Searchqu 406 browser hijacker

[a_vast]

Hi,

I fear I have been here before. Moan: Google have started tinkering with their 'cache search' option. I use this a lot so started going to Bing which still has a reliable cache search option. At about this time I noticed the Google icon on Chrome had changed into a generic icon, but it still said Google. My moan is that if Google hadn't unilaterally begun to remove its quite popular search cache I would never had gone to Bing and would probably not have picked up searchqu!

This evening I clicked on that google-generic icon & avast jumped up & told me searchqu_406 had been blocked. I was amazed, what was going on? At length I found in the Chrome Settings searchqu hiding under the title "Web Search" but it couldn't hide its url. It has set itself up as default searcher even though I have disabled it. I must have entered its url in avast previously. But the 'Remove' button in Chrome Search Providers is greyed out.

Is there anyway I can banish searchqu_406 from my pc please?

Many thanks,

a_vast

[Nesivos]

There is information on this link on how to remove Searchqu 406 from various browsers

http://deletemalware.blogspot.com/2011/05/how-to-remove-searchqu-uninstall-guide.html

You could also try a scan with Malwarebytes and/or Superantispyware however I don't know if they will remove it.  I would also look in Windows Programs Add/Remove to see if there is an program installed like a toolbar that shouldn't be and uninstall it.

[a_vast]

Thanks. Am running a full Malwarebytes scan now.

Will update

[SearchnuSupport]

Hi,
I'm a member of the Searchnu Support Team. I'm here to help

From the URL you provided it looks like Searchnu was installed on your PC when you
installed iLivid- a download manager which includes Searchnu as an option.

When the software was installed onto your pc it offered two basic installs, typical installation,
which lists the add-on features such as searchnu default search, and Custom installation,
which allows you to select the add-ons that you wish to install. There's no need to worry if you did the typical install - this isn't a virus,
nor malware, and there's no need to Perform a virus scan against it.

Please visit iLivid's support section where you will find detailed instructions for uninstalling Searchnu
at:http://www.ilivid.com/faq.htm

Thank you,
The Searchnu Support Team

[a_vast]

Hi,
I'm a member of the Searchnu Support Team. I'm here to help ... The Searchnu Support Team

I'm sorry I don't know who Searchnu Support Team is, can someone at Avast kindly verify this message from them please?

Thank you.

[Pondus]

the URL he gave seems okay

Zulu analyser
http://zulu.zscaler.com/submission/show/dc861d0616b6179ee540d9883f4a6a86-1337278498

Sucuri
http://sitecheck.sucuri.net/results/www.ilivid.com/

[a_vast]

Thanks. Indeed, I thought iLivid were the source for Searchqu_406?

I have run a full Malwarebytes and all is okay.

Am now going to look at the Nesivos link.

Best regards.

[Pondus]

OBS:  listed at WOT and hpHOST

URLVoid
http://www.urlvoid.com/scan/ilivid.com/

IPVoid
http://www.ipvoid.com/scan/207.232.22.55/

novirusthanks
http://vscan.novirusthanks.org/analysis/f439f644e5a1c8134dae65bcbb6e510c/aW5kZXg=/

[polonus]

According to the IP report for 207.232.22.55 flagged for misleading marketing. Malware from other domains of that IP has been now closed or are dead.
See e.g.: htxp://camas.comodo.com/cgi-bin/submit?file=fd0754a2ef3567859db0bf3c75f18ec50aaeae6a7561aff9e7f6c7775a945ed7

polonus

[a_vast]

Dear Pondus & Polonus,

What does this information mean please and how does it relate to SearchnuSupport inviting me to visit http://www.ilivid.com/faq.htm ?

Many thanks.

[AntiVirusASeT]

@a_vast: they are providing u with third party analysis on the webpage SearchnuSupport gave u. these third party tools can spot potential malicious items on the webpage like scripts, redirectors, common malicious ip addresses used to host malware...etc

thus u can make informed decisions whether to visit a site using these tools before hand. (note that u should not rely 100% on these tools though. they could still miss malicious items on a webpage. expert analysis is still the best)

personally i do not think u need to visit that faq site at all. just remove Searchqu 406 from ur system as from the link Nesivos provided.

u have experienced a bad case of adware.

[a_vast]

Thanks AntiVirusASeT,

Last time the 406 made its unwelcome presence known I entered its url into Avast which stopped it in its tracks recently. I have it disabled now even though it has greyed out initial applications to remove it entirely. Will follow instructions to remove it once and for all from pc.

[a_vast]

I follwed all the kind instructions for the removal of searchqu. It did not show up in IE or Mozilla but was still in Chrome, that's when things got tricky. The directions asked me to

1. Click on Customize and control Google Chrome icon and select Options

but there was no Customise & Control to click on.

So I went on - next was Options but Options did not exist on the scroll down, only "Settings".

And so I went to Settings and just started clicking everything that might lead me the default search engine. Suddenly I found myself at "START UP PAGES" and there it was - Searchqu_406. I deleted it and entered Google's url instead. That seemed to fix it.

Any comments please + thanks for the instructions - oh - I did a search for %AppData% which turned up a single file titled "Roaming". I went right through this file but could find nothing in it concerning searchqu, ilivid, etc.