Fake apps have become so common nowadays as browser hijacker components that many people believe they are no threat at all. The current PubSurf infection is one of several rebrands we’ve seen recently – namely JoisApp, TjboApp and CiviApp.
They are all seemingly different in names (well, sort of similar) made by seemingly differently named companies. In reality they and PubSurf literally inject copy pasted files in the same kinds of folders, and modify the same settings. They also use the same installer and when one stops infecting users, another with a new name takes its place. This is the classic behavior of such apps.
OFFER*Source of claim SH can remove it.
PubSurf itself is created by a company called Yinanob Coop Aq. This firm is listed as a publisher in the control panel, but doesn’t exist in either virtual or physical space. It has no known company page – nor does its creation PubSurf. This is clearly a fake with no positive purpose. Since you are here, you are likely looking how to remove it and you are unsure why it exists in the first place. More on that in the next paragraph.
Later down the page we have a real working removal guide created specifically for this page. We did not put a standard catch-all guide like some other websites.
What is PubSurf?
PubSurf is a traditional browser hijacker component that exists for one reason – to enforce other malware extensions and search engines in your browsers. It is created as a defense mechanism that remains separately on your PC. If you find out how to remove the other malware from your browsers, PubSurf can then remain hidden in a folder and renew those components upon a system restart. That’s it. It’s basically just something that wants to make life harder on you.
Since there is no official page for PubSurf that makes claims about its uses, we can only judge it by the behavior we see. In this case we know it is related to other malware components: the PubSurf and MegaGuard extensions, and the Bangsearch bogus search engine.
PubSurf bypasses official checks so the other malware we mentioned can be installed on your PC. Such behavior is clearly malicious in nature. That’s not only because you did not even give consent for the installation – it’s more. The nature of these threats shift all the time and you can suddenly find yourself redirected to a completely shady website that asks you to subscribe to something which costs money. These are low-level scams and some confused users can click on something misleading which will make things worse.
Is there a real threat with PubSurf?
It’s very difficult to discuss this as a threat without taking in a broader scope, but we wanted to include this section in case you find yourself infected with a thing like PubSurf in the future. This one will likely die out in a few days, to be replaced with a fresh-named clone. Other removal guides won’t tell you everything for legal reasons, and won’t go in specifics, but rather just talk about general things.
In reality, PubSurf is just the mechanism for installation of other malware, as stated previously. But to you, when we talk about it, we should treat the entire malware suite that’s on your PC as one thing. Legally, these things are distinct, to confuse you, to make removal more difficult and in rare cases where an actual company somehow gets promoted by the hijacker, to differentiate themselves from them. This creates a legal grey area. To you – this is a threat. It not only redirects you constantly. It will get progressively worse over time by introducing new malware components.
It’s even possible (but not probable) for PubSurf to attempt using your contacts to send phishing messages. This is among the worst-case stuff, clearly because there will be a lot of embarrassment in the whole thing as well. You shouldn’t be too worried about it, though. It’s just not likely, judging by this malware’s behavior.
*Source of claim SH can remove it.
How to remove the PubSurf Virus
The first thing you need to be aware of with PubSurf’s removal is that this guide is real. It’s not made of standard stuff put here as fluff. We’ll give you specific instructions.
The second thing you need to know is that the virus is made up of several components. At one point, we’ll literally give you the folder for PubSurf. You may be tempted to just skip everything else, delete the folder (which we tell you to delete anyway) and call it a day there.
The problem is that you will only be removing the trigger for the reinstall. The rest of the malware components are already on your PC. They just won’t return if you actually delete them. They will still carry out activities on your PC and boggle it down. The rest of the instructions take care of that.
One thing we are wary of is someone damaging their system. We cannot be blamed for such a thing. You take and perform these instructions at your own risk. For the same reason we recommend you go and create a system restore point immediately. That way if something’s messed up, you can just revert.
If you don’t know how to do it, just hit the Winkey and type Restore. “Create a restore point” should come up right away.
In the new system properties dialog just choose “Create”, name the restore point, and click Create.
We recommend SpyHunter again. We insist putting this in your face because it will make your life easier and it has a free trial. Make of that what you will.
If you don’t want to use SpyHunter, the guide below WILL still help you.
How to remove PubSurf from your PC
PubSurf’s folder is located in C:\Users\<USER>\AppData\Roaming\Yinanob Coop Aq\. Just delete the Yinanob Coop Aq folder with admin privileges. Such locations are system folders and they’re usually hidden (and for good reason). If you can’t see them make sure your Folder Options properties are set so you can see hidden files and folders.
You can do this quickly by navigating to a folder, then clicking the three dots up top, then Options and the View tab. You will find the hidden files option there.
Next, go an check your startup items. Press the Win key and type startup, the apps should appear immediately. Sort them by Status and immediately look at the active entries. If there’s something there you don’t recognize, turn it off and click on the far right so you can see where it’s located. Delete anything malware-related you find.
How to remove PubSurf from Chrome
This is a yes or no thing – do you have redirects and extensions you’ve never seen before? Is there a strange search engine you are redirected to? If the answer is yes, continue with the step, if not, skip it.
We will tell you to look at ALL of your extensions in Chrome. Anything you can’t recognize in the extensions tab is probably part of the malware even if it’s not named PubSurf. Copy all of the IDs of the infected extensions, then delete anything you can find on them in the registry editor. Only THEN restart Chrome.
1.Type chrome://extensions in Chrome’s address bar and press Enter.
2. Flick on “Developer Mode.” Fishy extensions will now have their IDs exposed.
3. Scroll down to the extensions and record anything that has the Remove button greyed out. Highlight and copy the ID below the name with Ctrl+C.
Note: Some malware pieces don’t keep the Remove grey. They just come back when you restart the browser. Exercise common sense. Remove anything you can’t remember installing or seems suspicious to you. You can always come back and review it later if you think you made a mistake.
4. Next you need to enter the Registry Editor. On your desktop press the Winkey+R then type regedit and press Enter.
5. Press Ctrl+F then paste an ID you recorded earlier. Delete and and every value where it’s found, then move on to the next ID and so forth. Do this until no ID is found anywhere.
6. The two most important keys containing the ID should be in these two locations:
HKEY_USERS\Group Policy Objects\Machine\Software\Policies\Google\Chrome\ExtensionInstallForcelist
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
Then, Restart Chrome and go to the extensions tab. The removal buttons for the extensions should all be available now. Remove them from the browser.
Go to the Search Engine tab. See if your Search engine was changed. If it was, change it back to whatever you prefer.
Restart Chrome again. See if any of the malware extensions returned, or if your search engine is back to the infected one. If not – congratulations, you are done.
i know you’re trying to promote your product (sspyhunter) , but this is REALLY REALLY HELPFULL. THANK YOU !! KEEP UP THE GOOD WORK . YOURE THE MAN !!
I got the Pubsurf on my Laptop and want to remove it. But I dont have Google Chrome, only Opera GX and MS Edge, 2nd one Opened itself with the Introduction Tab when Pubsurf installed itself. Nothing else happened. How to go on?