Friday, 25 January 2013

Remove Snap.do

A concerned reader asks: 'Snap.do has hijacked my web browser. Is it safe? How do I get rid of it?' Here's what you need to know about this so-called Snap.do hijacker malware.

Snap.do is a browser help object. Authors of this web browser plug-in say that they want to enhance your web browser and simplify the way you search the web, share favorite information, work or even play. Sounds good, right? It seems that they really care and want to help you. But hold your horses, Jack! :) Things are often not what they seem to be and that's particularly true for snap.do web browser hijacker. It comes with a cost and the main question is: are you willing to pay the price?



First of all, snap.do and some other Resoft products are considered to be potentially harmful or even malicious, not to mention how annoying they can be. For example, TrendMicro, an antivirus company, classifies snap.do toolbar as spyware and web browser hijacker and they have a good reason for that. According to Resoft privacy policy, their products, including snap.do collect the following information:
1. The Internet domain and IP address from which you access the Resoft Products;
2. Screen resolution of your monitor;
3. The date and time you access the Resoft Products;
4. The page you are visiting with the Resoft Products
5. If you linked to a Resoft website from another referring website, the address of that website.
By using the Resoft Products, you are consenting to have your personal data transferred to and processed both within and without the United States of America
Typically, snap.do installs itself as a web browser toolbar (BHO) but it may be installed with additional functionalities as well. This browser helper object can be downloaded from its official website and may also arrive bundled with other software, usually freeware. We haven't seen any questionable routines or drive-by downloads that might be related to malicious software and snap.do. What's interesting, though, installers downloaded from free video streaming sites and other shady or rogue websites are very aggressive and even if users made sure that the check boxes asking to install add-ons were disabled, snap.do virus was still installed on their computers.

Snap.do works on all major web browsers: Google Chrome, Mozilla Firefox and Internet Explorer. It doesn't work on Windows XP. Installer simply fails to initialize properly. So, XP users are safe. Once installed, Snap.do hijacker modified various web browsers' settings. It changes home page to http://feed.helperbar.com and adds additional search engine provider which redirects users to http://search.snap.do. Each time user opens a new tab the web browser goes to http://search.snap.do instead of blank page, Google or any other website of your choice.

Snap.do removal can be a really challenging task, especially when it comes bundled with other software. Even though, snap.do authors ensure that it can be uninstall from a computer very easily, using the program's own normal uninstallation process, but that's not quite true. It leaves so many modified web browser settings and Windows registry keys and you can't ignore them because they simply change the way you use your web browser. For example, even if you removed Snap.do via Control Panel, modified search engine settings remain untouched. As a result, searching directly from web browser address bar returns results from http://search.snap.do rather than Google. By the way, the plug-in modifies Windows registry and enables its automatic execution at every system start-up. What is more, snap.do infection may cause your web browser to stop working.

To remove snap.do from your computer, please follow the removal instructions below. It will show you how to remove this browser hijacker in Mozilla Firefox, Google Chrome and Internet Explorer. Make sure to uninstall snap.do via Control Panel first and only then proceed to the next steps, unless of course it's not listed there. Have you been hijacked by Snap.do? Post your comment or question below. Good luck and be save online!


Snap.do removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.





2. Go to the Start Menu. Select Control PanelUninstall a Program.





3. Search for Snap.do in the list. Select the program and click Uninstall button to uninstall it.



It will prompt you to close all web browsers before uninstalling Snap.do. Please click Yes to continue.

Then, it will ask you if you want to change your home page and default search provider to the old settings. Please click Yes.


Remove Snap.do in Google Chrome:

1. Click on Customize and control Google Chrome icon. Go to ToolsSettings.



2. Click Set pages under the On startup.


Remove feed.snap.do by clicking the "X" mark as shown in the image below.



3. Click Show Home button under Appearance. Then click Change.



Enter http://www.google.com instead of feed.snap.do and click OK to save changes.



4. Click Manager search engines button under Search.



Select Google or any other search engine you like from the list and make it your default search engine provider.



Select Web (search.snap.do) from the list and remove it by clicking the "X" mark as shown in the image below.



That's it!


Remove Snap.do in Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Remove Snap.do extension. Close the window.



3. Click on the Snap.do search icon as shown in the image below and select Manage Search Engines....



4. Choose Web Search (Snap.do) from the list and click Remove to remove it. Click OK to save changes.



5. Go to ToolsOptions. Under the General tab reset the startup homepage or change it to google.com, etc.



6. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the filter at the top, type: snap.do



Now, you should see all the preferences that were changed by Snap.do extension. Right-click on the preference and select Reset to restore default value. Reset all found preferences!



That's it!


Remove Snap.do in Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Bing or Live Search search engine and make it your default web search provider (Set as default).



3. Select Web Search (search.snap.do) and click Remove to remove it. Close the window.



4. Go to ToolsInternet Options. Select General tab and click Use default button or enter your own website, e.g. google.com instead of http://feed.snap.do. Click OK to save the changes. And that's about it for Internet Explorer.



If you did everything correctly, the Snap.do search hijacker should be completely uninstalled from your computer. However, if it still shows up, you will have to modify or remove certain Windows registry keys. They are listed below.

First, you have to open Windows Registry Editor. Simply search for regedit and run it as administrator.

Once there, navigate to, and delete the following Windows registry keys:
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main → delete "Search Bar"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search → delete "Default_Search_URL"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search → delete "SearchAssistant"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl → delete "Default"
Then, navigate to, and modify the following Windows registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Right-click the "Search Page" key and select Modify. Change key value data to: http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Right-click the "URL" key and select Modify. Change key value data to:
http://www.bing.com/search?q={searchTerms}

Share this information:

No comments:

Post a Comment