This is an examination of an awfully annoying hijacker known as Araby Online which inserts arabyonline.com URL value for custom browser settings without user consent. In particular, the entry includes the description of possible infection paths, main symptoms, and removal instructions.
The adware whose analysis is to be provided here reflects the Arabic take on browser compromising. Both the ArabyOnline hijacker itself and its landing pages are very out-of-the-ordinary for the Western users who for some reason are a target audience to the authors of the virus under consideration. Literally everything is eye-catching there: starting from the app’s obtrusiveness – all the way to site design. The onset of this adware on a PC is not a matter of manual installation on the user’s end, because this honest and straightforward path is unacceptable in the context of spreading a malicious cyber entity; no sane person wants to get a nuisance like this. Instead, the payload is always part of some other software, mostly freeware, whose setup wizard contains little to no indication that an additional item is there as well.
Not relying on user approval when getting installed, ArabyOnline similarly ignores authorization when changing the way Chrome, Firefox and Internet Explorer are configured. The adware program adds an extension to each one of these browsers if detected on the affected machine. Then this malicious cross-browser add-on immediately alters the values for homepage, default search engine, and new tab page. As a result, the victim will be recurrently ending up on ArabyOnline.com (see snapshot above).
It’s obvious from the way the page looks that it’s extremely graphics-heavy and non-intuitive for the average user. Not only is it all Arabic language-wise, it’s also got other weird specificities such as the search text typing direction (right to left) as well as the abundance of ads, in which component this adware outperforms all of its counterparts we’ve seen by now. Furthermore, simply placing the cursor in the search field will trigger a few new browser windows in the background. It’s therefore clear that online advertising is the main thing this virus is after, but the infected users go nuts because of the accompanying browsing terror.
Getting rid of the ArabyOnline adware is tougher than just toggling some preferences for the compromised web browsers. It takes more complex measures for the cleanup to go smooth and efficient.
Automatic removal of ArabyOnline virus
When it comes to handling infections like this one, using a reputable cleaning tool is the place to start. Sticking to this workflow ensures that every component of the adware gets found and eradicated from the affected computer.
1. Download and install the cleaning tool and click the Start Computer Scan button Download ArabyOnline removal tool
2. The wait is worth it. Once the scan completes, you will see a report listing all malicious or potentially unwanted objects detected on your PC. Go ahead and click the Fix Threats option in order to get ArabyOnline hijacker automatically uninstalled from your machine along with all of its modules. This being done, you should be good to go.
Uninstall ArabyOnline through Control Panel
- From your Windows menu, go to Control Panel. Select Add or Remove Programs (for Windows XP / Windows 8) or Uninstall a program (Windows Vista / Windows 7)
- Find ArabyOnline on the list. If it’s nowhere to be found, look for multimedia related programs (e.g. Flash Enhancer) or other odd-looking apps you remember to have installed lately. Select the suspicious one and click Uninstall/Change
Remove ArabyOnline from web browsers manually
The workflow covered below is intended to undo all changes that the ArabyOnline virus made to Chrome, Firefox and Internet Explorer. Be advised there’s some collateral inconvenience you will encounter, namely the loss of all installed add-ons and personalized information (saved passwords, cached data, bookmarks and other content).
Remove ArabyOnline in Chrome1. Uninstall the ArabyOnline extension
- Click the Chrome menu icon and select More tools > Extensions
- Find the add-on associated with ArabyOnline and click the trash bin next to the bad entry
- Go back to Chrome menu and select Settings
- Go to On startup sub-section and activate the Open a specific page or set of pages option. Also, click Set pages
- Locate the ArabyOnline entry under Startup pages and hit X button next to it
Remove ArabyOnline in Firefox1. Eliminate the respective add-on
- In Firefox, go to Tools > Add-ons
- Hit the Extensions tab and locate ArabyOnline on the list. Click Remove to get rid of it
- Click the magnifying glass icon in Firefox search box and select Change Search Settings
- Select the search engine to use by default and hit OK to save the changes
removal from Internet Explorer
- Open IE. Go to Tools > Manage Add-ons
- Select Toolbars and Extensions in the navigation pane, locate the items related to ArabyOnline, including the ArabyOnline API, right-click each one select Remove in the context menu
- Restart IE and check for symptoms of the infection. If the ArabyOnline ads are not appearing anymore, then no further action is required. If the adware is still there, proceed to the steps below
- Go to Tools > Internet Options
- Hit the Advanced tab and click Reset
- Make sure the Delete personal settings option on the Reset Internet Explorer Settings dialog is ticked and click Reset
- Restart Internet Explorer for the changes to take effect
Did the problem go away? Check and see
Computer threats like the ArabyOnline virus can be stealthier than you can imagine, skillfully obfuscating their components inside a compromised computer to evade removal. Therefore, by running an additional security scan you will dot the i’s and cross the t’s in terms of the cleanup.