Thursday, 18 August 2011

Remove (Uninstall Guide) is a browser hijacker that redirects users to various misleading websites or blank pages whenever they search anything on Google, Bing, or Yahoo search providers and click on any of the result links. Many people have experienced this problem which is otherwise defined as the goingonearth redirect virus. So, if you are experiencing the same problem, your computer is probably infected with a rootkit and you can't be that sure if it's something else combined with this rootkit. is classified as dangerous website mostly because of annoying redirects, but the rootkit and trojan droppers come from other websites. It could be a drive-by download, infected email attachment or a malicious website.

The rootkit evolves just like any other type of malware. The latest version runs a hidden scheduled tasks, loads hidden DLLs from Windows system directory and modifies Windows registry to execute the tasks. What is more, it may disable Windows security center and your ant-virus software. It affects Internet Explorer, Mozilla Firefox, Google Chrome and other web browsers. Re-installing your web browser won't help. The virus is not in your web browser but in your computer. There are no malicious BHOs or add-ons that should be removed from your web browser. Most antivirus programs detect trojans and/or other associated malware but unfortunately leave the main DLLs of the rootkit. To remove the rootkit from your computer and stop frustrating redirects, please follow the steps in the removal guide below. If you have any questions, please leave a comment below. Good luck and be safe online! web browser hijacker and associated malware removal instructions:

1. Scan your computer with TDSSKiller and ZeroAccess rootkit removal tool.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. Run CCleaner to remove temporarily and unnecessary files from your computer.
4. Flush DNS cache.

Go to Start->Run (or WinKey+R) and type in "cmd" without quotes.

In a new window please type "ipconfig /flushdns" without quotes and hit Enter. And that's it!

5. If the problem persists, please read this web document and follow the steps carefully:

Manual removal guide:

1. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

2. Reboot your computer is "Safe Mode". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press Enter key. Read more detailed instructions here:

3. Delete the following files:
  • C:\Documents and Settings\All Users\Application Data\mazuki.dll
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
  • C:\Documents and Settings\[UserName]\Application Data\.#
  • C:\Windows\System\BCBSMP35.BPL
  • C:\Windows\system32\sstray.exe
  • C:\Windows\system32\cero6.dll
  • C:\Windows\XSxS
4. Open Windows Registry editor. Search and remove everything related to Gjtquun. There should be a couple of keys that execute Gjtquun.
5. Go back to Normal Mode and scan your computer with anti-malware software.

Share this information with your friends:

No comments:

Post a Comment