Safesurfs virus

I've somehow picked up safesurfs which has taken over my browser(s). Any
suggestions on how to send it packing or freeware program to fix it?
It's a horrible damn thing.

Fred wrote:
I've somehow picked up safesurfs which has taken over my browser(s). Any
suggestions on how to send it packing or freeware program to fix it?
It's a horrible damn thing.

http://www.bleepingcomputer.com/foru...esurf-problem/


--
....winston
msft mvp windows experience

Fred wrote:
I've somehow picked up safesurfs which has taken over my browser(s). Any
suggestions on how to send it packing or freeware program to fix it?
It's a horrible damn thing.

The problem with working on this manually, is there
are multiple versions.

https://www.symantec.com/security_re...316-99&tabid=2

The "company" that makes it, uses the "lawyer" scam.
That it's legitimate software and AV or adware removal
tools should not touch it.

A number of years ago, they even approached various tool makers,
in the tool maker public forums, in an attempt to have it removed as
a "Trojan" definition. The tool maker representative asked
for a copy of the software. it was sent. And the tool maker
found a BitCoin miner hiding inside the software. So not
only does it meddle with adverts in the browser, but
(as their company representative said) "to make extra money"
it was running a BitCoin miner. Now, it's not clear in
the above Symantec article, which of those files is a
BitCoin miner. And yes, you'd notice if it was mining
BitCoins, because one or more cores on your computer
would be railed, or your video card GPU would be harnessed.
If the computer draws more electrical power than normal,
the video card fan is cranked to 90% all the time, there's
more heat than normal coming out of the vent, those
are hints someone is using video for mining.

You may need to visit one of the malware removal forums,
to get it removed properly, simply because the "company"
doing this, will keep changing it with time. It's not
guaranteed that an old removal recipe is complete.

And the thing is, you could try MalwareBytes or AdwCleaner,
and if MalwareBytes is impressed by their lawyer's barratry,
they may not actually try to remove it for you. Which is
why it may not be the easiest thing to get rid of. Because
it "falls through the cracks".

You can try adwcleaner, but in terms of tool design, this
seems a bit much to expect adwcleaner to remove this properly.
I mean, this is borderline malware, not lightweight adware
as such.

http://www.bleepingcomputer.com/download/adwcleaner/

And you will notice, even BleepingComputer is putting up
a banner ad today, because they're being sued by some
company product they reviewed, and the company didn't
like what they said. And it costs a lot of money to
defend yourself in a case like that.

Paul

On 8/03/2016 12:38 a.m., Paul wrote:
Fred wrote:
I've somehow picked up safesurfs which has taken over my browser(s).
Any suggestions on how to send it packing or freeware program to fix
it? It's a horrible damn thing.

The problem with working on this manually, is there
are multiple versions.

https://www.symantec.com/security_re...316-99&tabid=2


The "company" that makes it, uses the "lawyer" scam.
That it's legitimate software and AV or adware removal
tools should not touch it.

A number of years ago, they even approached various tool makers,
in the tool maker public forums, in an attempt to have it removed as
a "Trojan" definition. The tool maker representative asked
for a copy of the software. it was sent. And the tool maker
found a BitCoin miner hiding inside the software. So not
only does it meddle with adverts in the browser, but
(as their company representative said) "to make extra money"
it was running a BitCoin miner. Now, it's not clear in
the above Symantec article, which of those files is a
BitCoin miner. And yes, you'd notice if it was mining
BitCoins, because one or more cores on your computer
would be railed, or your video card GPU would be harnessed.
If the computer draws more electrical power than normal,
the video card fan is cranked to 90% all the time, there's
more heat than normal coming out of the vent, those
are hints someone is using video for mining.

You may need to visit one of the malware removal forums,
to get it removed properly, simply because the "company"
doing this, will keep changing it with time. It's not
guaranteed that an old removal recipe is complete.

And the thing is, you could try MalwareBytes or AdwCleaner,
and if MalwareBytes is impressed by their lawyer's barratry,
they may not actually try to remove it for you. Which is
why it may not be the easiest thing to get rid of. Because
it "falls through the cracks".

You can try adwcleaner, but in terms of tool design, this
seems a bit much to expect adwcleaner to remove this properly.
I mean, this is borderline malware, not lightweight adware
as such.

http://www.bleepingcomputer.com/download/adwcleaner/

And you will notice, even BleepingComputer is putting up
a banner ad today, because they're being sued by some
company product they reviewed, and the company didn't
like what they said. And it costs a lot of money to
defend yourself in a case like that.

Paul

Thanks for extensive reply. I tried various programs including spybot,
malwarebytes, adaware and run microsoft security essentials. The one
that did the trick was zemana anti-malware. Certainly seems back to
normal.

"Paul" wrote in message
...
Fred wrote:
And the thing is, you could try MalwareBytes or AdwCleaner,
and if MalwareBytes is impressed by their lawyer's barratry,
they may not actually try to remove it for you. Which is
why it may not be the easiest thing to get rid of. Because
it "falls through the cracks".


much snippage

I've been following the threads about MBAM. I've been running the free
version and SuperAntispyware for a couple years now, and I usually update
and run them back-to-back (overkill aka better safe than sorry). MBAM found
things SAS didn't, while SAS stroked out over cookies (I learned to run
CCleaner first). Makes one wonder.

"Ken1943" wrote in message
...
On Mon, 7 Mar 2016 11:00:52 -0500, "Thip" wrote:

"Paul" wrote in message
...
Fred wrote:
And the thing is, you could try MalwareBytes or AdwCleaner,
and if MalwareBytes is impressed by their lawyer's barratry,
they may not actually try to remove it for you. Which is
why it may not be the easiest thing to get rid of. Because
it "falls through the cracks".


much snippage

I've been following the threads about MBAM. I've been running the free
version and SuperAntispyware for a couple years now, and I usually update
and run them back-to-back (overkill aka better safe than sorry). MBAM
found
things SAS didn't, while SAS stroked out over cookies (I learned to run
CCleaner first). Makes one wonder.

Use uBlock in Firefox and the amount of cookies Superantispyware found
went from 100s to almost none.


Ken1943

I don't use FF, but I run CCleaner (portable) almost fanatically. I don't
pick up many cookies, but SAS just went bananas. "You have four cookies!"

Thip wrote:


I don't use FF, but I run CCleaner (portable) almost fanatically. I
don't pick up many cookies, but SAS just went bananas. "You have four
cookies!"

Cookies are considered a way of keeping a profile
on a person and their activities. And that is
the definition (for them), of spyware.

Spyware isn't a keylogger for example, even though
that is spying (layman definition), perhaps stealing
account details or credit card numbers.

At one time, cookie maintenance, was very easy, as
only the cookie database needed to be cleaned
occasionally. (Ghostery could do that.) But
with the advent of Evercookies or Supercookies,
all the databases the browser keeps, are hijacked
to hold cookies. For example, one hack, is to present
a series of URLS in quick succession to the browser,
with no window opening, forcing the browser history
to keep the URLs. Later, by "timing" and repeating
the algorithm, it's possible to "read back" the
cookie content. the HTML5 DOM storage area is also
abused for storage. A proper spyware program has
a lot more places to look, than used to be necessary,
and a lot more analysis to actually figure out how
much tracking is done.

The only good thing I can say about browser design,
is some have item count limits, and automatic removal
of excess items (aging them out). So at least the
web sites can't keep an infinite number of items
in your browser.

And any tool that tells you "I fixed 5067 issues",
is bragging because what they're doing isn't all
that impressive :-) I have one tool I paid money
for, which presents a dialog box like that. Makes
me feel like an idiot for buying it every
time I see the dialog :-) (No, it's not a
registry cleaner... Don't worry.)

Paul

Quote:

Originally Posted by Fred[_20_]

I've somehow picked up safesurfs which has taken over my browser(s). Any
suggestions on how to send it packing or freeware program to fix it?
It's a horrible damn thing.

It means your computer may gets infected with browser hijacker or redirect birus. You are advised to reset your browser settings. For example, Open Internet Explorer, go Tools - Internet Option - Advanced tab - click Reset. If that doesn't work you can remove some deep registry keys. Here is a blog you can refer to.