Malware called Default Tab Search by Search Results, LLC

Topic

New Reply

:o::o: I know how it happened, I actually did it, even though I know better, MS Security Essentials and Malicious Software Removal Tool, and MS Security Scan ALL failed to find and remove this thing. Can anybody tell me how to get rid of it? Trying MalwareBytes as I type this but I am not hopeful. Several sites say “Remove Malware, Download This” but I don’t trust them either as I have never heard of any of them. So, I humbly ask assistance here, where I have trust in the answers that arrive. This is my work PC, (new job waiting for something better so I can actually get some work done) Some kind of “PowerSource” PC with Pentium i3 and just 4GB of Ram and a 750GB HDD. So, if MalwareBytes doesn’t get it, what then? Ideas not just welcome, but fervently hoped for! Thanks All!

Joel

Edit, almost forgot! Using IE9, (have to, legacy program and all)

Edit #2 No Joy with MalwareBytes Full Scan said it found nothing, so still searching instead of working!

Joel

Reply | Quote

Replies

Perhaps this guide will help http://malwaretips.com/blogs/default-tab-search-bar-removal/

Reply | Quote

Perhaps this guide will help http://malwaretips.com/blogs/default-tab-search-bar-removal/

Thank you Thomasjk I will take a look right now!

Joel

Reply | Quote

Thanks again Thomas! Looks like at least most of a success! I got the home page I wanted back, and my default search and addons are there, The only one I really care about is LastPass and it’s still in it’s accustomed spot, the search box toolbar also gone. Only thing is when I go to tools/manage addons there are NO addons or search providers to manage! I’m sure I’ll sort it out sooner rather than later, but the most important thing is I got control of my browser back and intact. Strangely though it never affected Chrome or Firefox, I was able to leave IE9 and use either of those while I tried removing it from IE. Well you know what they say about a gift horse and all. Mainly I want to say THANK YOU for the link that gave me some of my sanity back!
BE forewarned, this nasty bit came from a CNET Download of IrfanView, and there was NO dialog for custom install, no box to uncheck or opt out. Very disappointing. I won’t be going there for downloads anymore. 😎

Joel

Reply | Quote

CNet has been getting really bad recently for piggybacking these add on apps. This is the first I have heard of no opt out options. Good to know.

It seems nothing is free anymore. With CNet and other such sites, if there is not opt out options then I will not use them. It’s not worth the aggravation.

Reply | Quote

CNet has been getting really bad recently for piggybacking these add on apps. This is the first I have heard of no opt out options. Good to know.

It seems nothing is free anymore. With CNet and other such sites, if there is not opt out options then I will not use them. It’s not worth the aggravation.

Could not agree more! I surely won’t go there again. Actually there WAS an option to “disable” or “remove” but it was greyed out so I couldn’t click it, so stupidly thinkin it would be in the next screen, I went ahead and infected myself! So count me with you as far as CNET goes. (showing the option then not allowing you to click on it is just shady and underhanded, but they DID get me with it!) Thanks for the input! 😎
Joel

Joel

Reply | Quote

…. Actually there WAS an option to “disable” or “remove” but it was greyed out so I couldn’t click it, so stupidly thinking it would be in the next screen, I went ahead and infected myself! ….
Joel

Ooops, this was meant to be a direct reply to post #6. No clue why that didn’t work. :confused:

This is not a new tactic at all; consider yourself lucky (or common sense careful) that you did not run into that earlier.

In Sept. 2012 I wrote on my blog about a very nasty example of this tactic applied TWICE in one install!

These windows where the option to “remove’ is greyed out are made to confuse us; mostly the text is sort of ambiguously formulated on top if it.

You avoid the foistware by clicking the Cancel or Dismiss button which in these cases cancels only installation of the foistware and not the whole install process.

Reply | Quote

I stay away from Cnet…They really suck..

I usually go to the publishers website to d/l a program..

Reply | Quote

Indeed, the publishers website is generally the best option for software downloads.
I have had to start blocking various download sites on client PC’s because they are causing too many issues.

Reply | Quote

Nearly anything I can download from CNet I can also download from Filehippo, Softpedia, Tucows, or a host of other, cleaner download sites. Consider this a lesson learned, OK?

-- rc primak

Reply | Quote

Maybe i’ve just been lucky but I’ve never had a problem with a Cnet download. You do have to watch the check boxes during the install process but those are usually “compliments” of the application, not Cnet.

Jerry

Reply | Quote

Re: those “grayed out” “decline” option squares ARE clickable! You CAN opt out of all those extras. Downloads at Cnet are getting very, very, sneaky with attempts to load extra stuff you don’t want – but not the worst by any means.

Reply | Quote

Re: those “grayed out” “decline” option squares ARE clickable! You CAN opt out of all those extras. Downloads at Cnet are getting very, very, sneaky with attempts to load extra stuff you don’t want – but not the worst by any means.

Sneaky,yes. Unavoidable or not clickable, no. So, be careful, folks, and don’t always blame the host site for the sneakware tactics of the software vendors it hosts.

-- rc primak

Reply | Quote

There are a few rule to safely complete your downloads from any site:

First,never use the “recommended” or “typical” installations. (that’s why you inadvertently allow extra software to download) Always use the “Custom” installation. That way you can uncheck everything (as well as direct which partition to download to).

Second, as rje49 pointed out…decline everything you can. Click the grayed out decline each and every time.

Third, open an email account that you only use to complete registrations. You can from time to time go to it to delete all mail.

I prefer “CNET” since they do a virus scan on all programs…”Majorgeeks” is another safe download site.

Reply | Quote

That’s the whole point guys…

Rather then run the gauntlet of sneaky op-out boxes, grayed out check boxes, it’s easier and safer to just head over to the authors site and get the download you want.

As far as virus scans go as Valius stated, who knows how they scanned it and if they even did.
I prefer to scan myself before I run anything no matter where I get it from.

Reply | Quote

Even if you go to the authors’ site for direct downloads, you still need to be very watchful of any options pre-, during and post- install.

Some common examples, Adobe Flash, Avast! Free, CCleaner – they all have ‘quick’ downloads that contain ‘extras’; Flash requires a deselection before downloading, CCleaner, you need to find the ‘other builds’ page for the no-crap versions and with Avast! you (currently) get Chrome offered – I think both during and post-install/reboot.

Reply | Quote

I use Sandboxie to test out the installation before the real installation (Virtualize the installation first.)
If possible, I use Uniextract or other extraction programs to extract the software. (Or copy the ‘installed’ program file folder from within Sandbox. (Not always work.))
Try use extraction apps to convert installable type to portable one. Not all can be done that way. Some can be made operable by registering the program in registry.
Or simply download portable software.
One hassle on some portables or extracted portables: does not have .ini file. Your customed setup/usage can only be stored in the registry (aka must register the software).

Reply | Quote

I use the, what I believe, is most fool proof method..

I make an image before any installations…There have been several times that I have used the image to get back to where things were before the install.

Look guys, everyone has their own methods…
As long as the end result is a clean install without all the crapware.

Reply | Quote

Getting back to the original question . . .

I use REVO Uninstaller for general uninstall chores on my client’s systems as well as my own and have used it for years. It DOES detect Default Tab as an installed program and does a great job of uninstalling it.

Swampster

Reply | Quote