Browser Redirect

Tobias Mathis WhatsApp


Tobias Mathis WhatsApp

Tobias Mathis is a potentially unwanted application that can get installed in any browser and cause it to initiate page-redirects and show invasive ads on the screen. Apps like Tobias Mathis are categorized as browser hijackers and experts advise to uninstall them to keep the computer safe.

Tobias Mathis

The Tobias Mathis WhatsApp Virus message

The presence of Tobias Mathis in your computer could not only be irritating but could also make your system less safe and more likely to get attacked by some highly dangerous malware infections the likes of Trojan Horses or Ransomware viruses. That is why it is important to learn how to uninstall Tobias Mathis and liberate your browser from its presence. There, however, isn’t a simple method to do this manually, as most hijackers don’t provide the user with a straightforward uninstallation method. Instead, they latch onto browsers such as Firefox, Safari, Edge, and Chrome and fill them with ads, replace their search engines, install new toolbars, and cause automatic page-redirects to ad-heavy sites. Some hijackers also change the addresses of the starting page and/or of the new-tab page so that the newly added ones would provide further exposure to some of the hijacker’s partnering sites. To prevent getting uninstalled easily, the hijacker also makes changes in the system Registry. Those changes are both difficult to locate and remove and they may also potentially make the affected system less safe and more exposed to other hazards from the Internet. In and of itself, a browser hijacker like Tobias Mathis wouldn’t typically damage anything in the computer where it’s installed. Even if it makes changes in the System Registry, this will still typically not cause any direct harm (at least in most cases). However, the fact that there’s an unwanted app in your computer that messes with your browser, constantly exposes you to ads and sites with unknown origins, and tampers with the settings of your computer’s registry means that the chances of landing a damaging threat such as a Trojan or a Ransomware are greatly increased. One of the most common sources of malware are the various types of malicious ads that can be encountered all over the Internet. We aren’t saying that all of the ads displayed by Tobias Mathis are like that, but there’s still a chance that some of them might be unsafe or at least be linked to some online addresses with questionable content. Therefore, even if Tobias Mathis doesn’t represent a direct threat to the health and security of your system, its uninstallation is still advisable as this will help keep your computer safer.

Removing hijackers like Tobias Mathis

As we already pointed out in the paragraph above, removing apps like Tobias Mathis isn’t particularly easy considering how software of this type is usually intentionally made to have a difficult removal. Nevertheless, if you follow our guidance and make use of the removal tool linked below, we believe that you should be able to take care of the unwanted app and remove everything that it has installed in your browser. And in case you don’t understand something from the removal guide, you can always ask for help in the comments section.

SUMMARY:

Name Tobias Mathis
Type Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms Sudden page-redirects and unwanted changes in the browser are usually the result of the presence of a hijacker in the system.
Distribution Method Most hijackers get installed on the users’ computers after having been added inside a file bundle that the user downloads.
Detection Tool

Remove Tobias Mathis WhatsApp

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet


After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Step3

Hold together the Start Key and R. Type appwiz.cpl –> OK.

appwiz

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

Step4

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

DNS

Step5

  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

browser-hijacker-taskbar-properties

Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove Tobias Mathis from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Tobias Mathis from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.
chrome-logo-transparent-backgroundRemove Tobias Mathis from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

Step6

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


Leave a Comment