How do I remove searchgoose?

[BottledSyrup]

Farbar Recovery Scan Tool (x64) Version: 19-05-2021
Ran by Yroqu (20-05-2021 18:48:04)
Running from C:\Users\Yroqu\Downloads
Boot Mode: Normal

================== Search Registry: "search-fine;search.securitypath" ===========


===================== Search result for "search-fine" ==========


===================== Search result for "search.securitypath" ==========

====== End of Search ======

 

[BottledSyrup]

Farbar Recovery Scan Tool (x64) Version: 19-05-2021
Ran by Yroqu (20-05-2021 18:48:04)
Running from C:\Users\Yroqu\Downloads
Boot Mode: Normal

================== Search Registry: "search-fine;search.securitypath" ===========


===================== Search result for "search-fine" ==========


===================== Search result for "search.securitypath" ==========

====== End of Search ======

 

[BottledSyrup]

5/20/2021 22:25:57 PM
Files scanned: 481301
Detected files: 0
Cleaned files: 0
Total scan time: 02:46:46
Scan status: Finished

 

[struppigel]

Searcsearching up something goes first to search-fine and then search.securypath in the URL, then changes the search into bing, yahoo, or edge

Which browser is still affected by this? If it is not Edge or Internet Explorer, can you please uninstall and re-install the browser?
Please tell me if that removed the issue.

 

[BottledSyrup]

Bing still has it, so should I uninstall chrome and Bing and redownload both?

 

[struppigel]

Bing still has it, so should I uninstall chrome and Bing and redownload both?

Yes, please do that and tell me if it helped.

 

[BottledSyrup]

Somehow chrome got rid of the virus so it worked, but I cant seem to uninstall Edge

 

[struppigel]

Yes, Edge is part of Windows operating system and cannot be uninstalled. Do you have still symptoms in Edge?

 

[struppigel]

If Edge still has the search-fine redirection, do the following please.
Note: This will create a User Data.zip on your Desktop. This is a backup file for the Edge user data. In case anything is missing after resetting Edge that you desparately need, we can revert it back this way.

Farbar Recovery Scan Tool (FRST) Script

• Download the attached fixlist.txt
• Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Double-click FRST64.exe to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.

Let me know if that worked for you.

 

[BottledSyrup]

AVG is calling the FRST64 as a FileRepMalware, so should I unquarentine it?

 

[struppigel]

AVG is calling the FRST64 as a FileRepMalware, so should I unquarentine it?

Yes, please do that. Temporarily disable your AVG before running the fix with FRST.
FRST looks for malware-typical patterns and carries those patterns inside itself. That makes it prone to false detections by antivirus.

 

[BottledSyrup]

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2021
Ran by Yroqu (25-05-2021 11:44:18) Run:2
Running from C:\Users\Yroqu\Downloads
Loaded Profiles: Yroqu
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Zip: C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data
C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
================== Zip: ===================
C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data -> Could not copy
=========== Zip: End ===========
C:\Users\Yroqu\AppData\Local\Microsoft\Edge\User Data => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13794292 B
Java, Flash, Steam htmlcache => 132097 B
Windows/system/drivers => 69113340 B
Edge => 0 B
Chrome => 98409492 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1312824 B
systemprofile32 => 1312824 B
LocalService => 1331806 B
NetworkService => 1331806 B
Yroqu => 10083199 B
defaultuser100000 => 10083199 B
defaultuser100001 => 10083199 B
defaultuser100000.DESKTOP-ML5MUKB => 10083199 B

RecycleBin => 4968 B
EmptyTemp: => 226.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:57:17 ====

 

[struppigel]

How is your system doing?

 

[BottledSyrup]

They both are fixed surprisingly, so thank you!
Also should I remove the FRST and additions logs from these replies (if I can, because I don't know how to) because they may show some private information, or does it not leak anything of that sort?

 

[struppigel]

I am glad to hear your system works fine.
Your latest logs were clean as well.

Browser hijackers like the ones on your system very often appear via bundled software installers.
Those are installers for legitimate applications that try to trick you into consenting to additional third-party software.

One trick these installers often use: They place a marked checkbox to install additional software and hide the checkbox. E.g. it can be very small, greyed out, or you have scroll down to find it. Unless you opt-out by removing the checkmark, you will get the additional software. Or they provide a button to opt-out of the additional software but make it barely visible.

Only download installers from trusted websites.
Make sure to pay close attention while installing software.
Always use the custom install option, otherwise you might not get the opportunity to opt-out of additional software.

You can drag and drop FRST.exe and the logs into the recycle bin.

Also should I remove the FRST and additions logs from these replies (if I can, because I don't know how to) because they may show some private information, or does it not leak anything of that sort?

Feel free to delete the logs from the topic. You should be able to edit your own posts.

I will leave the topic open for 5 days in case you have any remaining questions. After that the topic will be closed without further notice.