Go.Mail.Ru “Virus” Removal (March 2018 Update)

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove the go.mail.ru “virus”. These go.mail.ru removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows. Russian readers may be looking for answers to the question “как удалитъ go.mail.ru”.

Is go.mail.ru a “virus”?

Are you being bothered by a piece of software that will open go.mail.ru every time you try to load your browser?  Is it slowing down your PC and sucking out your resources? Are you being flooded by constant advertisements displayed on your browser window or desktop? Do not fear, we are here to help you. In this article we shall show you how to handle this situation, what you need to do in order to remove it from your PC and other important bits of information. We recommend you read the following bits of information thoroughly before committing to any action, since proper understanding of this software is paramount. We will begin by explaining what the reason behind go.mail.ru redirection really is. Of course we will them continue with explaining in detail “как удалитъ go.mail.ru”.


Go.mail.ru homepage

How is go.mail.ru best described as? What should one do when faced with it?

By definition, what is causing the constant redirects to go.mail.ru can be classified as Browser Hijacker – which is quite different from ransomware – a type of software that floods your system with ads. While most of them function is a similar manner, their diversity of techniques employed amplify their success rate. Most developers have mastered this art of social engineering – to make you click on one of the ads – subsequently generating income for the creators and leading you to a dangerous location on the web which can further rob you of your own money, usually done by being offered incredible deals for products and services. Always keep in mind that most of the stuff dubbed “too good to be true” mostly stand by the meaning of those words – they are in fact, impossible and fake. What Browser Hijackers are not – a computer virus. Viruses tend to be self-replicating and they have a malicious agenda – the above mentioned ransomware will, as an example, encrypt your files and blackmail you for their return. The go.mail.ru “virus” may appear to be one, but in fact it is not.We repeat, in fact go.mail.ru is not a computer virus!

The websites you are led to upon interaction with the ads are, most of the time, made poorly and lacking in quality compared to other commercial sites. They usually contain some sort of a product or service – in other words – various methods to snatch your money with the false premise that you will receive what you payed for. The developers will make every attempt to utilize social engineering to lure you into believing what they want to tell or offer / give you. They also sometimes possess the ability to use the Browser Hijacker software in question to gather browser related data that relays a lot of information about you, your browsing habits, history of sites visited and more. They use what they learn about you to supply ads that suit your preferences. They can seem really tempting and realistic – showing something you’ve been looking for in a long time at an affordable price – for example. Nevertheless, the chances of you receiving a legitimate offer are slim to none. Do not be fooled by what you see. These are only attempts to deceive you into interacting with the ads – and as a result generate income for the developers by simply clicking on the ads – also referred to as pay-per-click advertising.

Once Browser Hijacker that redirects you to go.mail.ru gets inside your PC, the first thing you may notice is a heightened resource usage. This can be inspected by visiting the task manager – and to an extent the resource monitor – which can be accessed through the performance tab of the task manager. Parameters such as CPU utilization or RAM usage can be affected by it, although most of the time the change is negligible. What you definitely do notice, are the ads that are now filling your browser. They can assume different shapes and sizes, but they serve the same purpose – to make you click on them. You can view a short summary of the general variations of ads:

  • Banners. These fellas reside at the sides of the page. They are the least obstructive from the bunch, but compensate with their larger size and amount – sometimes covering the entire white space of the page.
  • In-text ads. Hidden in the text, these buggers take the shape of hyperlinks. Generally, they are linked to random words that do not make sense. Sometimes, hovering their mouse over them can open a small window above the word, filled with more junk information or ads.
  • Pop-up ads. These are the biggest and meanest form of ads you will meet. More often than not, they pop out in front of your face and cover the entire page with a massive ad. They can be hard to close and may contain a fake X icon – clicking on it will inevitably count as an interaction and will open a page from their own malicious website. Sometimes the pop-up ads occupy a separate browser window – different from your main one – but those generally work in unison with the rest.

Whatever the case, if you are experiencing an attack from the Browser Hijacker linked to go.mail.ru, your best course of action is to completely ignore the ads to the best of your abilities. Next, follow the guide below to permanently remove this software from your computer and save you from your troubles. It is not a surprise that so many of our readers want to know “как удалитъ go.mail.ru”!


Name Go.mail.ru
Type Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms Heightened resource usage, followed by the influx of ads on your computer screen.
Distribution Method Usually bundled with software packages distributed across multiple popular download sites. Advertised as ‘freeware’.
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.


Go.Mail.Ru “Virus” Removal


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



People keep asking about this, so we are putting the information here:

>> The ad at the top was not just another sales tactic.
Removing parasite will likely take at least 1 hour if you know what you are doing, because it got in Windows. You may damage your PC if you delete the wrong files. We SERIOUSLY recommend downloading SpyHunter to guarantee a fast and safe removal.
>> Click to Download Spyhunter.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.



  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).


Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove Go.Mail.Ru from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Go.Mail.Ru from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.
chrome-logo-transparent-backgroundRemove Go.Mail.Ru from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!

  • skyvic21

    mail. ru keep pop at my desktop every 24 hours, what i should do?please help me TT. even i deleted or remove it by malwwarebytes or zemana, it will keepp coming every 24 hours at the same time n in all my browser. what should i do?

    • HowToRemove.Guide Team

      Have you tried using the instructions from our guide on this page?

  • HowToRemove.Guide Team

    Are you using an Administrator profile on the PC?

  • HowToRemove.Guide Team

    Are your hidden files and folders revealed? If not, there might be some hidden ones that also need to be deleted but aren’t visible at the moment.

  • HowToRemove.Guide Team

    You are most welcome!

  • HowToRemove.Guide Team

    You should remove all of those IP’s from Hosts and then save the changes.