Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Wednesday, July 30, 2014

iStartSurf Virus Removal Help

Browser hijacking is both an annoying and a dangerous problem that can plague internet users. If your home page, search engine and new tab page have been hijacked by iStartSurf, it's fair to say that your computer is infected. Please use this guide to remove iStartSurf virus and any associated malware.

What is browser hijacking and what happens to your computer if you've been attacked? Browser hijacking actually encompasses a number of different malicious software programs (known as malware for short) but it is generally agreed that browser hijacking software is an external code that changes your web browser settings without your knowledge or, as far as you were aware, your permission.


You log onto your computer, open the internet and the first thing you see is your home page - your PC's standard page, a search engine or your favorite news channel. When you search or browse for something online you use a search engine – usually Google, Yahoo or Bing. Furthermore if you visit a website that's broken or has been removed you will see an error page. When iStartSurf hijacks your web browser you won't see your usual start page. You will see http://www.istartsurf.com instead. What is more, it will hijack your web browser's shortcut file by modified Target command line so that every time you open up your web browser your home page will be redirected to istartsurf.com. The same thing happens when you open a new tab page. In order to remove it completely from your computer you will have to clean shortcuts as well.

What browser hijacking means is that the person responsible for it will decide how your home page should look and how your browser works and is configured. Let's say you want to search directly from the omnibox or the address bar, you will be redirected to istartsurf.com instead of Google or any other search engine of your choice. Not only it's very annoying but also rather unethical practice. However, I wouldn't blame only those who created the so-called iStartSurf virus. Since this browser hijacker comes bundled with other software most of the time, there's a good chance you haven't read the end user license agreement and agreed to install 'extras' which are very often toolbars or browser hijackers. So, next time be more careful, even when download and installing software from reputable websites. This browser hijacker is distributed using fake Google Chrome update web pages. A fake web page claims that your browser is outdated and that you need to download the latest version in order to browser the net safely. The malicious files is called google_chrome.exe. It is detected as DomainIQ, SoftPulse and Smart Secure Software by multiple anti-virus engines. The file digitally signed by Smart Secure Software S.I. By the way, if you run this installer iStartSurf won't be the only malware you will get. You will also install adware called Cosstminn and Wajam.


Why would someone want to hijacker your web browser? Firstly they may want to direct you to a website of their choosing – either to generate traffic or revenue. Secondly – and more worryingly they may install spyware on your PC. Spyware, as the name suggests, spies upon your internet activity. It monitors which websites you visit and other browsing habits. At best this is so the programmers can tailor their adverts to you hence increasing the chances of you clicking and/or purchasing.

So how do you stop yourself becoming a victim of hijacking? Unfortunately nothing can guarantee that but there are precautions you can take: most importantly make sure you have reputable antivirus software installed on your computer, secondly never click on links in spam emails and third always check the 'small print' when you're downloading software or information from the internet and make sure you uncheck any boxes that casually mention that 'this software also comes with a tool bar' or other 'extra (unwanted!) bonus'. To remove iStartSurf from your computer, please follow the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


iStartSurf Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.





2. Remove iStartSurf related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • WPM17.8.0.3159
  • supWPM
  • iStartSurf
  • SoftwareUpdate
  • HQPureV1.8
  • GlobalUpdate


If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove iStartSurf from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Ensure that the Developer mode checkbox in the top right-hand corner is checked. Go to Chrome extensions directory and delete the folder Extended Protection extension is loaded from.



3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset. Close Chrome.

6. Right-click Google Chrome shortcut you are using to open your web browser and select Properties.

7. Select Shortcut tab and remove "http://www.istartsurf.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Chrome executable file.



Remove iStartSurf from Mozilla Firefox:

1. Open Mozilla Firefox. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: istartsurf

Now, you should see all the preferences that were changed by iStartSurf. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.istartsurf.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Firefox executable file.



Remove iStartSurf from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select iStartSurf and click Remove to remove it. Close the window.

4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://www.istartsurf.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.



6. Finally, go to ToolsInternet Options and restore your home page to default. That's it!
Read more

Tuesday, July 29, 2014

Remove Astromenda Search Virus (Uninstall Guide)

Astromenda Search (astromenda.com) is a potentially unwanted search engine that comes bundled with freeware downloads. Astromenda Search virus is what most users usually say when they get infected with this potentially unwanted program. Most users think that it wants them to use it as a default search engine so it can phish for information. Another thing that allows us to think it's a potentially unwanted application - it might be very difficult to get rid of it. I'm not sure if they are doing this on purpose or not but there might be very difficult to restore some changes made to your web browser. I hope it's just a bug rather than a clever technique made to protect this browser hijacker from being removed. Once installed, it hijacks your web browser, changes default search engine and home page to astromenda.com. There's no logo but the whole interface is very similar to Google Search, so most people thing it's basically the same Google search except that cyber crooks use their own domain in order to gather information about browsing habits and search terms. In fact it redirects users to Yahoo search engine page. So, it's just a pseudo search engine. There's also a browser extension called Astromenda New Tab that is used to achieve these goals. Please use this guide to remove Astromenda Search virus and any associated malware.


Astromenda Search comes bundled with legitmate software and adware. It's also promoted in various other ways, for example through the use of pay-per-install networks and even shady online streaming and download websites. Some of those website are completely fake while others could be even well known websites but with a poor ad management. The problem is, in part, that no matter how much investigation we might do into the subject, we will probably never know exactly what the intentions of these online parasites and annoyances actually are. Let's imagine you've decided to download a piece of software – a common occurrence - but you suspect that the third party website that it's available on is less than legit. However you know that millions of people the world over use this particular software on a daily basis. So how do you discern whether or not you should download your software? Firstly you should only download from the publisher's own site.

Secondly, if like me, you can vividly remember not knowing too much at all about IT, you may also remember that the people you asked for help and advice when downloading something, would tell you to simply start the download and then click all the 'OK' boxes until the download was done. Well, I'm sorry to say that if you're still in the habit of doing this, then those people have a lot to answer for! It is precisely this bad habit that will see you winding up with a Potentially Unwanted Program (or worse – malware) on your PC. Please be very careful when installing downloading software, even from the official websites because nowadays many software developers allow their programs to be bundled with other software. Otherwise, you may simply end up with Astromenda Search or some other PUP on your computer. It could be even a browser hijacker or a fake registry cleaner.

Trust me, I hear you - End User License Agreements are boring! But the point is that less than scrupulous software programs have more often than not been created to make someone some money. And these guys know that many of us don't pay any attention when we're downloading - and they're capitalizing on it.

No, you're right, it would be a lax malware publisher who advertised his intentions like that, but what you may not know is that the producers of Potentially Unwanted Programs quite often do. And that is why you should always read License Agreements!

Those responsible for foisting Astromenda Search virus onto us know that in the majority of cases we won't want their program (hence the fact that PUPs are usually bundled with legitimate software or tempting downloads such as torrents, free games, mp3s, movies and wallpapers) but they are often referred to in download agreements. This way the publishers cannot claim to be doing anything wrong.

The problem is that this referral or acknowledgement may not be terribly clear or obvious, and you may find that the wording is ambiguous or that you have to carefully check or uncheck any number of boxes in order to get the right combination that stops the PUP download. And that is why when you download something you should always check the agreement carefully and read between the lines. It's time to stop clicking 'OK, OK, OK' and to start protecting your computer from potentially unwanted programs. To remove Astromenda Search from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Astromenda Search Removal Guide:


1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.





2. As this infection is known to be installed by vulnerabilities in out-dated and insecure programs, it is strongly suggested that you use an automatic software update tool to scan for vulnerable programs on your computer.

3. Remove Astromenda Search related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



4. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following programs:
  • Astromenda Search
  • Astromenda New Tab extension


If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Astromenda Search from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Astromenda New Tab, BookmarkTube extensions.



3. Then select Settings. Scroll down the page and click Show advanced settings.


4. Find the Reset browser settings section and click Reset browser settings button.


5. In the dialog that appears, click Reset. That's it!

Remove Astromenda Search from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Remove Astromenda New Tab, BookmarkTube browser extensions. Close Add-ons manger.




3. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: astromenda

Now, you should see all the preferences that were changed by astromenda.com. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

Remove Astromenda Search from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

3. Select Astromenda Search and click Remove to remove it. Close the window.
Read more

Saturday, July 26, 2014

Remove TheTorntv V10 Ads (Uninstall Guide)

With so many different viruses and Internet parasites to contend with, it's no wonder it can be a little confusing trying to work out what everything is – and more importantly, what sort of damage they can inflict on you. I've found a few websites saying that TheTorntv V10 is a virus but actually is not. Let's get down to it: what is it? What affect can it have on your computer? How does it get there in the first place? How you can avoid installing it? And, crucially, how do you get rid of it? Please use this guide to remove "Ads by TheTorntv V10" and any associated malware.

Here's an example of Ads by TheTorntv V10.


If you've ever wondered what the difference between adware, greyware, spyware, viruses and malware is, you're in the right place. Furthermore if you've heard of Potentially Unwanted Programs (PUPs) and are not sure what the deal is with those either, read on as we will hopefully be able to enlighten you. Most DLL file of this program are detected as ADWARE/CrossRider.Gen2, a variant of Win64/Toolbar.Crossrider.F, PUP.Optional.TornTV.A by multiple anti-virus engines. It's pretty obvious that it's an unwanted program. Most AVs say it's adware. While others say it's a PUP. However, none of them detect it as virus, malware or spyware. it's very important to understand the difference because some sites will try to scare you into thinking that TheTorntv V10 adware and the ads you get are very dangerous. Yes, they might be but they can not steal your passwords, etc.

Are viruses, adware, spyware, malware and greyware the same thing? It's a good question but while there are some similarities between the five; they are all threats to your computer being the main one, spyware, viruses, greyware, malware and adware do have fundamental differences. But does that really matter? If these are the online bad guys, that's all we need to know surely? Well, actually it's not quite as simple as all that just a little bit of knowledge about each one will help you stay safer and defend yourself from attack.

Starting with the most obvious one: computer viruses. It can be tempting to lump everything 'bad' on the Internet as a virus, but as noted, there are differences. In the simplest terms, a virus is a self-replicating computer program. TheTorntv V10 adware cannot replicate itself, so it's clearly not a virus. In fact, viruses don't even have to be malicious – but the fact is that many are. Most computer viruses worm their way onto your PC by attaching themselves to a genuine program. A good anti-virus program should spot most viruses but as always, you should stay vigilant when downloading from the Internet.

Malware, short for 'malicious software' is an umbrella term that refers to anything and everything that has the ability to infect your computer. It encompasses adware, viruses and spyware, although Potentially Unwanted Programs are not considered to be malware as they usually announce their presence in the License Agreement or T's & C's when you're downloading from the Internet. We could say that TheTorntv V10 adware is party malware.

Unlike a virus, spyware is not self-replicating but make no mistake, this is a truly nasty piece of work! Spyware monitors your web browsing habits and can gather this information for use by a third party. You should also be aware of something called a key logger which records the keys you hit – i.e. what you type – so your usage can be monitored that way – and that includes your passwords and log in details. While TheTorntv V10 may gather some information about your browsing habits, like websites visited, etc., it's not a spyware program.

The difference between adware and other malware is that, like a PUP, you often will have consented to the adware being installed on your PC. Usually TheTorntv V10 is bundled with free software and once installed will inundate you pop-up and banner ads. In fact many Potentially Unwanted Programs are closely linked with adware.

This covers online nuisances that might be annoying but are not necessarily malicious. PUPs fall into this category. Because some people find Potentially Unwanted Programs useful the lines tend to be blurred. However if you want to stay completely safe online, you should do your best to avoid installing a PUP. And that means checking download T's & C's carefully, and not clicking on links or opening attachments in emails from unknown senders.

If you have questions, please leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


TheTorntv V10 Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove TheTorntv V10 related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • TheTorntv
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove TheTorntv V10 related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove TheTorntv V10, LyricsSay-1, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove TheTorntv V10 related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove TheTorntv V10, LyricsSay-1, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove TheTorntv V10 related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more

Friday, July 25, 2014

Remove Cosstminn Ad Virus (Uninstall Guide)

Let's get down to it: what is Cosstminn? What affect can it have on your computer? How does it get there in the first place? How you can avoid installing it? And, crucially, how do you get rid of it? Please use this guide to remove Cosstminn ads and any associated malware.

What exactly is Cosstminn?

Cosstminn is a software program created to show you adverts when you're browsing or working online. And whilst that in itself doesn't sound too bad – after all, we're exposed to advertising pretty much constantly in our daily lives – adware isn't just a form of Internet marketing, it can actually make your user experience a real pain in the behind when you're using your computer. Not only that but it could be causing you real harm too. We'll see how shortly.

Here's an example of an "Powered by Cosstminn" ad displayed on a web page:


Things Cosstminn can do:
  • It is able to change your browser, your home page and your search engine so it can redirect your web searches to sites that the adware publisher wants you to visit. Often these are simply websites that are illegal or X rated.
  • It may be packaged with spyware, which is just as nasty as it sounds. Spyware monitors your Internet usage so that it can a) customize the adverts it shows you to appeal to you, and b) in a worst case scenario it will install something called a keylogger on your machine which will monitor and record everything you type. Naturally many of our online interactions are personal – from emails to friends, colleagues or loved ones to bank information, passwords and log in details.
  • In addition to this, all the extra components that Cosstminn adware (and possibly spyware) have installed on your machine, mean you may well find that your computer is running a whole lot slower than usual as the malware is ticking away behind the scenes and rigorously dialing home to tell the publisher what it has found out about you.
How did Cosstminn get on my PC?

In the majority of cases Costmin is packaged with freeware or shareware – for example, a TV show, some music or a game. This is how adware creators generate revenue that enables them to pay for the future development or distribution of their free programs. You may also be attacked by adware if you accidently visit a website that's been infected by it.

I want to protect myself against adware!

The best thing you can do to defend yourself against Cosstminn is to install decent anti-adware and anti-virus programs on your computer. You should also be selective about what you download and don’t get suckered in by dubious looking websites or programs that appear to be too good to be true!

Removing Cosstminn

Unfortunately Cosstminn is usually difficult to remove but if you have been targeted you need to run your anti-virus and anti-malware and they should spot and remove the adware. Run them twice or even three times to be sure however. If after rebooting your computer the adware is still appearing you will probably need to take your PC to a computer store or repair center and get it professionally cleaned by an IT expert.

If you have questions, please leave a comment down below. I will be more than happy to help you. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Cosstminn Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. As this infection is known to be installed by vulnerabilities in out-dated and insecure programs, it is strongly suggested that you use an automatic software update tool to scan for vulnerable programs on your computer.

3. Remove Cosstminn related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



4. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Cosstminn
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Cosstminn related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Cosstminn, LyricsSay-1, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.



If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Cosstminn related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Cosstminn, LyricsSay-1, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Cosstminn related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Read more