Table of Contents
It’s hugely annoying to be faced with a computer infection like the go.mail.ru virus, which reroutes the browser to the unwanted site without permission.
What is the go.mail.ru virus?
Many web services bump into an ethical dilemma at some point of their evolution. It comes down to choosing which promotion mechanism to favor: aggressive or entirely unobtrusive one. Some providers manage to strike a balance, but quite a few end up literally forcing people to use whatever they have to offer. The go.mail.ru virus is a prime example of the overly straightforward marketing that’s gaining momentum these days. This malicious application is pushing the Internet search feature affiliated with mail.ru, one of the most popular webmail services Russia. The problem is, many users from outside that country have been reporting instances of browser hijacking, with go.mail.ru being the landing page. Even in the case of Russian-speaking audience, numerous victims’ online surfing is forwarded to said site without any sort of obvious authorization.
Here’s the deal: the search engine in question is legitimate and probably shouldn’t be blamed for defiantly taking over web browsers. However, there are individuals driving traffic to it in a shady way. What for? Most likely to get paid by interested parties, perhaps including go.mail.ru itself. When a ‘classic’ browser hijack like this occurs, the infected user’s web navigation is first routed through a number of interstitial domains and only then arrives at the ostensibly safe and reputable spot. Every such imperceptible hit is recorded within a dodgy monetization framework, and the virus authors rake in the profits while diminishing the victims’ browsing experience.
Although the go.mail.ru virus gets around users’ consent in terms of changing certain system settings, its infiltration into a PC is always a matter of the would-be victim opting for something. The decision tends to be an uninformed one, though. The typical contamination scenario is about a bundling maneuver, where a piece of safe software is installed in conjunction with the culprit. No details regarding the combo are mentioned in the default setup screens, which explains why lots of people are unaware of the drive-by malware. When inside and running, the unwelcome code goes stubborn on the host by adding a scheduled task that re-executes the bad binary if terminated by the user. The active phase of the attack involves a replacement of browser preferences with go.mail.ru. The settings that are subject to this tweaking include the preferred search engine and default homepage.
Therefore, the victim will visit the Russian site whenever they enter keywords in the omnibox or simply launch Chrome, Firefox, or Internet Explorer. This, clearly, isn’t the way web surfing should work, therefore removing the malware is on the agenda of anyone infected. Luckily, the cleanup process isn’t too complicated – see below for details.
Automatic removal of go.mail.ru search engine virus
When it comes to handling infections like this one, using a reputable cleaning tool is the place to start. Sticking to this workflow ensures that every component of the adware gets found and eradicated from the affected computer.
1. Download and install the cleaning tool and click the Start Computer Scan button Download Go.mail.ru removal tool
2. The wait is worth it. Once the scan completes, you will see a report listing all malicious or potentially unwanted objects detected on your PC. Go ahead and click the Fix Threats option in order to get Go.mail.ru redirect automatically uninstalled from your machine along with all of its modules. This being done, you should be good to go.
Uninstall Go.mail.ru through Control Panel
- From your Windows menu, go to Control Panel. Select Add or Remove Programs (for Windows XP / Windows 8) or Uninstall a program (Windows Vista / Windows 7)
- Find Go.mail.ru on the list. If it’s nowhere to be found, look for multimedia related programs (e.g. Flash Enhancer) or other odd-looking apps you remember to have installed lately. Select the suspicious one and click Uninstall/Change
Remove go.mail.ru redirect virus from web browsers manually
The workflow covered below is intended to undo all changes that the Go.mail.ru virus made to Chrome, Firefox and Internet Explorer. The fix includes several steps: removing the malicious extension; and (if the previous action turned out inefficient) resetting the browser. Be advised there’s some collateral inconvenience you will encounter in the latter case, namely the loss of all installed add-ons and personalized information (saved passwords, cached data, bookmarks and other content).
Remove Go.mail.ru in Chrome1. Uninstall the Go.mail.ru extension
- Click the Chrome menu icon and select More tools > Extensions
- Find the add-on associated with Go.mail.ru and click the trash bin next to the bad entry
- Go back to Chrome menu and select Settings
- Go to On startup sub-section and activate the Open a specific page or set of pages option. Also, click Set pages
- Locate the Go.mail.ru entry under Startup pages and hit X button next to it
Remove Go.mail.ru in Firefox1. Eliminate the respective add-on
- In Firefox, go to Tools > Add-ons
- Hit the Extensions tab and locate Go.mail.ru on the list. Click Remove to get rid of it
- Click the magnifying glass icon in Firefox search box and select Change Search Settings
- Select the search engine to use by default and hit OK to save the changes
removal from Internet Explorer
- Open IE. Go to Tools > Manage Add-ons
- Select Toolbars and Extensions in the navigation pane, locate the items related to Go.mail.ru, including the Go.mail.ru API, right-click each one select Remove in the context menu
- Restart IE and check for symptoms of the infection. If the Go.mail.ru ads are not appearing anymore, then no further action is required. If the adware is still there, proceed to the steps below
- Go to Tools > Internet Options
- Hit the Advanced tab and click Reset
- Make sure the Delete personal settings option on the Reset Internet Explorer Settings dialog is ticked and click Reset
- Restart Internet Explorer for the changes to take effect
Did the problem go away? Check and see
Computer threats like the Go.mail.ru virus can be stealthier than you can imagine, skillfully obfuscating their components inside a compromised computer to evade removal. Therefore, by running an additional security scan you will dot the i’s and cross the t’s in terms of the cleanup.