What is DefaultTabSearch.exe and how to remove it?

DefaultTabSearch.exe - Default Tab by Search Results, LLC

What is defaulttabsearch.exe?

DefaultTabSearch.exe is a part of the Default Tab PUP/Adware. It's not essential for Windows and may cause problems, for example slow down your computer. Most users agree that it's also bad for the browsing experience. It replaces default Chrome, Firefox or any other web browser tab with its own which is basically a fake imitation of Google page. So, if you open a new tab off of Google for instance, you will get a modified tab called Default Tab. The name it's kinda misleading, isn't it? This application comes bundled with freeware, software downloaders and sometimes even crapware. This is probably the reason why McAfee and other antivirus programs block it saying that a Trojan Horse had been detected. Last, but not least, many users need assistance in removing it which isn't a sing of a good product. I recommend you to remove defaulttabsearch.exe from your computer.

File name: defaulttabsearch.exe
Publisher: Search Results, LLC
File Location Windows XP: C:\Program Files\DefaultTab\DefaultTabSearch.exe
File Location Windows 7: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Startup file: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 'Default Tab'

Skype virus: "this is a very nice photo of you" removal guide

If you received a message from a friend saying: "this is a very nice photo of you" accompanied by a link (see image below) then your friend's computer is infected with malware. And if someone says that you're sending such messages to your friends then I'm afraid your computer is infected as well.

Updated (25/5/2013): It seems that more than a half of infected users are from Latin America. The virus is actually more sophisticated that I thought - it sends geo-targeted messages which is why its speed of propagation is above average. Users from Latin America usually get the same message in Spanish: "esta es una foto muy amable de tu parte". I'm sure users from other countries get the fake messages in their native languages as well, for example "Dies ist ein sehr schönes Foto von dir" in German.

If clicked the link leads to a website which offers web storage space. It's a popular and safe site that is misused by cyber criminals to hide their illegal activity. So, even if the file comes from what you think is a safe site, please scan the file with your antivirus software before opening it. Or even better, upload it to virustotal.com. Besides, you can't really tell the exact file extension from the link. It looks like an image file but it actually isn't. It's a zip file containing a malicious executable program.

The malicious file is detected as BackDoor.IRC.NgrBot.42 (DrWeb), a variant of Win32/Kryptik.BBHQ (ESET-NOD32) and Trojan.FakeMS (Malwarebytes). Most anti-malware programs detect this virus as ransomware. The detection rate on VirusTotal is low. Once installed, it may download different modules, for example password stealing module or a BitCoinMiner. One way or another, it will either steal your passwords or CPU power. Of course, it will keep sending malicious links to you friends, that's the whole point - to infect as many PCs as possible. The virus is launched each time the PC starts from the AppData folder. You can find the file and remove it manually, however, to completely remove this is a very nice photo of you" Skype virus, you will have to install an anti-malware software. It's a harmful infection that is spreading malware and spyware modules, needles to say they have to be removed from the system as well. Social engineering works really well in this case. Very often, such Skype spam virus links receive thousands of clicks per hour. Remember to always keep your antivirus software updates, otherwise it's useless, as new infections appear each day. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

---

Removal instructions:

1. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

2. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.



3. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.

BrowserProtect.exe: What you need to know, how to remove it

BrowserProtect.exe - Application Manager by PerformerSoft LLC

What is browserprotect.exe?

Browserprotect.exe is a part of the Application Manager by PerformerSoft LLC. It was originally developed by Bit89 Inc. First thing to note is that browserprotect.exe is not a technically a virus or malware, it's a potentially unwanted program (PUP). Avast, for example, detects this application as PUP.bProtector. Other antivirus programs detect it as a Trojan. It's a thin line actually but I would say it's a Trojan because it doesn't work as a backdoor and it doesn't steal passwords, etc. Once installed, this application changes default search engine and home pages in all major web browsers. BrowserProtect.exe*32 (Windows 8) protects those settings from changes. In other words, it may be difficult to change your home page or search engine provider, even it's Google or Bing. Some users notice that after they picked up this application their computers became sluggish. It may be associated with adware as well. Sometimes when uninstalling this application users get the following notification: 'browserprotect.exe has stopped working'. You may cause other problems too. All in all, it will do more harm than good, so I suggest you to remove browserprotect.exe from your computer.

File name: browserprotect.exe
Publisher: PerformerSoft LLC
File Location Windows XP: C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\[]\BrowserProtect.exe
File Location Windows 7: C:\ProgramData\BrowserProtect\2.6.1095.52\[]\BrowserProtect.exe
Startup file: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 'BrowserProtect'

Remove dnsbasic.com (Uninstall Guide)

If your computer defaults to dnsbasic.com when you search through the address bar then you probably installed an application recently which may have also installed adware and this browser hijacker. As if we honest PC users didn’t have enough to watch out for such as spyware, malware, Trojan horses and rogue anti-virus software we also need to be on our toes and keep an eye out for dnsbasic browser hijacker. Whether you’ve heard of this or not, read on as we tell you a little more about what it is and how to remove it from your computer.

Firstly, let’s take a look at what browser hijacking means: your browser is either the home page that you see when you log on to your computer or the search engine that you use (Google, Bing or Yahoo for example). Fairly self-explanatory; hijacking means the same as it does in the regular definition of the word: it is taking something over by force – so in this case, it is your computer’s browser that has been taken hostage. It overrides existing search settings and changes the default search providers in all web browsers. DnsBasic.com even creates a process which runs in the background of your computer and obviously may impact the performance of the system.

It’s a typical day, you log onto your computer and hit the internet icon; the first page you see is your home page, be it your PC’s default page or one that you’ve set yourself, such as your email login for a favourite news or sports website. You then decide to look something up on the internet – perhaps that new restaurant that you want to try out tonight – so you go to one of the search engines but they’re new and their site is not online yet and you get an error page. What’s my point, you ask? Well, the point is that because, as seen above, these three pages are browsers, they are also vulnerable to browser hijacking.

But what does this hijacker actually do? Someone who is hijacking your browser is ultimately taking control of how it works and is configured – this often takes the shape of a new toolbar. They might also change what you see on your home page. This is sometimes known as a ‘drive-by download’ because the tool bar is installed without you being any the wiser – computers with poor security or no antivirus software are particularly in danger of this. Dnsbasic.com for instance, won't hijack your home page but it will change the way you search directly through the address bar or omnibox in Google Chrome. Search results are mixed with good and poor quality links. I wouldn't recommend using this search engine, especially when you can use Google or Bing instead.

At first glance your new search engine provider might not look so sinister – surely it’s just providing you with some extra functionality, right? Wrong: your new super-helpful search engine is actually there to redirect you to websites that you otherwise would probably have not clicked on.

In the majority of cases the dnsbasic.com will have been installed by downloaded software or shareware even from an infected email.

Dnsbasic.com can be tricky to remove, even for the techy guy at your local computer repair store, as the technology behind them is increasingly sophisticated, so it stands to reason that prevention is better than cure. Please use the following removal instructions to remove dnsbasic.com from your computer. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

---

DnsBasic removal instructions:

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall DnsBasic from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs.
If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove DnsBasic application and also other applications you have recently installed. Go into 'Installed programs' and sort them by date.

Simply the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

---

Remove dnsbasic.com from Google Chrome:

1. Click on Chrome menu button. Go to Tools → Extensions.



2. Click on the trashcan icon to remove the DnsBasic extension.

3. Click on Chrome menu button once again. Select Settings.

4. Click Set pages under the On startup.


Remove dnsbasic.com by clicking the "X" mark.

5. Click Show Home button under Appearance. Then click Change.

Select Use the New Tab page and click OK to save changes.

6. Click Manager search engines button under Search.

Select Google or any other search engine you like from the list and make it your default search engine provider.

Select dnsbasic.com from the list and remove it by clicking the "X" mark.

---

Remove dnsbasic.com from Mozilla Firefox:

1. Open Mozilla Firefox. Go to Tools → Add-ons.



2. Select Extensions. Remove DnsBasic extension. Close the window.

3. In the URL address bar, type about:config and hit Enter.



Click I'll be careful, I promise! to continue.



In the search filter at the top, type: dnsbasic

Now, you should see all the preferences that were changed by Dns Basic. Right-click on the preference and select Reset to restore default value. Reset all found preferences!

---

Remove dnsbasic.com from Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons.




2. Select Toolbars and Extensions. Remove DnsBasic Internet Explorer add-on.

3. Select Search Providers. First of all, choose Live Search search engine and make it your default web search provider (Set as default).

4. Select DnsBasic and click Remove to remove it. Close the window.

What is cltmng.exe and how to remove it?

cltmng.exe - Search Protect by Conduit

What is cltmng.exe?

cltmng.exe is a part of the Conduit browser hijacker which specifically targets Chrome and Firefox. It installs an extension that forces users to use Conduit Search (search.conduit.com). Needles to say, it's not essential for Windows and may cause problems. This application will prevent other competing web browser plugins from changing the home page and search settings that are created by Conduit software. It may block any attempt to restore your default search engine and home page. It may slow down your computer, especially when online. Besides, Conduit software displays ads on infected computers and redirects users to search.conduit.com when searching directly through the address bar. I recommend you to remove cltmng.exe from your computer.

File name: cltmng.exe
Publisher: Conduit
File Location Windows XP: C:\Documents and Settings\[UserName]\Application Data\SearchProtect\cltmng.exe
File Location Windows 7: C:\users\[UserName]\AppData\Roaming\SearchProtect\bin\cltmng.exe
Startup file: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 'SearchProtect'

Remove Trojan.Zeroaccess!inf4 (Uninstall Guide)

Trojan.Zeroaccess!inf4 can be used to monitor innocent persons, attack their computer, steal their files and personal data and make changes to their computer system. The term Trojan is more commonly associated with this kind of activity and is something that we all need to be aware of and to do our best to safeguard our information and personal details so that we don’t fall victim to identity theft and other crimes. You may have arrived at this page because your computer is infected with Trojan.Zeroaccess!inf4 which requires manual removal. To remove this Trojan from your computer, please follow the removal guide below.

This Trojan horse can be used for a wide range of reasons and for a number of activities on the unsuspecting owner’s PC or laptop system. Once installed, a hacker can use it to execute and access files, change system configurations, set up ports, log key strokes, monitor packets on the network, collect different user names and passwords so that they can create other personas and attack other computers using the victim’s whilst remaining incognito and monitor – or spy to put it more accurately – computer usage, software downloaded and websites browsed.

So how do you tell if you’re the victim of this trojan? If you are using Norton Antivirus or any other Symantec product, you will get a warning stating that one of your files, for instance services.exe, (Trojan.Zeroaccess!inf4) detected by Virus scanner and Auto-Protect. In other words, this means that services.exe contains threat Trojan.Zeroaccess!inf4. The risk is high. Unfortunately it’s just not that easy because the very point of rootkits is that they are undetectable by the user.

What do you do if you think you have been infected? Even if a computer expert has attempted to remove Trojan.Zeroaccess!inf4 manually, it is very difficult for them to tell if it’s gone completely, therefore most of them recommend that the only way to deal with the situation is to scan the system with anti-malware software.

There is no antivirus or security software than can keep all rootkits at bay but there are a number of steps you can take to protect yourself. Enabling a firewall on your computer is an excellent idea as is ensuring that you always have the latest updates for all your installed software. If you don’t have antivirus software installed, make sure you do it now and always keep that up to date too, with the latest versions and patches. Knowing who has access to your PC or laptop is important too so you might want to consider limiting user privileges, especially if you leave it logged in in a public place, work environment or if you have shared living arrangements.

As always, exercise caution when opening email attachments and accepting file transfers over applications and be careful when clicking on links to webpages, both on the internet and in emails. Downloading pirated software is a no-no too and whether it’s for bank accounts or something as seemingly harmless as your Facebook account, always use strong passwords.

Unfortunately Trojan.Zeroaccess!inf4 and ZeroAccess rootkit being used for malicious purposes are a feature of the internet landscape however with a little care and attention we can all do our best to try and limit the eventuality of becomes victims ourselves. The following instructions will show you how to remove Trojan.Zeroaccess!inf4 from your computer. If you have any questions, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

---

Trojan.Zeroaccess!inf4 removal instructions:

1. Download recommended anti-malware software (direct download) and run a full system scan to remove Trojan from your computer.

2. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.



3. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.

What is ibsvc.exe and how to remove it?

ibsvc.exe - IBUpdaterService

What is ibsvc.exe?

ibsvc.exe is not essential for Windows and may cause problems. It's a part of InstallBrain Installer software (detected by antivirus companies as Adware.InstallBrain and even Trojan downloader) that is used to install third party applications, for example Yontoo, PC Performer or Babylon. Usually, it's neither essential nor dangerous but it may cause high CPU usage and Windows errors. Since ibsvc.exe is an update service, it's configured to run automatically when Windows starts. It is very often classified either as adware or potentially unwanted software. It can also download and install additional malware onto your computer. Last, but not least, if you have it on your computer then there's a good chance that it came bundled with spyware. ibsvc.exe is not a Windows file and it may slow down your computer, that's why I recommend removing it.

File name: ibsvc.exe
Publisher: InstallBrain Installer
File Location: C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
Program Path: C:\ProgramData\IBUpdaterService\ibsvc.exe