How to remove the browser Play-toolbar.org and systems?

By | 24.04.2016



browser hijackers

How do I remove Play-toolbar from OS Windows?

If you run the Windows browser is arbitrary, without any user commands, opens https://www.play-toolbar.org site, then the PC security breach gave. Similar symptoms — a clear sign of a specialized virus — browser hijackers.

Cybercriminals are spreading the malware via the software installers: repack them and add the «essential elements». Not all anti-virus software to protect the operating system in real time, are able to recognize this kind of disguise. Infected PCs perforce bring traffic to a malicious site (in this case play-toolbar.org).

How the virus works?

Browser hijacker brings a register of directors, responsible for the startup, its directive. And she, in turn, via the Windows command line launches the browser with the opening of a viral web-pages parameter.

It is noteworthy that in the way the management team is given another site (no play-toolbar). For example, the modification known adverttraff.org. That he redirects infected computer to a fraudulent resource. Thus, hackers added «tangle tracks»: difficult removal «hijacker» of the system.

play-toolbar

removal procedure

Cleaning the registry

1. «Start» Open the menu (click on the icon or press «Win»).

2. In the search bar type — regedit.

run regedit

3. Press the «ENTER».

4. In the Registry Editor, go to HKEY_CURRENT_USER (left-click on the folder with the appropriate name).

5. Next, go to: Software → Microsoft → Windows → CurrentVersion → Run.

6. Run the malicious directory entry with the following characteristics must be removed:

  • Name — CMD;
  • Type — REG_SZ;
  • Value — cmd.exe / c start [name of the malicious Web site] && exit

Note. Most likely, that key will be listed adverttraff.org.

7. Follow the removal by using the regular function of the operating system:

  • right click on the project;
  • Select «Delete» from the context menu.
registry

8. In addition, in the same way, check and, if necessary, clean the section:
the HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ the Microsoft \ the Windows \ CurrentVersion \ the Run

Run directory

Checking the labels properties

To access the settings of labels, follow these steps:

  • for shortcuts on the taskbar: right click → from the menu again, right-click on the browser icon → click the left under the heading «Property» (the system menu);
  • for shortcuts on the desktop: Right-click → Properties.

Then — in the properties window:

"Properties" window

In the «Label» in the «Object», remove the following file extension c ‘the exe’ all malicious setup: references, including the play-toolbar, and command keys.

Attention! If the executable file extension is not «exe» and the name other than the name of the browser, be sure to replace it with a trusted (owned by the browser). For example: firefox.bat (malware) → firefox.exe (true).

Check and restore the settings must be in all existing labels browsers installed in the system.

Setting browsers

After neutralizing the play-toolbar from startup and cleaning labels must restore browser settings and remove malicious / suspicious add-ons (extensions) that are connected to them.

Homepage

This task can be performed not only manually but also using utilities Avast! Browser Cleanup:

1. Download ofsayta cleaner browser and run it.

2. Click the browser icon that you want to clean.

3. Click the «Restore Settings»:

  • set homepage by specifying the address of a trusted search engine (google.com, yandex.ru);
  • remove add-ons, which will recommend to get rid of Browser Cleanup.

Checking system

All of the above purification steps Windows were directed primarily at neutralizing the effects of the virus. BUT: even if there are no signs of its activity, it does not mean that it is gone forever. Some of the elements of malware, though dormant, can stay in one of the file system directory.

Therefore, to remove play-toolbar completely, you must scan the disk partitions of attending one of the following utilities:

  • HitmanPro;
  • Anti-Malware Free;
  • Dr.Web CureIt !;
  • Virus Removal Tool (by Kaspersky).

And, accordingly, all found suspicious and dangerous objects to destroy.

prevention

Restart the PC and make sure that does not activate the command line when running browsers and operating correctly. Run registry optimization and delete unnecessary files from the Windows program CCleaner or Reg Organizer.




Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *