How to remove from startup and browsers?

By | 24.04.2016

ooov virus

How to get rid of browser hijackers site — a kind of hacking service. Automatically redirects to other Internet resources, mainly dedicated to the game category, —, and others. So cunning way attackers hyping their projects on the network.

Naturally, users visit not on their own and not in their interests. This action instead performs a special virus, «settled» in the PC.

How does ooov downloader?

Penetrates this «digital dirty trick» by hackers repacked free software installers. And no one in the installation asks (in the sense of the installer), you never know what is necessary to put in an additional operating system: remove / put a tick, agree or not, and all that jazz. The treacherous invasion takes place secretly, under the guise of a digital product. By the way, he can be trusted (100% coverage of tricks «craftsmen» no!).

with forwarding

Housed in the bowels of the system, the malware injects Startup his record — a special command that launches the browser from the main viral page. Each time you launch the Windows «directive» is executed: the infected PC automatically ‘sent’ to the site computer villains and thus brings them more traffic. Get rid of standard methods can not be from this disgrace.

However, it should not be upset if your PC is attacked, this «infection». Already developed ways to remove completely from the system

Neutralization (blocking) of the virus

Method №1: edit startup system means

1. Hold the Win key (OS icon next to ALT) and press «R». (Window opens, «Run.»)

2. In the «Open» enter — msconfig.

3. Press the «OK».

Windows Startup

4. In the «System Configuration» tab «Startup».

5. The list of elements turn off (uncheck) the launch of an object Adobe Flash Player SU. It is a virus masquerading as Adobe Flash application — the prefix «SU»!

Warning: If the recording c this name is not found, check the command elements (column «Command»), ie, what actions they perform. The malware has the format C: WindowsSystem32cmd.exe / k start http: // && exit.

6. Click consecutively «Apply» and «OK».

7. Press the «Exit without restart» in the «System Setup» sub-window. Otherwise, the virus can be activated again.

Method №2: clean up your registry

1. Press the «Win».

2. In the panel «Start», type — regedit.

3. Activate the command «ENTER» button (to open the Registry Editor).

4. In the editor window open: HKEY_LOCAL_MACHINE → SOFTWARE → Wow6432Node → Microsoft → Windows → CurrentVersion → Run

viral entry in the registry

5. In the next panel (Run directory contents), delete the entry with the name and value of CMD — cmd.exe / from the start [of the viral site address]

  • right click on the record;
  • Click the «Delete» from the context menu.

Additionally, as a preventive measure, scan your entire registry:

  1. Without leaving the editor, press the key combination «CTRL + F».
  2. In the line «Find» set request — ooov.
  3. Run the test button «Find Next.»
  4. Detection recording with the address of the site to remove the same way.
  5. Press «F3» to continue scanning.

Repeat until all the registry keys will be cleared.

Method №3: CCleaner

1. Click «Tools» in CCleaner interface.

CCleaner interface

2. Select the subsection «Startup.»

3. On the «Windows», highlight mouse click recorded with the following parameters:

  • Program: CMD;
  • File: cmd.exe / c start http: // && exit.

4. Click the «Delete». If the team is not a virus is removed, use the «deactivate». She disappears from startup, but it has to be locked.

Method №4: AnVir Task Manager

Warning! This way to lock / treatment for advanced users only.

1. Open your browser (preferably not the main and supplementary, which does not run a virus).

2. In the address bar, type (ofsayta AnVir Task Manager).

3. On the main page of the site click on the link «Download» (distributed free of charge).

ofsayta AnVir Task Manager

Tip! Click the «Demo» to see a video tutorial on using the program.

4. Unzip the downloaded file: Right-click on the file anvirrus_setup → «Extract all …» (shortcut menu).

unpack the downloaded archive

5. Again, unzip the attached file (it will appear next to the downloaded from the site).

6. Run as administrator AnVir installer.

7. Extremely careful not to install it on your PC is nothing superfluous, to turn on the radio panel installer «Custom Install», and then remove all the checkboxes under this option. And then click «Next» button.

custom installation utility

8. The utility prompts you to connect additional functions (monitoring, the icon in the system tray). If you are not going to use it in the future, it is better to refuse.

9. In the Task Manager window AnVir click the «Startup» (option in the left box).

AnVir Task Manager

10. Remove the check mark next to the name Adobe Flash Player SU.

11. In an additional window: enable the «End Process» button, click «Disable (Quarantine).»

Tip! Consider the level of risk of other objects in the startup (see. The appropriate column in the catalog). If greater than 80-90%, it is recommended to disable them, too.

Removing the virus

After blocking run at startup you need to find the «body» of the virus, which has been modified settings and control the actions of the browser. Manually perform this procedure only by experts, connoisseurs of viruses. Therefore, for the final cleaning of the computer it is advisable to use one of the products mentioned below antivirus:

  • Dr.Web CureIt !;
  • AdwCleaner;
  • Kaspersky Virus Removal Tool;
  • Malwarebytes Anti-Malware Free.

Remove the virus and potentially dangerous objects / records found curing utility. Clean the operating system from the «digital garbage» program Reg Organizer or CCleaner.

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *