Thisgo.Su “Virus” Removal

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.


This page aims to help you with the removal of the Thisgo.su “Virus”. These Thisgo.su “Virus” removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.

If you have noticed that all of your browsers, no matter whether you open Chrome, Firefox or Explorer, have been acting in a strange manner recently, that’s because all of them have been affected by a piece of ad-generating software. The name of this program is Thisgo.su and its main expertise is showing a huge number of pop-ups, banners and box messages – all forms of online ads, setting a new homepage and/or a new search engine to your browser; and last but not least making it redirect you to some web locations you don’t recognize and possibly do not consider safe.

What is Thisgo.su?

All its typical features mentioned above show that we are talking about a browser hijacker – a type of ad-producing program that may also change homepages and substitute search engines, as well as make the used browser lead the user to websites, which might appear shady. Many programs of this kind have been developed recently and there is a reason for that, of course.

Why are browser hijackers on the rise?

Thisgo.su and the programs that resemble it are simply marketing tools. And it is obvious that promoting and advertising are everywhere at the present moment. Browser hijackers could actually be very beneficial for many interested people. On the one hand, the ones that create them generate vast profits from the ads that they display. On the other hand, the promoted products and services can gain much popularity and can be purchased more often, which again will make their producers rich and well-known. Briefly, these facts explain why developers write such software and why this software always strives to show more and more pop-ups and banners.

How could your PC end up infected?

The possible options of getting infecting with Thisgo.su are numerous and vary greatly from one another. For example, browser hijackers might be caught from spam emails. Also, your computer may be contaminated as a result of your visiting a contagious webpage. Another possible option, and the source which is responsible for most of the infections, are program bundles. These are different sets of various programs that get spread together. This is not bad; as you already know, Thisgo.su’s characteristics bring money and success to many people. However, the whole content of the bundles which carry the hijackers gets installed together and that is when a system gets infected. The installation wizard of any program normally contains two or three different features. The ones you should avoid in case you want to keep your machine free from ad-generating programs are the ones called automatic, default, typical or quick. Their EUCAs do not include information about the whole content of a given bundle and in this way you may unknowingly install a program like Thisgo.su on your system. The ones that should be chosen in order to ensure a safe installation process are called advanced or custom. Learning to install software the right way is one of the most useful abilities you may ever need in computing.

So, we can conclude that Thisgo.su is not a virus…

Indeed, Thisgo.su does not represent a type of a virus. None of the typical features above identify it as malware. It is not capable of sneaking into your computer and then stealing important information (account and banking credentials), as Trojans do. Nor is it able to use a Trojan to enter your system and then block all of the files you open on a daily basis, as a Ransomware-type program usually does. Still, to be completely precise, we should point out some of its quite unclear functions which may leave the user with the impression that the affected computer has been contaminated with a virus. Such a shady feature is the capability of all hijackers to guess what kind of ads to produce on the basis of your recent browsing history. Some users might consider such a survey into their surfing activities more intrusive than what they find acceptable. Another questionable characteristic of Thisgo.su is its ability to send you to various websites. Some users may consider such redirects too irritating. As a result the whole browser hijacker family has been identified as a group of potentially unwanted programs.

What to do in order to uninstall Thisgo.su

Fortunately, in most of the cases the programs from the browser hijacker group can be removed and the process is not too difficult. We advise you to go with our Removal Guide, which you will find as the last part of this article. The instructions are described in detail and are simple to follow, but should you face any difficulties, please do not hesitate to leave us a comment.

SUMMARY:

Name Thisgo.su
Type Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms Various ones: changed search engine and homepage of your browsers. Redirection to strange online locations. Many possibly irritating pop-up ads might start appearing.
Distribution Method Via bundles, websites, torrents, spam, shareware.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

 

Thisgo.su “Virus” Removal


Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

Reveal All Hidden Files and Folders.

  • Do not skip this  – Thisgo.su may have hidden some of its files.

Hold together the Start Key and R. Type appwiz.cpl –> OK.

appwiz

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

Step3

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

DNS

Step4

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

browser-hijacker-taskbar-properties

Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove Thisgo.su from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Thisgo.su from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.

chrome-logo-transparent-backgroundRemove Thisgo.su from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

  • At this point the threat is gone from Chrome, but complete the entire guide or it may reappear on a system reboot.

Step5

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are dangerous. Google them or ask us in the comments.

WARNING! READ CAREFULLY BEFORE PROCEEDING!

Right click on each of the problematic processes separately and select Open File LocationEnd the processafter you open the folder, then delete the directories you were sent to.

malware-start-taskbar

Step6

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!

Was this guide helpful?