Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Taz1 on February 04, 2012, 02:45:38 PM
-
A while ago I downloaded a piece of software to try it out and since then all my search engines for google and firefox now default to "_http://uk.search-results.com". All my attempts to get it back to google failed (except for the search box, which I don't use, but can't change it in the URL bar where I type my searches). Avast never picked up this virus. Anybody any idea why it didn't pick it up and what to do to get rid of this virus?
-
Did you install Searchqu?
If so, this page will help:
http://deletemalware.blogspot.com/2011/05/how-to-remove-searchqu-uninstall-guide.html
-
No, I never installed it but I think it might have come with some software I installed from the internet. I needed to unzip a file and downloaded various zip utils to try out. I suspect it might have come with JZipV1 but I can't be sure.
-
No, I never installed it but I think it might have come with some software I installed from the internet. I needed to unzip a file and downloaded various zip utils to try out. I suspect it might have come with JZipV1 but I can't be sure.
There are many alternatives including WinRAR (http://www.rarlab.com) and 7Zip (http://www.7-zip.org/).
Also, see this about JZip:
http://www.techsupportforum.com/forums/f131/help-firefox-homepage-hijacked-by-jzip-561379.html
-
Thanks, this gave me an idea where to look. I finally managed to fix my Firefox browser. There are a few steps I didn't see mentioned. On the config screen (about:config) there are two more entries that need to be reset apart from browser.search.defaultenginename. When making a search I found the following entries:
keyword.URL;http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&sr=0&q=extensions.wrc.SearchRules.rambler.ru.style;.WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url("IMAGE") right no-repeat}
resetting keyword.URL and extensions.wrc.SearchRules.rambler.ru.style fixed my problem.
Strange, though, going back into about:config after having reset those two, I can't find the second entry (extensions.wrc.SearchRules.rambler.ru.style) at all anymore, only
extensions.wrc.SearchRules.rambler.ru.URL
-
I can't find the second entry (extensions.wrc.SearchRules.rambler.ru.style) at all anymore
It's good that it's gone, as a search at Google (http://lmgtfy.com/?q=extensions.wrc.SearchRules.rambler.ru.style) reveals it to be potentially malicious.
Are you experiencing any more problems?
-
Are you experiencing any more problems?
So far everything seems back to normal. System is still a bit sluggish, though, but might be just the internet a bit slow today. I did a full virus scan which passed fine except that it came across one password protected archive it couldn't scan, "install_flashplayer11x64_mssd_aih.exe" which surprised me a bit, but might be nothing.
-
it came across one password protected archive it couldn't scan, "install_flashplayer11x64_mssd_aih.exe" which surprised me a bit, but might be nothing.
Files that can't be scanned are just that. In this case, the file was password protected, meaning that a password is required to access the file.
Regarding the name of it, it appears to be a legit file that is password protected for commercial reasons, so nothing to worry about. ;)