Today’s article is about the removal of the browser hijacker known as Mysearch123, a virus that changes your home page and search engine settings to match www.Mysearch123.com .
Since you are reading this then probably your PC has already been infected by it and you are looking for the way to remove this bugger. Well – you’ve come to the right place. Our removal guide will get the job done, but before rushing to it consider reading the article in full. Knowing how your computer was infected will likely help you recognize similar viruses in the future and stop them before they have the chance to do any harm. This is especially true when you find out that browser hijackers – viruses that can infect you with Mysearch123 or something similar – successfully infiltrate many different parts of PC systems. This includes installing files, dlls, different registries, backup boot options that can regenerate the virus on each startup, new tab URLs, things like that.
WARNING! It is a well known fact that there are just a few ways users can get infected by this browser hijacker and all of them require it to somehow get access from you. The only other option available that they have is to trick users into not knowing they are installing adware or PUPs (potentially unwanted programs). Also, this virus has been flagged as an addition to another one. It comes “out” when you successfully remove Delta-homes.
A glance at how it works.
Due to the endless waves of ads Mysearch123 generates it is regarded as a browser hijacker type of virus. Obviously the annoyance those ads create is enough to want it removed, but the real problem is that they are only a drop in the bucket. Most of the time the homepage search results lead you to generic commercial advertisements containing products. This is about 70% of the time. If you think about it, it all makes sense, because in essence, these people are trying to crudely promote websites by forcefully redirecting traffic there. Of course it’s a promotional tool that opens backdoors for further trouble and installs a whole package of unwanted programs, but to those people that probably seems acceptable.
The following is an example of the program, given to us by a user who uninstalled Mysearch123:
The other 30% of the time are the real trouble. There’s a chance you’ll get redirected to other websites containing so-called “rogue pages.” These pages contain different types of malware – some of which are much more dangerous than a homepage like www.Mysearch123.com – and are slated to begin downloading a .exe file that begins installation immediately after finishing up. Don’t waste time trying to exit the setup from the inside – most likely a virus is made so that you won’t be able to cancel it whenever you want. Start the Task Manager and end the process manually, then delete the file that was downloaded.
You may also start to encounter a number of other things – for example:
- A pop-up warning that you have a missing plug-in and need to download and install it. These are known as “banner fakes” and you will most certainly encounter them when dealing with this fake homepage.
- Some kind of video shown in an empty media window with a message that you need to download a specific video player to see the video. These are often overlayed on top of streaming platforms like Twitch or Youtube, and make the websites practically unusable since the ads do not have a close sign – they are thumbnails.
- Urgent messages to fix security vulnerabilities in an existing, but outdated program by downloading an update for it.
- A “generous” offer to download and try a “free” application. Often anti-malware programs are used as the bait here. Alternatively www.Mysearch123.com may try to outright imitate an anti-virus and hope that you’ll get confused and give it access. Users trust outright anti-virus programs most of the time. Even if they can’t immediately recall if this program was installed bundled with their own software of choice, they may trust it. And that’s what cyber criminals take advantage of.
Make no mistake – every single out of these offers is actually a virus. In fact this is a very commonly used trick and you make see such messages on different websites around the net. These are a very good indication of dangerous sites you should stay clear of. If you suspect you may be in fact missing a plug-in or some program needs an update you should just google it and look for the official website. Always get new software from the official developer’s site for it. Its the only way to be sure it’s 100% virus free.
And to be honest any updates won’t run away – remove the malware first, and you’ll have all the time in the word to apply any real updates.
The most common dirty tricks used by hackers to spread their viruses.
This trick are the program bundles. Many developers include in their program’s installer several other programs – as promotional extras. Unfortunately, especially with free programs, these extras may in fact be an browser hijacker program, because the people who create the software give it up for free, and have to make money somehow, right? So they get “compensated” for including adware/hijackers in their bundles.
Here’s the good thing in all of this though. Whoever creates the programs this fake homepage come in with, is afraid you’ll sue him/her. They are so afraid that they give out a disclaimer you can actually see if you monitor the setup steps and use Custom/Advance Install. It will allow you to see and control what exactly is getting installed. Deny access to anything you don’t need or looks suspicious.
So the disclaimer should look like this:
Although this isn’t really the virus we’re talking about, the installation works in exactly the same manner.
How to Remove Mysearch123
Readers are interested in:
Our first step here is a reboot in Windows Safe Mode. If you already know how to do it, just skip this and proceed to Step 2. If you do not know how to do it, continue reading:
For Windows 98, XP, Millenium and 7 Users:
Reboot your PC. There is a window in time in which you need to press F8. To ensure you don’t bungle it, spam the key until a new menu shows up. Choose Safe Mode With Networking.
Proceed to Step 2.
For Windows 8 and Windows 8.1 Users:
Press Windows + R simultaneously. Next, select the Boot —> Safe boot —> OK.
After that click Restart.
Proceed to Step 2.
For OS X Users:
When your Mac is turned off, press the Power Button. After you hear the Startup Sound, immediately press and hold the Shift key until the Apple logo appears.
Proceed to Step 2.
The virus has infected ALL of your browsers. Apply the steps separately for each one.
For Internet Explorer Users:
Open IE, then click —–> Manage Add-ons.
Find the virus . Disable it.
Click —–> Internet Options>edit the URL box with your preferred search engine, and click Apply.
For Mozilla Firefox Users:
Open Firefox, click on (top right) ——-> Add-ons.
Hit Extensions next.
The malware should be somewhere around here – Remove it.
Next, type about:config on the web page address bar. A message will tell you that you need to be careful. Agree and say OK. Directly below the address bar, there is a search bar. Type in it Mysearch123. Any entries that Mozilla finds with the term need to be reset to their defaults by right clicking and choosing the Reset option.
For Google Chrome Users:
Start Chrome, click —–>More Tools —–> Extensions.
In Extensions, find the virus and select .
Click again, and proceed to Settings —> Search (the fourth tab), select Manage Search Engines. Remove anything but the search engines you normally use.
For Safari Users:
Open Safari, and click Safari —–>Preferences —–> Extensions—–>Uninstall the malware.
(Works for Windows XP, Windows 7, Windows 8, Windows 8.1)
You are now in the Control Panel. Search around for the virus homepage and anything else suspicious-looking.
Uninstall it/them. Also, be extremely careful. Viruses often spend one last ditch effort to trick you into installing more of their kind. If you see a screen like this when you click Uninstall, choose NO:
This is perhaps the most important and difficult step, so be extremely careful. Open the Task Manager by right clicking on the Taskbar and choosing Start Task Manager.
Once it opens, choose the Processes Tab. Look at all of the processes in front of you and try to determine which ones are a virus. Google them or ask us in the comments and we will provide the best assistance we can. If the virus returns later on after you supposedly removed it, the reason is that you missed something here.
Right click on each of the virus processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a virus, copy the folders somewhere, then delete the directories you were sent to.
You should do the following for ALL browsers you have installed. Browser hijackers infect everything while in your system. You need to manually get rid of it from each shortcut. You should do the following:
Right click on the browser’s shortcut, then click Properties.
Alternatively, if you have your browser pinned down to the taskbar, you Right click it, then Right Click again on the Small Browser Icon —–> Properties
NOTE: Below, we are showing Google Chrome, but the method is the same for all browsers.
Once you’ve reached Properties —–> Shortcut (on the band at the top), then in the Target type field, you should REMOVE EVERYTHING AFTER .exe. Most likely the URL listed inside will be “hxxp://www.mysearch123.com/?type=hp&ts=1434016210..“
FOR CHROME USERS:
Select the Menu icon on top —>Settings—> Search. After that enter Manage Search Engines. Edit out any search engines you don’t recognize or use.
There’s a good chance the virus will generate when you remove it and restart. If such a thing occurs:
Type Regedit in the windows search field and press Enter.
Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. Alternatively, if you can’t find any this way, look in these directories, and delete the registries manually:
- HKEY_CURRENT_USER—-Software—–Random entry or just numbers
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random (Probably Start Page)
(UPDATED!) STEP 7:
If none of the things you did managed to remove the virus, do the following:
- Navigate to the directory /myusername/appdata/everything . Inside it you should see an icon called “uninstall.exe” Run it – we’ve received reports that it removes some of the files associated with Mysearch123.
STEP 8 – Optimization
And that’s it. Well done for removing this cr*p. We’ve prepared an optimization guide we specially designed for users who just went through what you did. It’s free, you don’t need to download anything, and it’s fast. You can check it out here if we got your attention.