*Source of claim SH can remove it.
Me.fo
Me.fo is a rogue browser plug-in that hijacks elements of the browser such as the homepage or the search engine with the goal to use them for ad-generation. Me.fo aims to promote different sites through aggressive automatic page redirects and ads injected in the search results.
If you are dealing with an app like this one at the moment, you need to be aware of its characteristics, the potential dangers related to it, and the best ways to get it removed from your browser and computer.
Typically, browser hijacker applications are not limited by their compatibility. An app like Me.fo, for example, can be integrated with pretty much any popular browser you can think of. This includes Chrome, Edge, Firefox, Opera, and so on, which means that switching to another browser is unlikely to solve the problem with the hijacker as Me.fo will probably get added to your new browser soon after you start using it.
The Me.fo Virus
Some users disregard browser hijackers as a mere nuisance that can be ignored once you get used to it while others fear that apps like the Me.fo virus are almost as dangerous as Trojan horse viruses, spyware, or ransomware. The truth, however, is somewhere in between. While the Me.fo virus certainly cannot encrypt your files or corrupt your system, which is something typical for ransomware and Trojans, it is also not an app we would advise you to keep installed and active on your computer.
Even if you think you might be able to ignore its endless stream of banners and pop-ups, the changes it has made in your browser, or the sudden page redirects that land you on sites that you didn’t intend to visit, this doesn’t change the fact that the content promoted by apps like this one may not always be what it seems. Clickbait ads and misleading links are oftentimes put on the screens of users who have a hijacker attached to their browsers and clicking on such an advert or link could quickly get your machine exposed to significantly more dangerous types of content.
For example, there are many harmful pages on the Internet that are designed to perfectly mimic popular and legitimate sites just so that they could get users to provide some personal details such as banking numbers or usernames and passwords, thinking that they are interacting with a safe and legitimate site while, in reality, they are basically sharing their info with hackers and scammers. This is called phishing and, unfortunately, it is not uncommon for some hijackers to promote similar types of sites and pages. We aren’t saying that Me.fo, in particular, does this, but we are also not saying that it is impossible to end up on some sketchy site because this hijacker has suddenly rerouted your browser without your permission.
Removing a browser hijacker
To get rid of Me.fo, you will likely need some help because the uninstallation process of most browser hijackers is typically a bit more elaborate and difficult compared to regular software and browser extensions. That said, as long as you make sure to stick to the instructions we will give you next, you should have no problem removing the intrusive software from your system.
SUMMARY:
Name | Me.fo |
Type | Browser Hijacker |
Detection Tool |
*Source of claim SH can remove it.
Remove Me.fo
The first suggested method of eliminating Me.fo is to check your browser for any unwanted extensions or site permissions linked to the hijacker and remove them. If those are removed from the browser, this may eliminate the need to take any further steps towards dealing with this hijacker.
To delete the hijacker extension from an affected browser, you must go to the browser, access its menu, and find and select the Extensions/Add-ons option. This step as well as the next ones may slightly differ depending on the browser that you are using but it should still be relatively easy to figure it out. If you need our help for your specific browser, you can always go to the comments section and request further assistance. On Chrome, to go to the Extensions page, you must select More Tools and then Extensions from the browser’s menu.
Once you have the list of browser extensions in front of you, find the one named Me.fo and remove it by selecting the Remove button. If the extension won’t go away or would re-appear right after you remove it, then disable it first and then try to uninstall it again (on Chrome, toggle off the toggle button below the extension to disable the latter). If there isn’t a Me.fo extension in the browser, look for other questionable-looking items and remove them. If you are not certain which extension should be removed, start deleting them one by one and stop once the browsing disturbances seem to have stopped. It is okay if you end up removing all extensions – this won’t affect the stability and normal functioning of the browser and you can always re-install the extensions at a later time.
If removing potentially unwanted extensions didn’t solve the problem for you, go to the browser’s settings (Browser menu > Settings) and type Permissions in the search field. From the listed results, find and select the one labeled Notifications (or something similar) and then scroll down to see which sites can show pop-ups/notifications in the browser.
If any of the listed sites seem to be linked to Me.fo and also if any of them are unknown or look suspicious, click on the settings button next to that site (on Chrome that button is three-dots) and select the Block option. After that, the site in question will no longer be allowed to show pop-ups in the browser adn this may be enough to resolve your hijacker problem. If you are unsure which site needs to be blocked, simply block all of them.
Next, scroll to the top of the Notifications settings, find an option named Sites can ask to send notifications or another similarly-named option and disable it. This will mostly prevent the majority of websites from requesting notification permissions from you, reducing the chances of accidentally allowing permissions from a sketchy site.
If you are unable to complete any of the aforementioned steps (as in the browser won’t let you perform the actions) or if the removed extensions return to the browser no matter how many times you uninstall them, you should proceed with the next steps from this guide. Do the same if the problem with Me.fo continues even after you’ve done everything we’ve suggested thus far.
The first step is to make sure that your PC is in Safe Mode as this will hopefully make the removal process easier by preventing interruptions from the hijacker intended to obstruct you while trying to remove it. You can find detailed guidelines on how to access Safe Mode for different Windows versions in this link.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
*Source of claim SH can remove it.
Once Safe Mode is enabled, press the Ctrl + Shift + Esc keys to open the Task Manager and then try to find the Me.fo process in the Processes tab. If the name of the hijacker isn’t there, look for other unusual-looking processes such as ones with high CPU and/or RAM expenditure that aren’t from programs you recognize and/or are currently using. If any process draws your attention and you think that it might be the one behind Me.fo, first look up its name. If the results don’t tell you that this process is a legitimate Windows OS process (often such processes may appear suspicious), then proceed to right-click on it and then on Open File Location.
From the file location of the process, drag-and-drop all of the files stored in there to this next free online scanner that we offer on our site:
If during the scanning process any of the files gets fagged as malicious, kill the suspicious process by selecting it from the Task Manager and clicking on the End process button. After that, you must also delete its folder along with all the files in it. If you cannot delete the folder because you are not allowed to delete any of the files contained within it, delete the rest of the files. As for the ones that you weren’t allowed to delete, you will return to remove them at a later time when you will hopefully no longer be prohibited from doing so.
Next, type a program in the Windows search field (under the Start Menu) and click on the first displayed result. Now look at the listed programs and if any of them looks like it could be related to Me.fo or carries its name, uninstall that program by selecting it and then selecting the Unisntall button from the top. If there’s a wizard, follow the steps in it while making sure to carefully read all the options and settings in it. Be sure to set the uninstallation wizard to leave no data related to the unwanted program on your computer, including personalized settings for the program.
If you don’t know which program to delete, look for ones installed on a right before you started having problems with your browser. Also, if there’s a program that seems to have been installed without your permission, this one could also be potentially linked to the hijacker.
It is important to select No if you see a message like the one from the following screenshot. If you select the Yes option instead, this will result in getting another unwanted app or program installed on your computer.
For this next step, you should go to the System Configuration window – search for it in the Start Menu and open the first search result. In System Configuration, look at the Startup list of apps and if you see anything named Me.fo or anything that you don’t recognize and/or deem suspicious, uncheck those items. Do the same with any item that has Unknown listed as its manufacturer unless you know and trust that specific app.
Click on Apply and then OK to save the changes.
Next, copy-paste this under the Start Menu and press Enter: %windir%/system32/Drivers/etc/hosts. A notepad file name Hosts will open and in it you must look at what’s written below the Localhost line at the bottom of the file. If there are any lines/IP addresses listed below Localhost, you must copy them and send them to us in the comments because it is possible that the hijacker (0r another unwanted or harmful app) has hacked your PC’s Hosts file in order to stay longer in the system and gain more privileges. We will have a look at the IP addresses you’ve sent us and tell you if further action needs to be taken.
If we tell you that the IPs are probably from the hijacker, delete them from the Hosts file, then click on the Edit menu, and select Save.
*Source of claim SH can remove it.
Now you mus check the DNS settings of your current network connection. To do this, type Network Connections in the Windows search field at the Start Menu, hit Enter, and right-click on the icon of the network you are using at the moment. From the context menu, click on Properties, select the Internet Protocol Version 4 (ICP/IP) item, and then select Properties. Here, you must check the Obtain DNS server automatically if that option is not enabled and then you must go to Advanced. In the Advanced settings window, you must go to the DNS tab and remove all DNS server addresses from the list displayed list. Once you are done with this, select OK on all of the open windows.
Finally, you must delete all items from your computer’s Registry that are in any way linked to the hijacker. Bear in mind that there are a lot of important records and settings inside the Registry many of which are essential to the normal functioning of your Windows OS. This means that deleting the wrong Registry item could cause all sorts of issues and unforeseen consequences for your computer. For that reason, we need to remind you to only delete something from the Registry if you are certain that it belongs to the hijacker. If you are in doubt, it’s best to first tell us in the comments about the Registry item(s) you think may be connected to the hijacker so that we can tell you whether or not you should remove it.
Now, to enter the Registry Editor, you can type regedit in the Start Menu and the regedit.exe will appear first in the search results – select it and click on Yes when windows asks for your Admin permission. Next, once in the Editor, press the Ctrl + F keys from the keyboard and a small search box will appear – type in it the hijacker’s name (Me.fo) and select Find Next to start the search. If an item is found, select that item, right-click on it, and click on Delete. Then select the Find Next option again, delete the next item that gets found, and keep doing this until there are no more entries with the Me.fo name.
Once all the Me.fo items are deleted, find the next three directories in the Registry Editor:
- HKEY_CURRENT_USER/Software/
- HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run/
- HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main/
In them, you should look for folders with strange long names that consist of random sequences of letters and/or numbers – those should stand out and be easy to spot so if you see anything like this, delete it. However, if you are uncertain about a given folder in those locations, again, it is preferable to first write us a comment telling us about it so we can reply to you with an answer on whether you should indeed remove said folder.
After you are done with this step, go back to the File Location of the suspicious process from Step 2 if there are any files left there that you weren’t able to delete earlier and try deleting them now. In most cases, you should have no problem deleting those files after taking care of the hijacker entries in the Registry.
Final Notes
In the majority of cases, completing this guide should fully remove the hijacker from your PC. However, in case there are still any symptoms of the unwanted software, we recommend using the advanced removal tool shared on this page to fully eliminate any remnants of the hijacker and also to secure your PC against future encounters with this or other forms of unwanted software.
The problem only happens to my chrome browser, not Coccoc (kind of a chrome-based search engine). Coccoc is pretty old so I don’t think the virus can’t infect it, which makes me suspect that the problem is in my browser, not my machine.
Hi Duo,
yes it is most likely in the browser. Did you follow the guide to remove the virus ?