Remove search engine virus from Chrome, Firefox and IE

It’s hugely annoying to be faced with a computer infection like the virus, which reroutes the browser to the unwanted site without permission.

What is the virus?

Many web services bump into an ethical dilemma at some point of their evolution. It comes down to choosing which promotion mechanism to favor: aggressive or entirely unobtrusive one. Some providers manage to strike a balance, but quite a few end up literally forcing people to use whatever they have to offer. The virus is a prime example of the overly straightforward marketing that’s gaining momentum these days. This malicious application is pushing the Internet search feature affiliated with, one of the most popular webmail services Russia. The problem is, many users from outside that country have been reporting instances of browser hijacking, with being the landing page. Even in the case of Russian-speaking audience, numerous victims’ online surfing is forwarded to said site without any sort of obvious authorization.

The victims keep visiting as a result of browser redirect activity
The victims keep visiting as a result of browser redirect activity

Here’s the deal: the search engine in question is legitimate and probably shouldn’t be blamed for defiantly taking over web browsers. However, there are individuals driving traffic to it in a shady way. What for? Most likely to get paid by interested parties, perhaps including itself. When a ‘classic’ browser hijack like this occurs, the infected user’s web navigation is first routed through a number of interstitial domains and only then arrives at the ostensibly safe and reputable spot. Every such imperceptible hit is recorded within a dodgy monetization framework, and the virus authors rake in the profits while diminishing the victims’ browsing experience.

Although the virus gets around users’ consent in terms of changing certain system settings, its infiltration into a PC is always a matter of the would-be victim opting for something. The decision tends to be an uninformed one, though. The typical contamination scenario is about a bundling maneuver, where a piece of safe software is installed in conjunction with the culprit. No details regarding the combo are mentioned in the default setup screens, which explains why lots of people are unaware of the drive-by malware. When inside and running, the unwelcome code goes stubborn on the host by adding a scheduled task that re-executes the bad binary if terminated by the user. The active phase of the attack involves a replacement of browser preferences with The settings that are subject to this tweaking include the preferred search engine and default homepage.

Therefore, the victim will visit the Russian site whenever they enter keywords in the omnibox or simply launch Chrome, Firefox, or Internet Explorer. This, clearly, isn’t the way web surfing should work, therefore removing the malware is on the agenda of anyone infected. Luckily, the cleanup process isn’t too complicated – see below for details.

Automatic removal of search engine virus

When it comes to handling infections like this one, using a reputable cleaning tool is the place to start. Sticking to this workflow ensures that every component of the adware gets found and eradicated from the affected computer.

1. Download and install the cleaning tool and click the Start Computer Scan button Download removal tool

2. The wait is worth it. Once the scan completes, you will see a report listing all malicious or potentially unwanted objects detected on your PC. Go ahead and click the Fix Threats option in order to get redirect automatically uninstalled from your machine along with all of its modules. This being done, you should be good to go.

Uninstall through Control Panel

  • From your Windows menu, go to Control Panel. Select Add or Remove Programs (for Windows XP / Windows 8) or Uninstall a program (Windows Vista / Windows 7) Uninstall a program
  • Find on the list. If it’s nowhere to be found, look for multimedia related programs (e.g. Flash Enhancer) or other odd-looking apps you remember to have installed lately. Select the suspicious one and click Uninstall/Change Uninstall related software

Remove redirect virus from web browsers manually

The workflow covered below is intended to undo all changes that the virus made to Chrome, Firefox and Internet Explorer. The fix includes several steps: removing the malicious extension; and (if the previous action turned out inefficient) resetting the browser. Be advised there’s some collateral inconvenience you will encounter in the latter case, namely the loss of all installed add-ons and personalized information (saved passwords, cached data, bookmarks and other content).

Remove in Chrome

1. Uninstall the extension
  • Click the Chrome menu icon and select More tools > Extensions Access Chrome Extensions interface
  • Find the add-on associated with and click the trash bin next to the bad entry Trash the add-on
2. Restore homepage defaults
  • Go back to Chrome menu and select Settings Go to Settings screen
  • Go to On startup sub-section and activate the Open a specific page or set of pages option. Also, click Set pages Set pages button
  • Locate the entry under Startup pages and hit X button next to it Remove from Startup pages
3. Restore correct search preferences
  • Proceed to Manage search engines and select the service you prefer to use Eliminate malicious search provider and select preferred one in Chrome
4. Restart Google Chrome

Remove in Firefox

1. Eliminate the respective add-on
  • In Firefox, go to Tools > Add-ons Go to Firefox Add-ons screen
  • Hit the Extensions tab and locate on the list. Click Remove to get rid of it
2. Fix the homepage settings
  • Go to Tools > Options Open up Firefox Options
  • Hit the General tab and click Restore to Default (see image below) Restore home page in Firefox
3. Set the preferred search provider
  • Click the magnifying glass icon in Firefox search box and select Change Search Settings Select the Change Search Settings option
  • Select the search engine to use by default and hit OK to save the changes Select default search engine in Firefox
4. Restart Mozilla Firefox

removal from Internet Explorer

  • Open IE. Go to Tools > Manage Add-ons Manage Add-ons entry in IE
  • Select Toolbars and Extensions in the navigation pane, locate the items related to, including the API, right-click each one select Remove in the context menu Remove  from IE Toolbars and Extensions list
  • Restart IE and check for symptoms of the infection. If the ads are not appearing anymore, then no further action is required. If the adware is still there, proceed to the steps below
  • Go to Tools > Internet Options Reset Internet Explorer 1
  • Hit the Advanced tab and click Reset Reset Internet Explorer 2
  • Make sure the Delete personal settings option on the Reset Internet Explorer Settings dialog is ticked and click Reset Reset Internet Explorer 3
  • Restart Internet Explorer for the changes to take effect

Did the problem go away? Check and see

Computer threats like the virus can be stealthier than you can imagine, skillfully obfuscating their components inside a compromised computer to evade removal. Therefore, by running an additional security scan you will dot the i’s and cross the t’s in terms of the cleanup.

Download virus scanner and remover

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.