Monday, March 10, 2014

How to remove rsearch.shopathome.com virus

Screenshot of rsearch.shopathome.com:


Complaints about rsearch.shopathome.com:

This page (http://rsearch.shopathome.com/)opens almost every time I open a new tab. I have tried to set my search engine to another site, changed the way tabs open, reset defaults - all to no avail. I don't want this page to open and I'm not going to use it. It's very annoying and I can't figure out how to make it go away. Does anyone know how to take care of this?

What does rsearch.shopathome.com do in the infected PC?

rsearch.shopathome.com will alter the browser settings in the target computer, such as replace the homepage with its own website, alter default search engines and add icons on the bookmark or favorite bar. Once these settings have been made, it is hard for users to reset them back.

A backdoor may be chiseled up by rsearch.shopathome.com browser hijacker to allow other computer infections to invade into this compromised PC more easily. Browser history and personal data in the target PC may be record by rsearch.shopathome.com redirect, and are sent to the virus’ sponsors or creators to undertake illegal activities.

The running speed of the infected PC become more and more slowly. Users may also encounter windows freeze or system crash if the virus stays longer in the PC. All in all, rsearch.shopathome.com is a potential threat to your PC, follow the guide as below to remove this nasty computer virus right now.

Here are two effective methods to get rid of rsearch.shopathome.com, choose one you like to regain a clean PC now. 

Method one: Manually remove rsearch.shopathome.com virus:

Step 1: stop all the malicious processes about this computer virus
Open task manager by pressing Alt+Ctrl+Del keys at the same time. Or click on the Start button and choose Run option, then type taskmgr into and press OK.



Terminate all the malicious processes of this infection

Step 2: disable any suspicious startup items that are made by infections.
Click Start menu ; click Run; type: msconfig in the Run box; click Ok to open the System Configuration Utility; Disable all possible startup items generated.


 Step 3: Clean cookies
 Internet Explorer: Tools → Internet Options →the General tab, Delete the Cookies button can be directly seen in IE6, IE7 is to click the Delete Browsing History button then tick Cookies and click Delete.

 Firefox: Tools → Options → Privacy → Remove Individual Cookies → Delete corresponding cookies in the cookies showing box.

Opera: Tools → Preferences → Advanced → Cookies →Delete corresponding cookies in Management Cookies.

Step 4: show hidden files and folders and delete all the following files.
Click the Start button and choose Control Panel, clicking Appearance and Themes, to find Folder Options then double-click on it.


In the pop-up dialog box, click the View tab and uncheck Hide protected operating system files (Recommended).
Delete all the following files belong to this virus
%AppData%\<random>.exe
%CommonAppData%\<random>.exe
C:\Windows\Temp\<random>.exe
%temp%\<random>.exe
C:\Program Files\<random>

Step 5: open Registry Editor to delete all the vicious registries as below
Open Registry Editor by pressing Window+R keys together, then typing into Regedit and pressing Enter.

Delete all the vicious registries as below:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SEAMONKEY.EXE\shell\open\command "(Default)" = "C:\Program Files\SeaMonkey\seamonkey.exe http://www.<random>.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Default_Page_URL" = "http://www.<random>.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard drive id>"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Default_Search_URL" = "http://www.<random>.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Search Page" = "http://www.<random>.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}"

If the manual guide is kinda difficult for you, please feel free to download automatic removal tool SpyHunter to drive the self-invited guest away.

Method two: Automatically remove rsearch.shopathome.com with Spyhunter antivirus software:

 

Step 1: click the icon below to download automatic removal tool SpyHunter

 
http://www.pcresolvers.com/spyhunter.php

 

Step 2: follow the instructions to install SpyHunter

 



 

Step 3: run SpyHunter to automatically detect and uninstall OffersWizard

 


Summary: Due to the changeable characters of rsearch.shopathome.com, you cannot be too careful to distinguish the harmful files and registries from the system files and registries. If you have spend too much time in manual removing rsearch.shopathome.com and still not make any progress, you can download and install Spyhunter antivirus software here to remove rsearch.shopathome.com automatically for you.

No comments:

Post a Comment