Then you have to change the proxy of windows in internet properties/ lan settings.

Anonymous said...

They must have changed everything because none of the above is on my machine. I've tried all of the cleaners and nothing. Any update on this virus and how to remove it?