Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
An unwanted searcher attached itself to Google Chrome (rusearcher )
Message
<blockquote data-quote="BorisN" data-source="post: 477908" data-attributes="member: 49465"><p>Hello, Answering your question about the file, O see that it is from a folder with a prorgam which is an English phonetics teaching program. I looked in the folder and it looks like it is the main running program of the teaching system. </p><p></p><p>Also before I received you answer I tried to use the last instructions from Kaspersky lab once again</p><p></p><p>RD /S /Q "%WinDir%\System32\GroupPolicyUsers"</p><p>RD /S /Q "%WinDir%\System32\GroupPolicy"</p><p>gpupdate /force</p><p></p><p>The Rusearcher did not dissapear after that.</p><p></p><p>After that I ran some antivirus programs once again. I think the last was Malware bytes antimalware </p><p>Ver: 2.2.0.1024</p><p>malware database: v2016.02.06.03</p><p>rookit database: v2016.01.20.01</p><p></p><p>I ran the program in the deep scanning mode with euristic on and it found 3 more files</p><p></p><p>PUP.Optional.OpenCandy, C:\Users\Boris\AppData\Local\Temp\HYDBF66.tmp.1454754020\HTA\3rdparty\OCSetupHlp.dll, , [c7b4025bddbcfd39bf50ed01e222ae52], </p><p>PUP.Optional.OpenCandy, C:\Users\Boris\AppData\Local\Temp\HYDCA10.tmp.1454753957\HTA\3rdparty\OCComSDK.dll, , [8deef7660f8ab97d6a059ba4d2300ef2], </p><p>PUP.Optional.OpenCandy, C:\Users\Boris\AppData\Local\Temp\HYDCA10.tmp.1454753957\HTA\3rdparty\OCSetupHlp.dll, , [c7b4124b5346c571898613dbf410ae52], </p><p></p><p>and after rebooting the computer I opened Chrome and I do not see any "Set by administrator" sign in the settings for the search system as it was before. The search works fine without calling any unwanted "Rusearcher.com". I hope that the problem is solved now.</p><p></p><p>Before I solved the problem (hopefully) I ran all the software adviced in the articles in you site and the other places. Kaspersky, Spyhunter (found quite a lot but did not solve the original problem), chrome clean up tool, spybot, tds killer, Rkill, hitman, mbam finally again in deep scanning mode.</p><p></p><p>Now I may try to run ZOEK and may be hitman and spyhunter again for double check, but do not think that anything is left.</p><p>programs from this article for example <a href="https://malwaretips.com/threads/how-to-remove-trojans-spyware-rogues-and-other-malware.6941/" target="_blank">How to remove trojans, spyware, rogues and other malware</a></p><p></p><p>My Kaspersky license expires today. Would you recommend anything else (I use windows 7 home extended 64 bits)?</p></blockquote><p></p>
[QUOTE="BorisN, post: 477908, member: 49465"] Hello, Answering your question about the file, O see that it is from a folder with a prorgam which is an English phonetics teaching program. I looked in the folder and it looks like it is the main running program of the teaching system. Also before I received you answer I tried to use the last instructions from Kaspersky lab once again RD /S /Q "%WinDir%\System32\GroupPolicyUsers" RD /S /Q "%WinDir%\System32\GroupPolicy" gpupdate /force The Rusearcher did not dissapear after that. After that I ran some antivirus programs once again. I think the last was Malware bytes antimalware Ver: 2.2.0.1024 malware database: v2016.02.06.03 rookit database: v2016.01.20.01 I ran the program in the deep scanning mode with euristic on and it found 3 more files PUP.Optional.OpenCandy, C:\Users\Boris\AppData\Local\Temp\HYDBF66.tmp.1454754020\HTA\3rdparty\OCSetupHlp.dll, , [c7b4025bddbcfd39bf50ed01e222ae52], PUP.Optional.OpenCandy, C:\Users\Boris\AppData\Local\Temp\HYDCA10.tmp.1454753957\HTA\3rdparty\OCComSDK.dll, , [8deef7660f8ab97d6a059ba4d2300ef2], PUP.Optional.OpenCandy, C:\Users\Boris\AppData\Local\Temp\HYDCA10.tmp.1454753957\HTA\3rdparty\OCSetupHlp.dll, , [c7b4124b5346c571898613dbf410ae52], and after rebooting the computer I opened Chrome and I do not see any "Set by administrator" sign in the settings for the search system as it was before. The search works fine without calling any unwanted "Rusearcher.com". I hope that the problem is solved now. Before I solved the problem (hopefully) I ran all the software adviced in the articles in you site and the other places. Kaspersky, Spyhunter (found quite a lot but did not solve the original problem), chrome clean up tool, spybot, tds killer, Rkill, hitman, mbam finally again in deep scanning mode. Now I may try to run ZOEK and may be hitman and spyhunter again for double check, but do not think that anything is left. programs from this article for example [URL="https://malwaretips.com/threads/how-to-remove-trojans-spyware-rogues-and-other-malware.6941/"]How to remove trojans, spyware, rogues and other malware[/URL] My Kaspersky license expires today. Would you recommend anything else (I use windows 7 home extended 64 bits)? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
