Thursday, December 4, 2014

Remove browser hijacker malware

For conduit, white smoke, babylon, anything opencandy (http://en.wikipedia.org/wiki/OpenCandy), and other browser hijackers I usually do the following.

1. uninstall these and anything unrecognizable from add/remove
2. in EACH browser
  a. remove any add-ins/extensions
  b. change the default web page/home page
  c. remove any search engines that you don't recognize, set default to google
3. delete anything from c:\program files, c:\users\appdata that appears to be from the malware
4. run a full scan of Malwarebytes, and possibly other scans
5. probably also a good idea to clear your cache and cookies

I also heard that some trovi malware is also changing browser shortcuts on the desktop, and has a scheduled task to change these shortcuts. I haven't seen this personally, but it's worth checking. Apparently ADWcleaner is good at removing this.

My rule of thumb is that if it takes longer than 30 minutes to an hour to fix I'm going to re-install the OS. However this isn't always practical.