Jump to content

Search the web (yahoo) and True Key software installed


Recommended Posts

A few days ago, I found the Search The Web (Yahoo) software on my nephew's computer in the program section of the Windows 10 control panel. It presented no symptoms but was not removable in any way with ordinary procedures and therefore I thought it was malevolent.
I tried to scan with Malwarebytes (last version) premium, Adwcleaner (last version) and Rogue Killer (last version) free. None of the three managed to detect and delete the software in question.
Same with the True Key software: it was not uninstallable and none of the three used antimalware was able to detect and delete it.
Since I've never done a clean installation since the purchase of the machine I have formatted the PC and I have solved it. (I state that he's children and do not always aware of the sites that visit and from which  download -  he's protected with malwarebytes premium)
I would like to know, from anyone who can tell me, what software they are and if they are dangerous and I get back into a windows 10 pc (but not only, if they exist for other systems: I am particularly interested in macOS) what can I do to eliminate them?
Thank you so far who can help me
Regards
Massimiliano

Edited by MAXBAR1
added the verb to detect in the description of the antimalware action
Link to post
Share on other sites

Hi MAXBAR1 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt) and the Malwarebytes log. You can attach them in your next post, or copy/paste their content.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

As I wrote in my first post, I have now formatted the machine and so He has a clean system.

I  need guidelines to follow in case of a new infection of the same malware, if It gets back, that I avoid clean installation.

As I wrote, it was the computer of my nephew, a child, who was being restored very quickly.

It would be enough to be careful where you surf and what you download and / or install, and then with Malwarebytes you would not suffer infections: but it is a child and it would be too much.

Link to post
Share on other sites

Well, if the infection ever come back, simply follow the instructions in the thread I linked and open a new thread here.

Also, Search the web (Yahoo) is a simple browser hijacker, and despite the fact that its hard to uninstall, TrueKey is a legitimate software by McAfee. TrueKey can be uninstalled, and Search the Web (Yahoo) can be removed by removing the extension for it in your browser (Chrome, Firefox, Internet Explorer, etc.) and resetting its settings to defaults.

Link to post
Share on other sites

Thank you Yoan for the quick response.


In my case, search the web (Yahoo) was included in the installed software list of Windows 10 control panels, programs and features section, and there was no way to remove it from there. The same applies to McAfee TrueKey. 

I must say, however, that I am not aware of any trouble created by my nephews on that computer with regard to browsing, downloading and installing software on collections of free programs. 

However, as far as browser hijackers are concerned, neither Malwarebytes Premium, nor RogueKiller free, nor AdwCleaner have been able to detect and remove it.


I would be grateful if you could add me something about this last piece of information I gave you.


In any case I will execute your instructions; rather I put in the bookmarks of my browser the link to your first post so as to easily find it in the future and behave accordingly.

Thanks again


A greeting


Massimiliano

Link to post
Share on other sites

If a program is listed in the Control Panel, under "Uninstall a program", then it can be uninstalled. Here's the link contain 2-3 ways of removing True Key.

https://www.ghacks.net/2016/06/24/remove-true-key-intel-security/

The same should apply for Search the Web (Yahoo), it can be uninstalled from the Control Panel, but it must also be removed manually from the web browsers its present in.

Link to post
Share on other sites

Neither the Uninstall button present in the control panel nor that present in the Windows 10 settings operated. Probably the process that is invoked by these functions was irreparably corrupted and this could, or at least imagine, be the reason why even the anti-malware could not remove them both or at least the browser hijacker.

Link to post
Share on other sites

In that case, we could have looked for the UninstallString manually, under the program's Uninstall key and see if that worked. There's also a way out of such situations, however, it might not be the same for everyone :) 

Link to post
Share on other sites

Here.

https://docs.microsoft.com/en-us/windows/desktop/msi/uninstall-registry-key

64-bit program Uninstall keys are under HKLM\SOFTWARE\Microsoft, while 32-bit program Uninstall keys are under HKLM\SOFTWARE\Wow6432Node\Microsoft. Also, if the program is installed under the userprofile, you'll have to check under HKCU\SOFTWARE\Microsoft.

Link to post
Share on other sites

Thank you so much. If there aren’t further details you can give me, close the ticket;

I can guarantee you that I will take into consideration what you have explained to me and in similar cases I will open a ticket with all the required  log ready in order to speed up the  resolution of any problems.

Thanks again.

A greeting.

Massimiliano

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.