20131108 mysearchresults malware removal - plembo/onemoretech GitHub Wiki

title: MySearchResults malware removal link: https://onemoretech.wordpress.com/2013/11/08/mysearchresults-malware-removal/ author: phil2nc description: post_id: 6590 created: 2013/11/08 18:45:43 created_gmt: 2013/11/08 23:45:43 comment_status: closed post_name: mysearchresults-malware-removal status: publish post_type: post

MySearchResults malware removal

My eldest was abused by this criminal enterprise earlier this week. He made a valiant effort to rip its tentacles from his Windows PC, but in the end the Chief Engineer had to step in. The thing that makes mysearchresults particularly offensive is that it infects not only the profile of the active user, but all other users on a machine. The changes it makes to redirect its victim's search efforts are global. Of course some might argue that this is only a problem if the user is running with admin rights, but since we're talking about Windows here I won't bother to respond to such a nonsensical point (Microsoft and most Windows software vendors have made it impossible by design to run applications, even the browser, with reduced privileges). Because the software both resets the user's home page and installs add-ins that redirect searches it, as well as making a considerable number of registry changes, removing it can be tedious. Fortunately mysearchresults is now included in the latest Malware Bytes free (MBAM) signature files and can therefore be (mostly) eradicated by a quick scan with an updated version of that product. The process I followed to remove mysearchresults started with a visit to the Windows Control Panel where I used Uninstall to remove the software. This was only the beginning, however. To clean both Firefox and Internet Explorer required I had to manually remove the corresponding Add-in (in Firefox this was for each user) and reset the browser home page. In Firefox I also had to remove mysearchresults as a search provider and set a new default (in my case, startpage.com). It wasn't until late in the game that I thought to run MalwareBytes, after updating with the latest signatures. I'm actually not sure that MBAM alone would be sufficient, due to the embedding of add-in code in each user's browser profile.