Remove Tohotweb Virus From Chrome/Firefox/Internet Explorer (Uninstall)

This article aims to help users remove Tohotweb Virus from Chrome, Firefox, Internet Explorer and uninstall it from their system. It redirects to tohotweb.com – a domain specifically targeted by browser hijackers lately. “Supprimer tohotweb” is something we’ve been seeing a lot in our inbox, signifying the majority of infections are targeted at France.

tohotweb virus

 

The virus is commonly accompanied by a message that the program has a problem starting c:usersXXX (User Name)appdatalocal extensionlogoxbinextensionlogo.dll

If your computer has been infected by Tohotweb Virus then you are probably seeing a lot of advertisements (Ads) that fill your screen every time you try to use your internet browser. This behavior is typical for a type of malicious programs referred as Adware and that’s what Tohotweb Virus really is. The main goal of Adware applications is to generate revenue for whoever created them, but they are also commonly used to distribute viruses and bloatware among infected computers. Whatever the case with Tohotweb Virus may be you need to be aware of two very important facts:

  1. Tohotweb Virus is a malicious application and does not have your best interests at heart
  2. The sooner you get rid of it the lower the risk of it installing another Adware or other virus on your machine

Don’t click on the Ads and definitely don’t download or install anything prompted by Tohotweb Virus

The Ads created by Tohotweb Virus are not really dangerous by themselves – in fact they are mostly bait. They are there to lure and deceive you into giving authority to the virus in order to modify your computer. Further remember that reputable online communities and shop do not ordinarily use the services of shady advertising products like tohotweb.com. If you click on those Ads there is no telling where you will be taken to. Virus infected sites, phishing scams are just to name the few. So stay away from the Ads until we remove supprimer tohotweb from your computer.

Supprimer tohotweb

Sites promoted by the Ads are not the only danger you face while dealing with supprimer tohotweb. It might try a more direct approach – to make you download and install an executable it offers you. This is usually done through the clever use of Ads, who are made to appear just like system messages. You may suddenly start seeing warnings that programs on your computers have expired (like Flash/Java) and need un update, or that there is a missing plug-in that needs to be downloaded or that maybe you require a certain video codec/player in order to see movie online – all of this is the work of Tohotweb Virus. The virus seeks to push you into downloading and installing the supposedly required items, which are, of course, viruses.

Another tricks in the same book involves reports by “free online scanners” that have detected problems with the registry, with the memory, registries, HDD health or similar. You are then required to download the application so it can fix the issue. There is no such thing as an online scanner that scans your computer WITHOUT asking for permission first. Remember this fact, as this scam can be seen in a lot of places around the internet.

Hopefully this knowledge will help you keep your computer safe from tohotweb.com and now it’s time to begin the removal process.

SUMMARY:

Name Tohotweb Virus
Type Browser Hijacker.
Danger Level Medium.
Symptoms Unwanted Ads and Toolbars, search engine redirects.
Distribution Method Software bundles, Email attachments, online Ads, infected torrent files.
Detection Tool Malware and Adware are notoriously difficult to track down, since they actively try to deceive you. Use this professional parasite scanner to make sure you find all files related to the infection.Sponsored

Navigation:
1: Enter Safe Mode.
2: Remove Tohotweb Virus from Chrome, Firefox, Internet Explorer and Safari.
3: Remove the virus from browser shortcuts.
4: Uninstall the virus from your AddRemove Programs.
5: Permanently remove Tohotweb Virus from Task Manager’s processes.
6: Delete the virus from Regedit and Msconfig.
7: Optimize your PC after the removal is done.

Remove Tohotweb Virus

Things readers are interested in:

STEP 1:

UPDATE! You can visit this article for an updated version of the guide: Remove Pop-Up Ads from Chrome/Firefox (Adware Virus)

Our first step here is a reboot in Safe Mode. If you already know how to do it, just skip this and proceed to Step 2. If you do not know how to do it, continue reading:

For Windows 98, XP, Millenium and 7 Users:

Restart your computer. To be sure you don’t miss the time when you need to press it, just spam F8 as soon as the PC starts booting. In the new menu, choose Safe Mode With Networking.

Proceed to Step 2.

For W. 8 and 8.1 Users:

Click the Start button ,then Control Panel —> System and Security —> Administrative Tools —> System Configuration.Administrator permission required

msconfig

Then check the Safe Boot option and click OK.  Click  Restart in the new pop-up.

Proceed to Step 2.

For Windows 10 Users:

  1. Open the Start menu.
  2. Click the power button icon in the right corner of the new Start menu to show the power options menu.
  3. Press and hold down the SHIFT key on the keyboard and click the Restart option while still holding down the SHIFT key.

Windows 10 will perform the reboot. Next do the following:

Click the Troubleshoot icon, then Advanced options —> Startup Settings. Click Restart.
After the reboot click on Enter Safe Mode With Networking (Fifth Option).

Continue with Step 2.

STEP 2:

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

With Safe Mode enabled we can begin targeting Tohotweb Virus itself. The first step involves breaking the hold of the virus has over your internet browsers. Tohotweb Virus installs as an add-on and to remove it you need to run Step 2 and Step 3 of this guide. Make sure to repeat this process for every browser currently installed on your machine. If you feel this is a good time to uninstall one of those old browsers you no longer use make sure you remove Tohotweb Virus from it first.

Also be wary of any confirmation messages that may pop-up when you try to disable Tohotweb Virus. Read their description carefully, because there is a really good chance that the virus will try to make you install another program on your computer or send you to a site to complete a survey of some sort. Opt out and close anything of the sort.

ie9-10_512x512  For Internet Explorer Users:

Open IE, then click  IE GEAR —–> Manage Add-ons.

pic 3

Find Tohotweb Virus . Remove it by pressing Disable.

If your Home Page is different from the usual, click IE GEAR —–> Internet Options>edit the URL box with your preferred search engine, and click Apply.

Go to STEP 3.

firefox-512  For Mozilla Firefox Users:

Open Firefoxclick on mozilla menu (top right) ——-> Add-onsHit Extensions next.

Tohotweb in Firefox

Tohotweb Virus  should be somewhere around here –  Remove it.

Go to STEP 3.


chrome-logo-transparent-background For Google Chrome Users
:

 Start Chrome, click chrome menu icon —–>More Tools —–> Extensions. There,  find the virus and  select  chrome-trash-icon(Remove).

Tohotweb in Chrome

 Click chrome menu icon again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines.  Remove anything but the search engines you normally use.

Go to STEP 3.


safari For Safari Users:

Open Safari, and click Safari —–>Preferences —–> Extensions—–>Uninstall the malware.

Go to STEP 3.

STEP 3:

Right click on the browser’s shortcut, then click Properties.

NOTE: We are showing Google Chrome, but the method is the same for all browsers.

browser-hijacker-taskbar-properties

Once you’ve reached Properties —–> Shortcut (on the band at the top), then in the Target type field, REMOVE EVERYTHING AFTER .exe.

Continue with STEP 4.

STEP 4:

Hold the Windows Key and R together. Write appwiz.cpl in the new field, then click OK.

appwiz

You are now in the Control Panel. Search around for Tohotweb Virus and anything else suspicious-looking. Uninstall it/them. Also, be extremely careful. Viruses often spend one last ditch effort to trick you into installing more of their kind. If you see a screen like this when you click Uninstallchoose NO:

virus-removal1

Hold the Windows Key and R againbut this time copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A .txt file will open – don’t touch anything there. If you are hacked and someone has access to your PC, there will be a bunch of other IPs connected to you at the bottom. This is what a hosts file looks like:

hosts_opt (1)

If there are a bunch of strange IPs connecting to you below “Localhost” you may be hacked, and it’s best to ask us in the comments for directions.

Go to STEP 5.

STEP 5:

Open the Task Manager by right clicking on the Taskbar and choosing Start Task Manager.

virus-taskbar123

Once it opens, choose the Processes Tab. Look at all of the processes in front of you and try to determine which ones are a virus. Google them or ask us in the comments and we will provide the best assistance we can.

THE FINAL STEPS ARE UP AHEAD, BUT MAKE SURE TO READ THE INSTRUCTIONS BELOW!
The step that follows is necessary to ensure that Tohotweb Virus is permanently deleted, but it can also be dangerous if mishandled. Read and follow the instructions carefully and always double check before deleting anything. Doing this wrong can cause significant damage to your OS or other important programs. If you are worried you might get something wrong we can instead recommend you to try a professional anti-malware removal tool – see for your recommendation. This will give you the added advantage of using the scanner that comes with it to locate any older latent threats or fresh viruses that Tohotweb Virus may have installed while it was on your computer.

malware-start-taskbar

Right click on each of the virus processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a virus, copy the folders somewhere, then delete the directories you were sent to.

Move on to STEP 6.

STEP 6:

Take a look at the following things:

Type msconfig in the search field and hit enter: you will be transported to a new window. 

msconfig_opt

Go in the Startup tab and Uncheck anything that has “Unknown” as Manufacturer.

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If you can’t find them this way, look in these directories, and delete the registries manually:

  • HKEY_CURRENT_USER—-Software—–Random numbers
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!

Did we help you? Please, consider helping us by spreading the word!

 

Was this guide helpful?

  • Anonymous

    name of virus?

     
    • Nathan Bookshire

      I’m sorry, I couldn’t understand you? What do you mean?

       
  • Hank

    when i paste this in: notepad %windir%/system32/Drivers/etc/hosts it opens but there is nothing in it.

     
    • Hank

      and also when i spam F8 it comes up with tons of stuff except for safe mode.

       
      • Hank

        dw i found out how to do it

         
  • Anonymous

    Sorry but what am i supposed to when on below stage?

    HKEY_CURRENT_USER—-Software—–Random numbers
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

    Is “unknown” manufacturer could be “default”?

     
    • Nathan Bookshire

      You go in regedit and then in these directories, search for the registry key that contains the virus and then delete it. But be very careful to not delete the wrong thing or you may end up having to restore/reinstall your system.

       
  • atson

    Sorry but after following all the steps… it still shows on the homepage.. so i just found a solution… might b temporary but worked for me. It only infects ur browser shortcut so replace it with original or u will b fooled by operating ur browser from a fake icon.
    (1) go to the installed directory of browser and create a desktop shortcut of that original application.
    (2) delete the previous icon from desktop and from taskbar or whereever u use ro open it from.
    (3) now open the new shortcut and u will c no tohotweb.

     
  • MonGoBonGo

    I have done everything as you wrote it . Found everything and I was able to delete the virus! Thanks :
    😀 😀

     
    • MonGoBonGo

      those boxes are supposed to be happy smileys 🙂

       
    • Nathan Bookshire

      I’m glad we could help you 🙂 Stay safe on the internet and come ask us if you run into trouble again 🙂

       
  • max

    i found a lot of ip under localhost. Can i delete it ? or i must do something else ?

     
    • Nathan Bookshire

      Are you comfortable sharing these IPs? Maybe they are dangerous, maybe not. Legitimate software and websites can also be there. The only way for me to know is if you post them here. But make sure NOT to post your own IP.

       
  • zzz

    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run there is no random string….

     
    • HowToRemove.Guide Team

      It means it can be any of the string inside.

       
  • Michael

    Thank you for your instructions. I’ve followed your steps, but when I start up Chrome it still navigates directly to tohotweb.com/?oem=sunadcav3&uid=S45N7172Z1ZSEA016186_LITEONITLCS-256M6S&tm=1448324993 I’m not sure what else I can do to stop this.

     
    • HowToRemove.Guide Team

      Download the scanner from our advertisements. See if it tracks Tohotweb’s files. If you can, delete them on your own from there, if not, say something here and I’ll try to help you another way.

       
  • Quang Phúc Nguyễn

    Windows key +R and copy paste notepad%windr%/system32/Drivers/etc/hosts
    And after that it gives me :
    No apps are installed to open this type of link(notepadc)
    -> look for an app in the store
    -> ms-windows-store:Assoc?protocol=notepadc
    This app can’t be activated by the Built-in Administrator

    What am i gonna do now to fix it ?

     
    • HowToRemove.Guide Team

      Hello Quang,

      try to repeat this step, maybe you missed something. If not, then try to proceed with the next steps. Also you can try installing the professional software listed in the article, the search function is free and it can pinpoint all infected files you have. Let us know how that goes so we can try and assist you.

       
  • Shock black Miner

    I have other IP`s under my local host ip

    127.0.0.1 down.baidu2016..com

    127.0.0.1 123.sogou..com

    127.0.0.1 http://www.czzsyzgm..com

    What do i do about these because the guide says i might be hacked?

     
    • HowToRemove.Guide Team

      Hi Shock black Miner,
      you should delete these IPs.