Mail.Ru Virus


This page shows how to remove the virus.Our removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.

The virus

Mail.Ru Virus

The virus supplants your searches.

Are you being bothered by a piece of software that will open every time you try to load your browser?  Is it slowing down your PC and sucking out your resources? Are you being flooded by constant advertisements displayed on your browser window or desktop? Do not fear, we are here to help you. In this article we shall show you how to handle this situation, what you need to do in order to remove it from your PC and other important bits of information. We recommend you read the following bits of information thoroughly before committing to any action, since proper understanding of this software is paramount. We will begin by explaining what the reason behind redirection really is.

How is best described as? What should one do when faced with it?

By definition, what is causing the constant redirects to can be classified as Browser Hijacker – which is quite different from ransomware – a type of software that floods your system with ads, and also work in a similar. While most of them function is a similar manner, their diversity of techniques employed amplify their success rate. Most developers have mastered this art of social engineering – to make you click on one of the ads – subsequently generating income for the creators and leading you to a dangerous location on the web which can further rob you of your own money, usually done by being offered incredible deals for products and services.

Always keep in mind that most of the stuff dubbed “too good to be true” mostly stand by the meaning of those words – they are in fact, impossible and fake. What Browser Hijackers are not – a computer virus. Viruses tend to be self-replicating and they have a malicious agenda – the above mentioned ransomware will, as an example, encrypt your files and blackmail you for their return. The virus may appear to be one, but in fact it is not.We repeat, in fact is not a computer virus!

The websites you are led to upon interaction with the ads are, most of the time, made poorly and lacking in quality compared to other commercial sites. They usually contain some sort of a product or service – in other words – various methods to snatch your money with the false premise that you will receive what you payed for. The developers will make every attempt to utilize social engineering to lure you into believing what they want to tell or offer / give you. They also sometimes possess the ability to use the Browser Hijacker software in question to gather browser related data that relays a lot of information about you, your browsing habits, history of sites visited and more. They use what they learn about you to supply ads that suit your preferences. They can seem really tempting and realistic – showing something you’ve been looking for in a long time at an affordable price – for example. Nevertheless, the chances of you receiving a legitimate offer are slim to none. Do not be fooled by what you see. These are only attempts to deceive you into interacting with the ads – and as a result generate income for the developers by simply clicking on the ads – also referred to as pay-per-click advertising.

Once Browser Hijacker that redirects you to gets inside your PC, the first thing you may notice is a heightened resource usage. This can be inspected by visiting the task manager – and to an extent the resource monitor – which can be accessed through the performance tab of the task manager. Parameters such as CPU utilization or RAM usage can be affected by it, although most of the time the change is negligible. What you definitely do notice, are the ads that are now filling your browser. They can assume different shapes and sizes, but they serve the same purpose – to make you click on them. You can view a short summary of the general variations of ads:

  • Banners. These fellas reside at the sides of the page. They are the least obstructive from the bunch, but compensate with their larger size and amount – sometimes covering the entire white space of the page.
  • In-text ads. Hidden in the text, these buggers take the shape of hyperlinks. Generally, they are linked to random words that do not make sense. Sometimes, hovering their mouse over them can open a small window above the word, filled with more junk information or ads.
  • Pop-up ads. These are the biggest and meanest form of ads you will meet. More often than not, they pop out in front of your face and cover the entire page with a massive ad. They can be hard to close and may contain a fake X icon – clicking on it will inevitably count as an interaction and will open a page from their own malicious website. Sometimes the pop-up ads occupy a separate browser window – different from your main one – but those generally work in unison with the rest.

Whatever the case, if you are experiencing an attack from the Browser Hijacker linked to, your best course of action is to completely ignore the ads to the best of your abilities. Next, follow the guide below to permanently remove this software from your computer and save you from your troubles.


Type Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms Heightened resource usage, followed by the influx of ads on your computer screen.
Distribution Method Usually bundled with software packages distributed across multiple popular download sites. Advertised as ‘freeware’.
Detection Tool

Not Available

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Remove virus 

Mail.Ru Virus

The remove guide begins below this picture.

Mail.Ru Virus

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Mail.Ru Virus


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. 

Mail.Ru Virus

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Mail.Ru Virus
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result
Mail.Ru VirusClamAV
Mail.Ru VirusAVG AV
Mail.Ru VirusMaldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Mail.Ru Virus

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Mail.Ru Virus

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

Mail.Ru Virus

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

Mail.Ru Virus

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Mail.Ru Virus

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

Mail.Ru Virus

Mail.Ru Virus

  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

Mail.Ru Virus

Properties —–> Shortcut. In Target, remove everything after .exe.

Mail.Ru Virus

Mail.Ru Virus  Remove from Internet Explorer:

Open IE, click  Mail.Ru Virus —–> Manage Add-ons.

Mail.Ru Virus

Find the threat —> Disable. Go to Mail.Ru Virus —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

Mail.Ru Virus Remove from Firefox:

Open Firefoxclick  Mail.Ru Virus  ——-> Add-ons —-> Extensions.

Mail.Ru Virus

Find the adware/malware —> Remove.
Mail.Ru VirusRemove from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Mail.Ru Virus

Rename it to Backup Default. Restart Chrome.

Mail.Ru Virus

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!


About the author


Jack Addams


Leave a Comment