The rootkit evolves just like any other type of malware. The latest version runs a hidden scheduled tasks, loads hidden DLLs from Windows system directory and modifies Windows registry to execute the tasks. What is more, it may disable Windows security center and your ant-virus software. It affects Internet Explorer, Mozilla Firefox, Google Chrome and other web browsers. Re-installing your web browser won't help. The virus is not in your web browser but in your computer. There are no malicious BHOs or add-ons that should be removed from your web browser. Most antivirus programs detect trojans and/or other associated malware but unfortunately leave the main DLLs of the rootkit. To remove the rootkit from your computer and stop frustrating goingonearth.com redirects, please follow the steps in the removal guide below. If you have any questions, please leave a comment below. Good luck and be safe online!
Goingonearth.com web browser hijacker and associated malware removal instructions:
1. Scan your computer with TDSSKiller and ZeroAccess rootkit removal tool.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. Run CCleaner to remove temporarily and unnecessary files from your computer.
4. Flush DNS cache.
Go to Start->Run (or WinKey+R) and type in "cmd" without quotes.
In a new window please type "ipconfig /flushdns" without quotes and hit Enter. And that's it!
5. If the problem persists, please read this web document and follow the steps carefully: http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
Manual removal guide:
1. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.
2. Reboot your computer is "Safe Mode". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
3. Delete the following files:
- C:\Documents and Settings\All Users\Application Data\mazuki.dll
- C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
- C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
- C:\Documents and Settings\[UserName]\Application Data\.#
- C:\Windows\System\BCBSMP35.BPL
- C:\Windows\system32\sstray.exe
- C:\Windows\system32\cero6.dll
- C:\Windows\XSxS
5. Go back to Normal Mode and scan your computer with anti-malware software.
Share this information with your friends:
No comments:
Post a Comment