Remove Trusted Surf “Virus”


This page aims to help you remove the Trusted Surf “Virus.” These Trusted Surf “virus” removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows. 

But before jumping directly to the removal guide, it is highly recommended that you have a read about what exactly it is that you are dealing with.

What is the Trusted Surf “Virus”?

Contrary to popular belief and according to security experts, the Trusted Surf “virus” (we just called it as such to draw your attention before disproving the notion) should not be considered a virus, instead, it is being classified as an adware. A virus is a malicious piece of programming code that seeks to inflict both direct and indirect harm to the computer in which it resides. An adware, on the other hand, is a non-malicious piece of programming code that seeks to provide the user with information in the form of advertisements. In the strictest sense, an adware is not meant to cause any harm to the computer in question. However, do note that, being a program in itself, an adware may cause indirect harm as it takes up valuable RAM to run in the background, which may cause the computer’s functioning to slow down.

What are these ads and are they bad?

In this day and age, advertisements are a common occurrence in society and you could hardly go 5 minutes without encountering an ad. Therefore, we are very used to their presence. So, how are these ads related to Trusted Surf any different from the multitude of ads that we encounter in our daily lives?

First and foremost, as these, seemingly innocuous, ads may be generated by this particular adware, there is little basis to the broadcasted claims. Yes, some of the ads may direct you to pages that actually offer the proclaimed deals but these may be pages that you have previously visited already and as a result are of no real value to you. Other times, you may be directed to some pay-per-click sites that only serve to generate income for the developers. If you are unlucky, you may even be directed to sites that serve as a portal for other adware to potentially access and enter your computer.

These ads may appear in the form of banners, pop-up boxes or even as a separate window filled with advertisements. They may feature deals, coupons or may even proclaim that you have just won some lucky discount. A potentially distinctive feature of these manufactured ads may be a tagline that usually follows the ad to make it seem more legit: “Proudly brought to you by Trusted Surf”, “Powered by Trusted Surf”, “Sponsored by Trusted Surf” etc.

Another complaint about the effect of this adware may be how much of a nuisance it may turn out to be. You have probably had first-hand experience of how irritating incessant amount of ads may be. But, if you have not, imagine this for a moment:

You are trying to research something for work or you are in the midst of doing something seriously important. Out of the corner of your eye, there is something flashing and blinking, trying to get your attention but you manage to ignore that and continue with your work. When you are clicking on a link, you hear some sounds. You check through all your open tabs only to realize that one of the pop-up boxes is featuring a video. You click on a promising link but your view of the page is being blocked by the appearance of another ad which keeps reappearing no matter how many times you try to close it. And not to mention, your computer’s response seems to be lagging and even though you may try to shut off as many programs as possible, it still doesn’t seem to be of any help.

Imagine all the unwarranted negative emotions that you may have felt: exasperation, annoyance, frustration and anger, just to name a few. And to think that all these may easily be avoided by simply removing the adware.

 

SUMMARY:

Name Trusted Surf
Type  Browser Hijacker
Danger Level Medium
Symptoms Unwanted and potentially irritating ads and browser redirects.
Distribution Method Probably through some bundle installation of another software product.
Detection Tool Browser Hijackers may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Trusted Surf Removal


Readers are interested in:

Step1

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Safe mode is usually necessary so that you can delete files created by Trusted Surf.

Step2

Reveal All Hidden Files and Folders.

  • It’s possible that files connected with Trusted Surf are hidden to confuse you. Reveal them by visiting the appropriate menu.

Hold together the Start Key and R. Type appwiz.cpl –> OK.

appwiz

You are now looking at the control panel select any program that appears suspicious and which you don’t recognise installing. Uninstall these entries you find. If it opens a confirmation window similar to this chose No.

virus-removal1

 

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Startup —> Uncheck entries that have “Unknown” as Manufacturer.

Step3

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

An important text file called hosts will open. In case your computer got hacked you’ll notice a number of IPs towards the end. Look at the photo below to get an idea.

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Step4

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

browser-hijacker-taskbar-properties

Properties –> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512 Remove Trusted Surf from Internet Explorer:

Open IE, click IE GEAR –> Manage Add-ons.

pic 3

Find the suspicious entry —> Disable. Go to IE GEAR –> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Trusted Surf from Firefox:

Open Firefox, click mozilla menu —> Add-ons —-> Extensions.

pic 6

Find the threat —> Remove.


chrome-logo-transparent-backgroundRemove Trusted Surf from Chrome:

Close Chrome. Navigate to:

C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

  • At this point your problem is gone from Chrome, but complete the entire guide or it may reappear on a system reboot.

Step5

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are malicious or otherwise not supposed to be there. Google them or ask us in the comments.

WARNING! READ CAREFULLY BEFORE PROCEEDING!

Right click on each of the suspicious processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.

malware-start-taskbar

Step6

Type Regedit in the windows search field and press Enter.

Possibly some files needed by the adware persist in the registry – the file we opened. To find them take advantage of the search function by simultaneously holding down CTRL+F, If your search turns up with any results right click on them and erase them. Alternatively you can get their location, manually navigate to there and remove them yourself.

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!


56 Comments

  • Hi Daniel, looks like you have the full collection. You’ll need to delete all of these form the file.

  • Find the location of this file, copy it on your desktop, delete the lines from it and save, then move it back to the original spot to replace the unedited file.

  • Probably nothing, if I understand your question correctly. Can you post a screenshot, just to avoid any confusion?

  • I removed the program and there is no extension on chrome, but I’m still getting the trusted surf homepage when I open chrome. What do I do?

    • Did you complete the entire guide? And which browser are you using? Please answer – I can try to find a different method for you, but we need to be sure all conventional methods didn’t work.
      I recommend downloading the scanner from one of our ads, to help you find the infected files.

  • Hello Greg,

    Let’s try something. Save the file to a different location, let’s say your desktop. Then use this newly saved file to replace the existing one in its original place. Let us know how that goes.

  • Hello Angel,

    Just copy the newly saved file and go to the location of the original hosts file. Do you mean that you can’t find the location or am I misunderstand you? Please clarify so we can help you.

  • Hello Kyle,

    Please read carefully our instructions regarding the suspicious files in your task manager. First you need to open the file location (right click) and then end the process in question.

  • Hi Kyle,

    You need to run Safe Mode first. Otherwise the program is active and will protect itself against your attempts.

  • Hi, no these are directories in which the virus regstries are most likely written. Try searching for Trusted Surf instead.

  • Hi Clint, yes that’s a quite likely scenario 😉

    Right click on the files -> properties. Look in the security tab, it will tell you what kind of accounts have permissions and ownerships. Override these accounts with your own from that panel.

  • Hi Peter, which browser are you using? Are you getting redirected when you open pages, or only when you start the browser’s homepage.

  • Hi there,

    Msconfig is rather easy to find. Please try to read the instructions again, we’ve tried hard to write them as simple as possible.

  • Hi Lilliana, all of these are chinese sites responsible for the Ads displayed. Delete them from the file. Let me know if you encounter any issues.

  • Hi Aseem. Yes, this is one “feature” of the trusted surf Adware and the reason why downloading key gens from pirate sites is a bad idea.

    Symantic won’t be able to remove Trusted Surf. Try Spyhunter or manually remove it per the guide.

  • Hi there, did you try resetting the browser after the virus is gone? It may have adjusted your browser’s settings.

  • step 3: f there are suspicious IPs below “Localhost” – write to us in the comments. :

    Edited by Admin.

    are those ip’s suspicious? please help me.

  • Hi Phacet, did you reveal hidden files and folders? The host is located in %SystemRoot%System32driversetchosts

    Systemroot is probably C for most machines.

    • Did you try downloading the scanner from one of our ads? The scanner is free, the removal option is paid. The scanner can help you locate the infected files you missed.

  • Hi there, these are not quite the viruses, but the chinese websites from which the Ads originate. You ought to delete them anyway. If you don’t get access permission try searching for Notepad first -> right click run as admin and open the Hosts file from the inside Open menu.

  • Hi, you need to open the Notepad program as admin first. Search for notepad and right click -> run as admin on it. Use the Open menu from the inside to open the hosts file and get permission to save it.

  • I’ve gone though everything and nothing’s shown to help. I’ve been getting popups from “techsupporttoday.top” and “popunderclick” even after having done all of this. I think I’ve also seen a popup called smarttab.

    • Hi Lexi, from the looks of it you have more then one Adware program on your computer. Try downloading SpyHunter from our site. Searching is free and it will highlight the locations of the virus even if you don’t want to pay for the software. Go to these locations and delete everything from there.

  • Find where the file is located, copy it somewhere else, edit it, then move it to the original location and replace the old one with it.

  • Thanks so much! Such easy points to follow as well. You make us common people feel like PC gods! Thank you again!!

  • Hi Ben,

    you are correct. You should definitely remove those lines from your hosts file. Try to open the Notepad program as admin first. Search for notepad and right click -> run as admin on it. Then try the “open” option in notepad. Let us know how that goes.

    • I can’t seem to find the file to open it; I’ve saved it into documents then tried to then save it into the correct folder when it is run as admin but that hasn’t worked either

      • Hi Ben, you can search for Notepad in windows search and right-click on it -> Run as Admin. That you will give you the required priviliges.

  • Hi Ben, you can try downloading and running Spyhunter and run a system scan. You can use the program to do the scan for free – as soon as it finds the virus you can delete it manually (or buy it if you want, of course)

  • Hi Bjorn,
    since you purchased SpyHunter, I recommend that you contact the program’s support – they have a policy of creating a custom fix for you, since the program couldn’t do it. Contact them and they will manually remove Trusted Surf for you.

  • You should delete all of those addresses and then save the changes to the Hosts file – those IP’s aren’t supposed to be there.

Leave a Comment