A while ago I downloaded a piece of software to try it out and since then all my search engines for google and firefox now default to “_http://uk.search-results.com”. All my attempts to get it back to google failed (except for the search box, which I don’t use, but can’t change it in the URL bar where I type my searches). Avast never picked up this virus. Anybody any idea why it didn’t pick it up and what to do to get rid of this virus?
Did you install Searchqu?
If so, this page will help:
http://deletemalware.blogspot.com/2011/05/how-to-remove-searchqu-uninstall-guide.html
No, I never installed it but I think it might have come with some software I installed from the internet. I needed to unzip a file and downloaded various zip utils to try out. I suspect it might have come with JZipV1 but I can’t be sure.
There are many alternatives including WinRAR and 7Zip.
Also, see this about JZip:
http://www.techsupportforum.com/forums/f131/help-firefox-homepage-hijacked-by-jzip-561379.html
Thanks, this gave me an idea where to look. I finally managed to fix my Firefox browser. There are a few steps I didn’t see mentioned. On the config screen (about:config) there are two more entries that need to be reset apart from browser.search.defaultenginename. When making a search I found the following entries:
keyword.URL;http://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&sr=0&q=
extensions.wrc.SearchRules.rambler.ru.style;.WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url("IMAGE") right no-repeat}
resetting keyword.URL and extensions.wrc.SearchRules.rambler.ru.style fixed my problem.
Strange, though, going back into about:config after having reset those two, I can’t find the second entry (extensions.wrc.SearchRules.rambler.ru.style) at all anymore, only
extensions.wrc.SearchRules.rambler.ru.URL
It’s good that it’s gone, as a search at Google reveals it to be potentially malicious.
Are you experiencing any more problems?
So far everything seems back to normal. System is still a bit sluggish, though, but might be just the internet a bit slow today. I did a full virus scan which passed fine except that it came across one password protected archive it couldn’t scan, “install_flashplayer11x64_mssd_aih.exe” which surprised me a bit, but might be nothing.
Files that can’t be scanned are just that. In this case, the file was password protected, meaning that a password is required to access the file.
Regarding the name of it, it appears to be a legit file that is password protected for commercial reasons, so nothing to worry about.