Home Uncategorized
Category

Uncategorized

Is This Virus Irritating?

Remove S.coldsearch.com Browser Hijacker From Chrome/Firefox/IE

Avoid using S.coldsearch.com search engine as it sticks onto your browser homepage and tries to divert you to junk website that are filled with hazards.

S.coldsearch.com browser hijacker is a potentially dangerous website that may invade your system. If the tool finds its way onto your pc, problems begin turning up without delay. Shortly after it slithers in undetected, the tool unveils an onslaught of advertisements. The most significant and in all probability most obnoxious trouble you’ll require to endure, would be the continuous supply of pop-ups adverts the malware will toss your way. We recommend you remove it as soon as you realize it has slithered its way in to your personal machine!

What is S.coldsearch.com Browser Hijacker

In the event you opt not to divert from this browser hijacker, the disturbance certainly won’t end, and you’ll be stuck handling its ever-growing pile of problems every day. On the other hand, the advertisements are so unreliable that if you’re foolish enough to check out even one, all you’ll have to present for it is a lot more malware and browser redirects locking onto your system. But even the risk of more dangerous malevolent software programs making their way into your system will fade when compared to the grave security risk this S.coldsearch.com browser redirect puts upon you.

The most awful issue you’ll be forced to face is the fact that S.coldsearch.com seriously threatens your own personal and financial data. Are you willing to take such an enormous risk for such a useless and hazardous program? Don’t let that happen! Save yourself and your device, and wipe out S.coldsearch.com right now, so you won’t be forced to take care of its messes later!

How S.coldsearch.com Browser Hijacker Works

It uses strategies of infiltrating without you realizing it mean while getting your acceptance for its installation. The product hinges on the everlasting techniques of Spamming, Spoofing, or installing Spyware to enter your system. The virus crawls in by camouflaging behind unsolicited e-mail add-ons, links, or websites. The malware can also appear as a duplicate system or application update, like Java or Flash. That’s mainly because consumers dash through its installment and don’t even make an effort to go through the terms and conditions. Instead, they make the conscious choice to agree with pretty much everything. Well, that’s a horrible decision with awful repercussions. If you’re more cautious, maybe you won’t end up having such intrusive and malevolent software such as S.coldsearch.com browser hijacker.

S.coldsearch.com Browser Hijacker Removal Instructions

#1: Uninstall the malicious program

Control Panel window

Enter control panel to look for any suspicious programs hat have installed on your PC

  • Navigate to the Control Panel by typing Control Panel” in the Start Menu and clicking it in the results.
  • [Start Menu Picture]
  • Click “Programs” on the new window, then “Uninstall Program.
  • Search For XXX and other suspicious programs – uninstall them.

#2: Remove XXX From Chrome

Remove Suspicious ad-ons

Look for any suspicious extensions that you many not be aware of sitting installed in your Chrome browser

  • Open Google Chrome,  type “chrome://extensions/”  and press Enter.
  • Click on “Developer Mode” on the top right and look for XXX and anything that might be related to it. Copy their IDs (the string of letters) then remove them.
  • Type Regedit in the Windows Start Menu and press Enter. Go in : HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions and delete the entries corresponding to the suspicious IDs you recorded.

#3: Remove XXX From Firefox

  • Open Firefox, type “about:support” and press Enter.
  • Click Refresh Firefox on the right and confirm.

#4 Remove XXX From Internet Explorer

  • Open IE, click the Gear icon on the up right, then on Toolbars and Extensions and disable any suspicious extensions.

#5 Remove any Leftovers

Kill Processes

Use Ctrl + Shift + Esc to look for unknown processes.

Open your Task Manager by pressing Ctrl+Shift+Esc at the same time, then go in the Processes tab. Search for anything suspicious, open it by right-clicking on it and choosing Open File Location, then delete that folder.

0 Facebook Twitter Google + Pinterest
Is This Virus Irritating?

Disabling ActiveX

Table I shows some settings that involve ActiveX in the Internet security zone for IE 7. Changing this small group of settings will still protect against many common security problems but is less of an obstacle for the average home PC user. Some ActiveX settings are already disabled by default in the Internet zone and those listed are additional settings that should also be disabled. The settings can be changed manually by going to the Internet Explorer menu Tools-Internet Options-Security-Internet-Custom level (Figure 1). Note that some Web sites use ActiveX and there may be loss of functionality. In particular Microsoft sites such as Windows Update will no longer work. To retain ActiveX capability, commonly visited sites that are secure can be placed in the Trusted Zone. Or, if desired, settings can be returned to their default values by clicking the Reset button shown in Figure 1 or by using the Default Level button.

Table I. Settings for Disabling ActiveX in IE 7
Category Setting Default Recommended
ActiveX controls and plug-ins Binary and script behaviors Enable Disable
Download signed ActiveX controls Prompt Disable
Run ActiveX controls and plug-ins Enable Disable
Script ActiveX controls marked safe for scripting Enable Disable
Figure 1. Dialog box for settings in Internet Security Zone
secsettingsint

Quick way to change IE security zone settings.

Rather than changing the settings manually, an INF file that makes the changes in the Registry can be used. (Using INF files to make Registry changes is discussed on this page.) This has the advantage of providing a simpler method that is not subject to possible errors in entering setting changes by hand. The INF file that carries out the changes shown in Table I can be seen here. The text file shown can be copied and changed to an INF file by editing the extension. To make things even easier, I have also wrapped the INF file in an EXE package that can be downloaded here. To use it, simply left-click in the usual manner. If you do not like the results, the changes can be undone with another executable file that can be downloaded here. Note that any additional setting changes that you might have made will not restored by this file. As is true for any executable file, your security settings may give the standard warning.

Because of our litigious society, I must make the disclaimer that all files are provided as is, without guarantees, and that the user assumes all responsibility.

Responding to zero-day exploits

Many so-called zero-day exploits have been making use of ActiveX. In these cases,Microsoft often advises the work-around of disabling Activex until it issues a patch. The downloads provided above provide an easy way for PC users to apply the temporary defense.

0 Facebook Twitter Google + Pinterest
Is This Virus Irritating?

The settings for security zones in Internet Explorer 7 are changed from those in IE6. Some new categories have been added and security tightened. Figures showing the settings are given.


Comparison of the settings for different Internet Explorer 7 security zones in Windows XP SP2
Settings for Internet Zone Settings for Trusted Zone Settings for Restricted Zone
ie7intzoner ie7trustzoner2 ie7restzoner3
0 Facebook Twitter Google + Pinterest
Is This Virus Irritating?
Comparison of the Internet Security Zone settings for different versions of IE6
Older version of IE6 Later version of IE6 Windows XP SP2 version
iesetint2 newieintzone2 seczoneintsp2

 

0 Facebook Twitter Google + Pinterest
Is This Virus Irritating?

Description of the “My Computer” or local Internet security zone

The “My Computer” zone is the local computer zone, which governs the security settings for opening HTML pages stored on your own system. These locally stored pages are deemed to be safe, which is normally a reasonable assumption. Also local pages may need access to the resources such as files that are located on your system and are therefore given a high degree of trust.

Unfortunately, there are a large number of cross-zone vulnerabilities, which writers of malware such as viruses, worms, etc. may use to their advantage. To help plug these security holes, one of the security changes made in the Windows XP Service Pack 2 update locks down the  “My Computer” zone to control the running of scripts and ActiveX components. This increased security comes at a cost, however, since certain applications are thereby broken.

Configuring the “My Computer” Internet security zone

Users of older Windows operating systems will not receive the security updates for Internet Explorer that the Windows XP SP2 contains. In these cases it may be desirable to be able to configure the settings for the “My Computer” zone. (The following procedures do not apply to IE 6 in Windows XP SP2 or to IE 7.)

Configuring Internet Explorer zones is done through the “Tools- Internet Options ” menu. (A tutorial is available on another page.) The zone for “My Computer” is normally hidden but it can be made visible by editing the Registry so that this zone appears on the Security tab in the Internet Options dialog box, as shown below.

zone5

The Registry settings that have to be changed to make this zone visible are given in an article in the Microsoft Knowledge Base . The key that has to be edited for a particular user account is

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

The key to be edited if all user accounts are to have this zone visible is

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

Within the key is a DWORD value “Flags”. Setting the data value of the Flags value to 47 (in hexadecimal) causes the “My Computer”security zone to be displayed. Setting the data value of the Flags value to 21 (in hexadecimal) causes the “My Computer” security zone to be hidden.

Editing the Registry can be a parlous project so be sure to back up the Registry first. For those who understand how to use REG files, copy the text below, paste into Notepad, and save as “showmycomputer.reg” or name of your choice. Only those who can return their computer to a previous state should try this.

Makes “My Computer” security zone visible
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]

"Flags"=dword:00000047

To reverse the process and hide the zone “My Computer”, use the following script

Hides “My Computer” security zone
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]

"Flags"=dword:00000021

For details about strengthening the security of the Local Machine or My Computer zone consult this Microsoft article.

0 Facebook Twitter Google + Pinterest
Is This Virus Irritating?
Default settings for various Internet Explorer 6 security zones
(Red background indicates settings found only in Windows XP SP2)
Category Setting Internet Trusted Restricted
.NET Framework-reliant components (Not present in all systems) Run components not signed with Authenticode Enable Enable Disable
Run components signed with Authenticode Enable Enable Disable
ActiveX Controls and Plug-ins Download signed
ActiveX controls
Prompt Enable Disable
Download unsigned
ActiveX controls
Disable Prompt Disable
Initialize and script
ActiveX controls not marked as safe
Disable Prompt Disable
Run ActiveX
controls and plug-ins
Enable Enable Disable
Script ActiveX controls
marked safe for scripting
Enable Enable Disable
Automatic prompting for ActiveX controls Disable Enable Disable
Binary and script behaviors Enable Enable Disable
Downloads File download Enable Enable Disable
Font download Enable Enable Disable
Automatic prompting for file downloads Disable Enable Disable
Microsoft VM (only older systems) Java permissions High safety Low safety Disable Java
Miscellaneous Access data sources across domains Disable Enable Disable
Allow META REFRESH Enable Enable Disable
Display mixed content Enable Enable Disable
Don’t prompt for client certificate selection when no certificates or only one certificate exists Disable Enable Disable
Drag and drop or copy and paste files Enable Enable Disable
Installation of desktop items Prompt Enable Disable
Launching programs and files in an IFRAME Prompt Enable Disable
Navigate sub-frames across different domains Disable Enable Disable
Software channel permissions Medium safety Low safety High safety
Submit nonencrypted form data Enable Enable Disable
Userdata persistence Enable Enable Disable
Allow scripting of Internet Explorer Webbrowser control Disable Enable Disable
Allow script-initiated windows without size or position constraints Disable Enable Disable
Allow Web pages to use restricted protocols for active content Prompt Prompt Disable
Open files based on content, not file extension Enable Enable Disable
Use Pop-up Blocker Enable Disable Enable
Web sites in less privileged web content zone can navigate into this zone Enable Prompt Disable
Scripting Active scripting Enable Enable Disable
Allow paste operations via script Enable Enable Disable
Scripting of Java applets Enable Enable Disable
User Authentication Logon Automatic logon only in Intranet zone Automatic logon with current username and password Prompt for user name and password
0 Facebook Twitter Google + Pinterest
Is This Virus Irritating?

Types of cookie

In managing cookies, there are two basic types to consider. “First-party” cookies are those that come from the same domain as the page that you are viewing and are available to be read by the site that you are viewing. This is the type of cookie used for logins, for example. They also may be required by a site before it can be viewed properly. “Third-party” cookies are sent by or can be read by a site different from the one being viewed. These are from sites that provide material to a page that you are viewing, usually advertising. Most people feel that this type of cookie can be safely filtered out. (Marketers may disagree, of course.)

Cookies are also classified according to how long they live. “Persistent” cookies are downloaded to your computer and remain in effect for some period of time called the lifetime (unless they are deleted). Sometimes the lifetime is set for years. “Session” cookies are kept in temporary memory and are alive only during the time that your browser is open.

Cookie management with advanced privacy settings

Cookies are managed in IE6 and IE7 through the menu “Tools-Internet Options”. (Internet Options can also be reached through the Control Panel.) Some details are given in this tutorial. The figure  below shows the dialog box obtained when the “Privacy” tab is selected from “Tools-Internet Options”. To use the advanced settings, click the button “Advanced” outlined in red (not the tab at the upper right.)

IEprivset1a

The dialog box for “Advanced” settings is shown below. Place a check in the box by “Override automatic cookie handling” and click “OK”.

IEprivset2a

After checking the box, the dialog box looks like the figure below. Settings for First-party cookies, third-party-cookies, and session cookies are available. The settings shown are probably the optimum for many PC users. Blocking third-party cookies keeps out a lot of advertising related stuff and does not interfere with the functioning of any sites that I am aware of. Put checks by the settings you prefer and click “OK”.

IEprivset2

If you do not like the results from using the advanced settings, return to the Internet Explorer menu “Tools-Internet Options-Privacy”. The default configuration can then be restored by clicking the button “Default” as shown in the figure below.

IEprivseta

Using an imported privacy file

A lesser known but very useful feature in Internet Explorer allows the management of cookies by importing what is known as a privacy file. The privacy tab dialog box for Internet Options contains a button “Import…”. This is shown in the figure below. Details of how to use this type of file and some examples are given at http://www.vlaurie.com/computers2/Articles/custom_privacy_file.htm. The procedure for constructing a customized privacy import file is dicussed at http://www.vlaurie.com/computers2/Articles/custom_privacy_file2.htm.

privimport1a

0 Facebook Twitter Google + Pinterest
Is This Virus Irritating?

The origin of using the name of the Hormel Company canned meat product for junk email is attributed to various sources, including Monty Python. Whatever the origin of the name, spam is a truly major email nuisance. The ease with which large electronic mailing lists can be set up and the essentially cost-free (to the mailer) process of email means that almost anyone can send out huge quantities of advertising or other messages. Around half of all email is estimated to be spam.

How They Find Us

In theory the best defense against spam is stay off the mailing lists. So how do we get there in the first place? Unfortunately, it is almost impossible to keep your email address hidden from determined marketers. Once on a list for any reason, your address may be sold and resold many times until it is on dozens of lists. CDs with millions of email addresses are readily available for a few dollars. Any action that you take that might expose your email address on the Internet can end you up on spammer’s lists. Participation in chat rooms, newsgroup discussions, investment forums are all ways to get on lists. In a practice called “harvesting,” spammers use software called “spiders” to regularly comb the Internet for addresses. Also, many ISPs offer the option of being listed in a directory and these are fair game for advertisers.

Shopping on the Internet, signing up for newsletters, entering contests, registering to download software, or other activity requiring that you provide your email address can also get your name on lists. Although reputable merchants, newsletter writers, shareware sites, etc. will respect your privacy, some sites may feel free to sell your name to others. Always look for a statement of the policy on privacy before signing up for something.

Another method used by spammers is the “dictionary” attack. By combining all common words and names (with variations like joe1, joe2, joe3, etc.) with all the common providers such as AOL, Hotmail, MSN, Earthlink, computer programs can generate millions of possible email addresses. Many of these will be legitimate and the spammer doesn’t care about the ones that bounce. The cost of mailing to a lot of incorrect addresses is too small to be any deterrent. Thus some people advise using uncommon combinations of symbols for your email address.

Everyone should have several disposable junk email address that they use where public exposure is likely. One of the free services like Hotmail or My Yahoo serves admirably for this purpose. If an address starts to attract spam, it can just be discarded.

You can also “munge” your address in places like Newsgroups. To “Munge” is to add easily recognized extra characters to your address along with the accompanying phrase “remove xyz to obtain address”. Thus myname@myISP.com becomes myname@mynospamISP.com. The only trouble is that address harvesting software can be programmed to strip out obvious strings like nospam although many times they don’t bother.

Blocking Spam

One method of dealing with spam is to block or filter mail from known spammers or that contain particular subjects or key words. This can be done either on your email program or with special software. The common email programs like Outlook Express allow for setting up rules that apply to categories like senders, subjects, and textual content. Check your particular email client for the details. For example, in Outlook Express go to the menu under Tools-Message Rules. The problem is that spammers keep changing or faking their ostensible names and addresses as well as using phony subjects. Personally, I have found that rules and filtering within my email program may keep out some spam but that it is only a partial answer to the problem. You can also install some extra software. There are a slew of utilities devoted to stopping spam. The best types of programs use a statistical technique known as Bayesian filtering. These programs set up filtering rules based on actual experience and “learn” how to improve filters from the email that you receive. See the sidebar for references on this technique and on various software programs.

Businesses and those who are big users of email will need some heavy-duty methods of filtering spam but average PC users who receive only a few emails each day can use a program like MailWasher Pro. Also, ISPs are getting better at filtering and may also provide some way for individual users to create filtering rules.

There are also services that will filter your mail. By collecting large databases of known spammers and using their client’s emails to keep up with the latest tricks and twists of the spammers, these services can be better at stopping spam than software located on your own computer. These services naturally slow down the processing of your mail since it has to go through their server. Several are listed in the sidebar.

Note that no matter whether you filter mail with software on your own computer or use an external service, some spam will get through and some legitimate mail will get blocked.

Although there are many ways to try to block spam from arriving in your mailbox by using software or filtering services, my experience is that spam has reached the point where one of the best defenses is to have more than one email address. You can reserve one address for friends and relatives and have a second throwaway address that is changed fairly regularly. This second address would be the one that is used whenever it might be subject to public exposure. Many ISPs allow for an account to have multiple mailboxes and one can be set aside for junk. If the volume builds up, the box can be discarded and replaced by a new one. Another route is to use one of the free Internet email services like Yahoo or Hotmail. Yet another approach is to use one of the services that provide email addresses with a limited lifetime. For example, SpamGourmet will give you addresses good for a certain number of uses only.

The last and perhaps best defense is common sense and the “delete” key. Don’t open obvious spam messages and be very careful about responding to “Remove me from this list” type of addresses. That may very well just get you on more lists. Also note that formatted spam may contain Web Bugs that tell the spammer if you have opened that mail.

1 Facebook Twitter Google + Pinterest
Newer Posts