Thursday 31 October 2013

Remove "Ads by LyricsMonkey" Virus (Removal Guide)

Lyrics Monkey is a web browser add-on that modifies web pages by inserting ads labeled "Ads by LyricsMonkey". It may inject regular ads or deliver contextual based/inline advertising on websites that normally do not even display ads. Technically, it's the same adware as LyricsSay serving ads from the same web servers, for instance, dfs.pathdone.net. Even the same opt-out options apply but they may not work properly and you may still receive ads or popups while surfing the web. If your computer is infected with the "Ads by LyricsMonkey" virus, my advice would be to remove it instead of just simply opting out from the advertising network and leaving it on your computer. To do so, please follow the proper removal guide below.

Ads by LyricsMonkey

Once installed, this adware adds multiple Windows scheduled tasks in order to automatically start-up when Windows starts. The core file of this adware is LyricsMonkey-1.dll. This file has been detected as adware, PUP or even a generic Trojan horse by multiple anti-virus scanners, including Dr.Web, Symantec and TrendMicro. Too bad that only about 20% of antivirus scanners available on VirusTotal detected this file as malicious or at least potentially dangerous. Even though, it can not steal your passwords, lock your computer or delete files, it may display misleading ads and redirect you to dodgy sites 'pushing' questionable products or services. As an example, I could mention spyware add-ons, web browser hijackers and even fake security products. Needless to say, you can easily end up installing even more malware on your computer. Some of the ads I saw were very misleading, for instance one ad was saying that I need to update my Flash player and another one had a fake notification claiming that Windows updates are available. Adware creators are really creative but I think they've gone too far this time.

There's one more important aspect of Lyrics Monkey adware distribution - it's usually promoted via misleading Flash/Java update sites and software downloaders. Very often it comes with toolbars and browsers hijackers. If the malicious web browser extensions and BHOs were installed by a third party program, you may not uninstall it in Control Panel. In such case, you will have to remove web browser add-ons and malicious files manually. All the necessary information is available in the "Ads by LyricsMonkey" removal guide below. Even if you choose to remove this adware from your computer manually I still highly recommend scanning your PC with anti-malware software. As I said, very of it comes bundled with other malware and I don't think you should take the risk and leave other malicious or potentially dangerous software on your computer. If you have something to add about this nuisance, please leave a comment below. Stay safe folks!

Written by Michael Kaur, http://deletemalware.blogspot.com


Lyrics Monkey removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Lyrics Monkey and related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • LyricsMonkey
  • LyricsSay
  • LyricXeeker
  • DownloadTerms
  • HD-Plus
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove "Ads by LyricsMonkey" on Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove LyricsMonkey, LyricsSay, DownloadTerms, LyricXeeker, HD-Plus and other extensions that you do not recognize.


Remove "Ads by LyricsMonkey" on Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove LyricsMonkey, LyricsSay, DownloadTerms, LyricXeeker, HD-Plus and other extensions that you do not recognize.


Remove "Ads by LyricsMonkey" on Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Friday 25 October 2013

Remove dfd.pathci.net pop-up virus (Removal Guide)

Pop ups from dfd.pathci.net clearly indicate that your web browser has been hijacked by malicious browser extensions, for example LyricsSay, A2zLyrics, Nav-Links, etc. Any of these add-ons may display pop up advertisements and direct users to misleading products or services. It could be a website that participates in pay per install networks or simply a rogue registry cleaner. Very often users are redirected to fake Chrome/Firefox update websites or never ending fake Flash update pages. But sometimes, infected users may get a "recommended download" pop up that urges them to download who knows what, just like in this image below, you can't really know what kind of application is that.

dfd.pathci.net pop-up

Very misleading and potentially dangerous since you may end up with more adware and malware on your computer. So, if you are getting such pop ups my advice would be to close them immediately, follow the removal guide below and scan your system with anti-malware software.

Keep in mind that dfd.pathci.net is a sign of a more complex adware/PUP infection. Annoying pop ups may be the only visible evidence of malware infection but it goes without saying that they wouldn't even show up without adware and spyware modules. Cyber crooks may display irrelevant ads for some time but that would be a huge waste of traffic and very likely a terrible ROI. To avoid this, they use malicious web browser extensions that may access browsing data which is very valuable to them. They may then deliver more relevant pop up ads to you and maybe even generate some sales. Another interesing thing about this adware/PUP infection is the possibility to opt out from the advertising network. However, it remains unclear whether or not they stop spying on you when you opt-out. Anyway, don't take the risk, remove adware that causes dfd.pathci.net pop ups and run a full system scan with recommend anti-malware software. If you have any questions regarding this infection, please leave a comment below. Be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


dfd.pathci.net pop-up virus removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove dfd.pathci.net related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • LyricsSay
  • A2zLyrics
  • DownloadTerms
  • HD-Plus 3.5
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove dfd.pathci.net pop-ups from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove LyricsSay, DownloadTerms, A2zLyrics, HD-Plus 3.5 and other extensions that you do not recognize.




Remove dfd.pathci.net pop-ups from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove LyricsSay, DownloadTerms, A2zLyrics, HD-Plus 3.5 and other extensions that you do not recognize.




Remove dfd.pathci.net pop-ups from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Remove BatBrowse, removal guide

BatBrowse is an ad-supported application that uses web browser add-ons to display advertisements and coupons. It's yet another product of the authors of Yantoo adware, previously we wrote about BrowseFox which is basically the same thing as this one. This application injects advertisements, usually simple text ads above the Google search results and tries to redirect users to pay sites that generate revenue from the traffic they receive or sales they make. For this reason most anti-virus scanners detect it as adware or potentially unwanted software. However, Avira for example, detects it as TR/Downloader.Gen2. TrendMicro detects certain modules of this application as Trojan generic. As you can see, classification is not the same, but one thing is for sure: BatBrowse is malware.

Once installed, this malware will inject BatBrowse ads above the Google search results. They are relevant most of the time, but not always.

BatBrowse ads

It will also display BatBrowse deals popup on Amazon, Ebay, BestBuy and other online shops.

BatBrowse deals

Is it spyware? That's a good question. I think it is, sort of. Just take a look at chrome permissions that were granted for this extension:
  • Access your data on all websites
  • Access your tab and browsing activity
  • Manage your apps, extensions, and themes
BatBrowse chrome extension

Of course, it can't steal your passwords or see what you are typing but it clearly spies on you and tries to gather all the information that could be useful when delivering ads.

Where did it come from? It is often installed along with other applications such as codecs, software downloaders or toolbars. Even the most popular download websites can offer you to install this application because they usually do not see what they are offering. Such applications are loaded on the fly from third-party pay per install networks. And if they allow such apps to be distributed then you may get it as well, even from the most reputable sites, since they do not control those offers. The only thing you can and should do is report the malicious or potentially unwanted applications and hopefully the company that was pushing them will be banned from the advertising network.

In most cases BatBrowse can be removed from your computer the same way that you would uninstall any other program. The problem is however, that it may leave browser add-ons on your system. You may need to remove them manually. One more thing, this application often comes bundled with other adware. It would be best to scan your computer with anti-malware software. To remove this malware and related parasites from your computer, please follow the removal guide below. Be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


BatBrowse removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.





2. Remove BatBrowse application from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following BatBrowse 1.0.0.

BatBrowse application uninstall

If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove BatBrowse from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove the BatBrowse extension:




Remove BatBrowse from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to the BatBrowse extension.


Remove BatBrowse from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the BatBrowse browser add-on.

Wednesday 23 October 2013

Remove ads in lower left and right corner of your browser (Removal Guide)

If you spend any time on the internet (and let’s face it, most of us probably spend just a little bit too much time surfing the web) there is probably a high likelihood that you’ve come across pop-up windows before. And whilst not exactly as dangerous as a virus or Trojan (in most cases!) pop-ups can be intensely irritating. It can sometimes feel like you’re spending more time clicking the little ‘x’ in the corner of the pop up box to close it than you do actually working. Besides, sometimes there’s no way to close them.

For the most part pop-up windows are adverts and are trying to sell us something. Usually something we don’t want. But whilst the pop-up windows used by reputable companies and websites are normally safe, there can be others that are downright nasty. Scammers create malicious programs that display pop-up ads in either lower left hand corner or lower right hand corner of all your web browsers.

Here's an example of a pop up ad that showed up in the lower left hand corner of my browser when I was trying to download Avast antivirus. Obviously, it wasn't from Avast website and even though it had this small "hide ad" button it actually didn't work, when I clicked it I was simply redirected to a dodgy site.


And here's another one, clearly misleading, it tried to convince me that there's something I need to play or download.



Normally, we classify it as adware. And adware is very close to being classed as malware. Yes, you got it- malicious software. What this means is that while many pop-up ads have nothing more up their sleeve than trying to get you to part with your hard earned cash, the adware at the other end of the scale has slightly more sinister intentions. And when we say sinister we mean it! Malicious adware is able to install spyware on your system and will hijack your browser and steal your personal data. Popup ads that constantly show up in the lower left/right hand corner of your web browser clearly indicate that your computer has been infected by malware. By saying malware I mean adware and PUP (potentially unwanted software) that are usually installed as browser add-ons.

Pop-up ads are pretty much unmistakable. By their very nature, one minute they’re there and the next they’re not. They might appear when you move your cursor over something on a web page, they might ‘float’ across your screen, slowly slide up, they can also pop up from the bottom of the screen, or you might find yourself bombarded with numerous ads at any one time. However, pop up ads in the lower left hand corner of browser are by far the most popular. At least scammers use them most of the time which means they are quite effective. And if you use an ad blocker or similar software, it usually blocks the advertisement but leaves an empty popup box or a div whatever you may call it.

If one or more of these pop-ups has been created with the intent to cause harm, it will have the malware embedded in its coding. But, in a vicious circle type scenario, pop-ups are often appearing because your PC has already been infected with spyware. It’s hard to know where to turn isn’t it?

As with any form of malware or virus, prevention is better than cure and exercising caution is key. Here are the main ways of protecting yourself. Don’t close pop-up windows by clicking on them – this can trigger the malware. Don't open emails if you don’t know the sender. And NEVER click on a link in an email - no matter how tempting it looks. Consign dodgy looking messages that look like spam to your deleted folder. If something looks too good to be true – it probably is! Honestly, you’re not going to be the lucky 2000th person to click that link and win $500.

If you thought you’d deleted malware that caused unwanted pop up ads in left/right corner of all web browsers, and got rid of it for good but it’s suddenly returned then it sounds as if your browser has been hijacked. In which case you could be inadvertently doing something that is allowing it to return. Or it could be that malicious software was properly removed from your computer. So, to get rid of ads in lower left/right hand corner of your browser, please follow the removal guide below.

Browser hijacking is also a form of malware which you probably unknowingly installed yourself. Basically the hijack is exactly as the name suggests; once it’s been downloaded it will ‘hijack’ your browser by directing your web searches to pages of its own choosing or infiltrates the search results page and adds links to adverts. It doesn’t matter where you click – you will only see what the hijacker wants you to.

If you did manage to get rid of the malware once it sounds like the protection you have on your computer is no longer adequate. You could try installing recommend anti-malware program which is very good at trapping unwanted internet parasites that some of the other anti-virus tools fail to spot.

Written by Michael Kaur, http://deletemalware.blogspot.com


Ads in lower left/right hand corner of browser removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove adware applications from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Nav-Links
  • LyricsSay
  • LyricXeeker
  • DownloadTerms
  • HD-Plus
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove ads in lower left/right hand corner in Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove LyricsSay, DownloadTerms, LyricXeeker, HD-Plus and other extensions that you do not recognize.




Remove ads in lower left/right hand corner in Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove LyricsSay, DownloadTerms, LyricXeeker, HD-Plus and other extensions that you do not recognize.




Remove ads in lower left/right hand corner in Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Saturday 19 October 2013

Proper Removal of Start.qone8.com Browser Hijacker (Uninstall Guide)

Start.qone8.com is a browser hijacker that will show up every time you launch your web browser. It will change your home page and default search engine provider. This browser hijacker will also modify web browser shortcuts for Chrome, Firefox and Internet Explorer by adding additional parameters. Even though, Qone8 is more annoying that malicious, it's still something that you probably didn't ask for, so it would be in your best interests to have it removed. Besides, if your browser has been hijacked then there's a good chance that you've installed adware/spyware on your computer as well.


Most of the Qone8 installations come from Desk 365, Omiga-Plus, SoftStud and GoPlayer installs or updates. All these applications are already detected as adware, PUP or suspicious, for instance, Packed/PECompact, Win32:Adware-gen [Adw], a variant of Win32/ELEX.B, or even a Trojan.Win32.Generic!BT. However, no more than ten antivirus scanners detect this adware, so other scanners have still plenty of room for improvement. There is another browser hijacker called Qvo6 in the wild which may or may not surprise you was created by the same company as start.qone8.com, both apps are even hosted on the same servers and promoted in the same way. What is more, this browser hijacker is being promoted with software installers such as RocketFuel and InstallBrain, so you may get this "offer" while downloading other programs that I've mentioned above. Basically, you must pay attention when accepting shady offers from third-party programs. One interesting fact is that creators of start.qone8.com are planing to replace it with another browser hijacker isearch.omiga-plus.com by the end of November. We will see about that. Meanwhile, Qone8.com has a steady traffic coming from Brazil, Italy, France and other countries in South America and Europe.

Why would someone want to hijack your web browser? They simply want to know what you search for and display a few misleading ads on your home page. That's it. They may sell all that information to advertisers or it might be used to deliver more relevant ads to you. One way or another, this isn't something most users are looking for.

In order to permanently remove start.qone8.com from your computer you will have to uninstall a few related applications and web browser extensions first, usually "Extended Protection" and "Lightning Newtab". These extensions may reinstall qone8 on your computer and I'm sure you don't want that. One more thing, there is a lot of incorrect information floating around about this browser hijacker, for example, some users say it's a redirection virus. That's not a virus. It's a malicious browser hijacker that may display ads on your computer. That's it. If there's anything you think I should add or correct, please let me know. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Start.qone8.com removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.





2. Uninstall Qone8 and related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove:
  • Wsys Control
  • eSave Security Control
  • Desk 365
  • Omiga-Plus
  • Extended Protection
As I said earlier, this application is never listed as Qone8 in the currently installed programs list. So, either look for applications mentioned here or try to remember what software you installed recently. It's probably the culprit.



Simply select the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.


Remove Start.qone8.com from Google Chrome:

1. Click on Customize and control Google Chrome icon. Select Settings.




2. Click Set pages under the On startup.


Remove Qone8.com by clicking the "X" mark as shown in the image below.



3. Click Show Home button under Appearance. Then click Change.



Select Use the New Tab page and click OK to save changes.



4. Click Manage search engines button under Search.



Select Google or any other search engine you like from the list and make it your default search engine provider.



Select Qone8 from the list and remove it by clicking the "X" mark as shown in the image below.



5. Right-click the Google Chrome shortcut you are using to open your web browser and select Properties.

6. Select Shortcut tab and remove "http://start.qone8.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Chrome executable file.




Remove Start.qone8.com from Mozilla Firefox:

1. Open Mozilla Firefox. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: qone8



Now, you should see all the preferences that were changed by Qone8. Right-click on the preference and select Reset to restore default value. Reset all found preferences!



4. Right-click the Mozilla Firefox shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://start.qone8.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Firefox executable file.




Remove Start.qone8.com in Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons.



2. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).



3. Select Qone8 and click Remove to remove it. Close the window.



4. Right-click the Internet Explorer shortcut you are using to open your web browser and select Properties.

5. Select Shortcut tab and remove "http://start.qone8.com...." from the Target field and click OK to save changes. Basically, there should be only the path to Internet Explorer executable file.



6. Finally, go to ToolsInternet Options and restore your home page to default. That's it!