Removing Browser Hijackers from a Windows Computer:

1. Download and run RKILL.

   http://www.bleepingcomputer.com/download/rkill/

   When at the download page, click on the Download Now button labeled iExplore.exe. When you are prompted where to save it, please save it on your desktop. Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with the malware. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and a log file will open. You can review the log file and then close so you can continue with the next step.

   If you have problems running RKill, please let us know.

   Do not reboot your computer after running RKill as the malware programs will start again.

2. Download, install, and run Malwarebytes (FREE version).

   https://www.malwarebytes.org/mwb-download/

   Make sure that Malwarebytes has current definition files installed (from that day or the day before). Hopefully, the software will update the definition files automatically for you when you start the program. Click Scan to run a Threat Scan.

   When the scan is complete, make sure that all of the items detected items are checked. Click the button to Remove Selected items.

Disable the trial if enabled the trial by default. Otherwise, it will conflict with the College-provided version of Bitdefender.

3. Download and run AdwCleaner.

   http://www.malwarebytes.com/adwcleaner/

   When AdwCleaner has finished downloading, please double-click on the AdwCleaner.exe icon that now appears on your desktop. Once you double-click on the icon the AdwCleaner program will open and you will be presented with its start screen as shown below. If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.

   Scan button in AdwCleaner. The program will now start to search for known adware programs that may be installed on your computer. When it has finished it will display all of the items it has found in Results section of the screen above. Please look through the results and try to determine if the programs that are listed contain ones that you do not want installed. If you find programs that you need to keep, then uncheck the entries associated with them.

   For most people, the contents of the Results section may appear confusing or as gibberish. Unless you see a program name that you know should not be removed, please continue with the next step.

   To remove the adware programs that were detected in the previous step, please click on the Cleanbutton on the AdwCleaner screen. AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.

   Please click on the OK button to let AdwCleaner reboot your computer.

4. Let your computer reboot, log in as normal.

   AdwCleaner will automatically open a log file that contains the files, registry keys, and programs that were removed from your computer. You can review this log file and then close the Notepad Window.

5. Download and run Shortcut Cleaner.

   http://www.bleepingcomputer.com/download/shortcut-cleaner/

   Once the program has been downloaded, please double-click on the sc-cleaner.exe icon that will now be on your desktop. If Windows prompts you as to whether or not you wish to run Shortcut Cleaner, please allow it to run. Once the program starts, it will scan your computer for hijacked shortcuts and clean them. When it has finished it will display a log file that contains a list of all Windows shortcuts that were hijacked and disinfected.

6. Make sure that the Windows firewall has been turned on.

   • Windows Vista/7: Wired network: Start -> Control Panel -> (Classic View) -> Windows Firewall -> Change Settings -> Advanced tab -> Local Area Connection should be checked.
   • Windows Vista/7: Wireless network: Start -> Control Panel -> (Classic View) -> Windows Firewall -> Change Settings -> Advanced tab -> Wireless Network Connection should be checked.
   • Windows 8/10: Firewall is on by default. Search for Windows Firewall and make sure it is on.
   • All connections in the Windows Firewall window should be checked.
   • If you can't enable the firewall, please let the Associate Director of Technology Support Services know. There could be residual malware on the computer.

7. Reset Google Chrome.

   Launch Google Chrome. Click on the icon of the three small horizontal lines in the upper right corner of the web browser window. Select Settings. Scroll all the way down to the bottom of the page and click on Show advanced settings…. In the new page that appears, scroll all the way down to the bottom of the page and click on the Reset Settings button. A warning will appear that your personal settings, including homepage settings and other cached data. (Your bookmarks will stay intact.) Click the Reset button.

8. Clear the cache for ALL the web browsers that are installed:

   • Extensions can be deleted if unnecessary (most are), but Google Apps-related extensions are fine. Any extensions not from Google app store are suspicious.

9. Check for installed extensions in the web browsers that are installed:

   • http://sites.saintmarys.edu/~resnet/resnetfaq/webbrowsing.html

10. Verify the computer's settings with the Purple Packet.

11. Uninstall existing anti-virus software, reboot the computer, and then install the provided Bitdefender software.

Last Modified August 7, 2017