I got caught in that fake avast tech scam 179/year phone: (877) 204-9327 Argh! My avast recognizes the mapsgalaxy in the browser cleanup - and when I go for removal it wants to switch out my homepage to yahoo/avast - which is not a real site. Every time i remove it via avast it resets the homepage and then after its gone it come right back. I have already put my computer in safe-mode and deleted the avast that I had and downloaded avast again and re-installed. But I still have the reoccurring mapgalaxy browser problem. So I do NOT have mapgalaxy in my toolbar but I want to get rid of this malware! Please help. I am on win 7. I have changed all my passwords via another computer. Please help I need to get rid of this malware .

Post the logs after perusing this.

I found this website because I did a search to see if other people had MapsGalaxy problems. I also uninstalled it, restarted the computer as directed, said I wasn’t interested, etc. As I was doing other follow-up work on the laptop, I saw a brief message that “MapsGalaxy is protecting my homepage.” Thus, this is definitely a malware company.

In my case, a friend was using MapQuest on her laptop and got the popup to download “files.” Thinking it was part of the MapQuest process, she clicked “OK” and the laptop immediately emitted a continuous and very loud vibration sound. She called me and I had to remove the battery to get it to stop.

I haven’t done it yet, but in the morning, I will do a RegEdit, search for “mapsg” (hopefully a unique string) in all fields and delete those entries with mapsgalaxy in any of the fields. I have done this operation with other malware and it has worked so far. This is a growing problem. More and more malware sites say “Uninstall Complete” but they leave “hooks” in the registry to resurrect themselves and take up where they left off.

If you know how to edit the registry, then you should be fine. If you haven’t edited the registry, get a technical friend to do it.

I’ll report on the results of my registry edit tomorrow.

Regards.

Bob

@ towdesign88,

In preparation for the Malware Removal Specialists, please follow the directions for ATTACHING the following logs to your next post so they can assist you:

• MBAM
• FRST.txt
• aswNBR.exe

After posting the logs, do not make any changes to your machine, do not put a USB drive in your machine, and wait for the Malware Removal Specialist to come along to assist you (they come on the forum at different times, so please be patient). Let us know if you have any questions. Thank you.

Hello again. It was as I suspected. The only thing true about the “mapsgalaxy is uninstalled” message is that the message is utterly false. I’m not familiar with the Malware Removal Specialists but here’s what I did:

1. Went into the registry and did a Find of the string “mapsg” (without the quotes). That string uniquely found all references to MapsGalaxy. There were roughly 50 “hits” and I deleted each one, one at a time, with the delete key and then hit F3 to find the next occurrence. When all occurrences were deleted, I re-ran the search the ensure I got them all. I then did the File/Exit (no Save needed) to save the edited Registry file.
2. Restarted the machine
3. Started Windows Explorer with Admin privilege.
4. Used Windows Explorer to search for that string across the entire C-Drive. I knew I had to look in Program Files but I didn’t know where else MapsG would have stored itself. There were about the same number of actual files in Program Files (x86) as the hits in the registry. For each file found, I verified that it was unique to MapsG and then I deleted it.
5. Again restarted the machine and tested a few applications to gain a small level of confidence.
6. Created a new System Checkpoint with the label “No MapsGalaxy” and told my friend to call me if she found any more problems.

Related Question: Are there tools to automate what I did manually? It took me about an hour and a half to do everything.

Regards,

Bob

Related Question: Are there tools to automate what I did manually? It took me about an hour and a half to do everything.

almost ..... if you had clicked the link in Valinorums post, you would find instructions for running some tools and attach the logs one expert from removal team would then have created a fix for you to run based on the logs you had attached