Solved

Browser Hijacker



Show first post

61 replies

Userlevel 3
My browser was just hijacked by "guruofsearch".  Not only did it hijack my google, but my "plugins" link is dead which I use to turn on and off my flashplayer that is now dead.  It came out of nowhere as I didn't load any new programs.

Before doing anything else I checked my extensions, settings, programs, task manager and my Webroot for viruses.  Everything was normal.  No "guruofsearch", except it appears every time I want to do a search.

 
I then installed the google link in my Chrome bookmarks bar so I am able to search with google now, but I'd rather not have to do it that way, obviously.  I want my address bar back and I want my FlashPlayer back, too.
Not only that, I tried InternetExplorer.  The ONLY thing I can do there is click on news links that are already on the screen.  The address bar and bing search are completely dead.  I don't even get the "guruofsearch".  NO browser at all for IE.

There are all kinds of "solutions" online, but they require downloading another malware removal tool which I'd rather not do as I already have Webroot and it has been good to me ....... so far.

 
So, how do I get rid of it?
Userlevel 7
Hi yayb-baby
 
Sorry to hear about you issue.
 
Guruofsearch.com is indeed a browser hijacker...and it is most definitively 'caught' via bundling with other free software that one downloads off of the Internet. When installed this browser hijacker (a PUA or Potentially Unwanted Application in Community parlance) it will set the homepage and search engine for your web browser to http://guruofsearch.com.
 
Given what you say about not having installed any software recently usually the key to avoiding them is to make sure that when downloading apps one does so from the author's own website or one that they have recommended, and not 3rd party downloading site.
 
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behaviour that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
 
To make sure that your WSA is checking for PUAs proficiently, it sometimes helps to reset the PUA detection within WSA's settings. For PUA's that had previously been scanned and determined to be OK, but have since been added to detection/removal, you may want to complete the following steps:
 
  • Open Webroot SecureAnywhere
  • Click on ‘Advanced Settings’ from the top right
  • Select ‘Scan Settings’ from the left side
  • Unselect the option “Detect Potentially Unwanted Applications”
  • Click on the Save button (you may have to enter in a CAPTCHA)
  • Reselect the option to “Detect Potentially Unwanted Applications”
  • Click on the Save button
  • Run another scan with Webroot and remove any items that get detected.
 
If that does not helps and you feel or consider yourself technically proficient then you can try these steps to remove it from your system.
 
And if that does not work or you do not feel technically capable then the best thing to do is to Open a Support Ticket & ask Webroot Support to take a look and remove these for you.  There is NO CHARGE for this for valid/active WSA license holders.
 
Hope that helps somewhat?
 
Regards, Baldrick
 
Userlevel 3
Thanks!  I'll give it a try and let you know how things work out,  The worst thing is that my plugins are blocked and I can't use Flashplayer.
Userlevel 7
No worries...;)
 
When you say that your "plugins are blocked and I can't use Flashplayer" precisely what do you mean/how does the blocking/issue manifest itself? Are their any messages informing you of the blocking? What are you seeing?
 
Regards, Baldrick

@Baldrick wrote:
To make sure that your WSA is checking for PUAs proficiently, it sometimes helps to reset the PUA detection within WSA's settings. For PUA's that had previously been scanned and determined to be OK, but have since been added to detection/removal, you may want to complete the following steps:
 

  • Open Webroot SecureAnywhere
  • Click on ‘Advanced Settings’ from the top right
  • Select ‘Scan Settings’ from the left side
  • Unselect the option “Detect Potentially Unwanted Applications”
  • Click on the Save button (you may have to enter in a CAPTCHA)
  • Reselect the option to “Detect Potentially Unwanted Applications”
  • Click on the Save button
  • Run another scan with Webroot and remove any items that get detected.

and...

@Baldrick wrote:
PS.  What I occassionally do is go into the Advanced Settings, Scan settings, and toggle off the Detect PUAs...setting, save the configuration, then go back in and toggle it back on, save once more and then run a scan.  This is a tip provided by one of the excellent Threat Researchers, as something that seems to 'bump' the detection of PUAs/PUPs...not sure how or why but it seems to, so yo many want to try it. 


Thanks, Baldrick! I'd somehow missed that one. As you may have noticed, I recently reported here on my first ever "infection" since using Prevx/WSA (more than 10 years now) and what I had done to get rid of it. If this ever happens again, I shall first try the hint you give above.

Userlevel 7
No worries, Muddy7
 
We are all of us a learning...every day...and that is what makes this Commuinty so great. :D
 
Regards, Baldrick
Userlevel 3
I have the link for plugins in my bookmark bar.   When that failed me I found the blue and white shortcut next to the pencil online and had that installed.  In either case, they both brought up the "This site can't be reached " page.   By the way, those are two photos and the way Webroot brought them up.  I couldn't figure out how to separate them and write text around them.  Maybe next time.  At any rate,  I can't open FlashPlayer because of this.  I've tried everything you suggested multiple times plus the things I said in my original post.  The only thing I haven't done yet is go to "Open a Support Ticket" because I wanted to answer your question first.  That will be my next step after I hear back from you.



 
Userlevel 3
Sorry, the blue and white icon between the Webroot icon and the 3 vertical dots.  The pencil disappeared from my photo for some reason.
Do NOT download any Malware removal tools!! Assume you have a PC. (My husband every so often gets Browser Hijackers. He has a PC.) What I did was search through all of his files and any file which seemed "odd" I googled and if it mentioned or said it was a malware or browser hijacker then I deleted it.

I just googled "how to get rid of Browser Hijacker Gurofsearch - and there was a link to a YouTube video, which looked really helpful!

You've probably also figured out you need to be careful searching for sites, and reading the link BEFORE clicking - some are ads (which could also be Malware).

On my MAC, there's an app WOT (I think), that I downloaded from the Apple store for free (not sure if there's something like that for PCs). It rates all of your sites you've googled as Trustworthy or not, with different colored circles: Green (good), Yellow (questionable) and Red (bad) or Blue Question mark (probably not so good?). Good Luck!!
Userlevel 7
Hi Charlotte_Sterling
 
Thanks for your intent to assist.
 
However, here in the Community we do not advocate the recommendation or use of YouTube-related solutions to malware and/or PUA removal unless they are from a source known to be reputable, i.e., from a security app vendor or one of the major institutions such as Microsoft, Apple, Google, etc.; this is due to the fact that malware removal is a skilled task and many of the solution shown may not be safe or have considered all aspects of the removal process. 
 
And even if one has found a suitable video we believe that the best approach, if WSA is unable to handle the issue (and no security app can handle 100% of issues/infections 100% of the time...not even WSA ;)), is for the OP to Open a Support Ticket to get the Webroot Support Team of professionals to intevene and resolve the issue. This is a free service available to all users with an active subscription.
 
This is what I would advocate using in this instance, and so potentially avoiding getting into further trouble be doing something  unforseen to one's system.
 
Regards, Baldrick
Userlevel 3
This DEFINITELY worked for "Guruofsearch" on Chrome, but I suspect that it will work for other browser hijackers and it also fixed my Internet Explorer.

I went to Chrome Help at this link:
https://support.google.com/chrome/answer/2765944#browsersettings
It was EASY and QUICK!  I was rid of "Guruofsearch" in no time.

 
Or you can go directly to the Chrome Cleanup Tool for Windows 7 thru 10.
https://www.google.com/chrome/cleanup-tool/

 
"Clean Chrome of unwanted ads, pop-ups, & malware
If you're seeing some of these problems with Google Chrome, you might have unwanted software or malware installed on your computer:
  • Pop-up ads won't go away.
  • Your Chrome homepage or search engine keeps changing or is not set to Google anymore.
  • Unwanted Chrome extensions or toolbars keep coming back.
  • You keep getting redirected to unfamiliar webpages."   
 "Chrome will open a new tab, and ask you to reset your settings. Click Reset".
 
It literally worked in seconds.  I'm no expert, but I think it cleared the cache as all of my saved sign-ins were gone.  A small price to pay.  I hope you know all of your passwords .      It also disabled my extensions, so enable any extensions that you're using.

                     
I'm not even sure if there is any relation, but the "plugin" link for FlashPlayer still didn't work, so I went here:
https://support.google.com/chrome/answer/142064?hl=en
The link still doesn't do anything, but now when a FlashPlayer video comes up it asks me if I want to activate it.  Goodbye plugin link, hello ask me on screen.  That's good enough for me!  I even like it better that way!

If anyone still has the problem, I hope it works for you.  And YES, it's SAFE to use.

     

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings