Help Needed in Removing Ad-Ware (Safer-Surf)

Toggle sidebar Toggle sidebar
S

Spot717

Honorable
Sep 18, 2013
16
0
10,510
Hi all, today I unfortunately came across an unwanted install, in the form of safer-surf. I've removed it from uninstall programs list, and Malwarebytes detected two instances related to that, I still find "Safer-Surf.exe" listed down on the taskbar as an option.

I've ran Malwarebytes a couple times after it found those two files, but it still doesn't go away. I've tried running Malwarebytes in safe mode but it didn't come up with anything new.

Any assistance in removing this and any other potentially unwanted things that may have slipped In (none to my knowledge besides that) would be greatly appreciated. Thank you!
 
Sort by date Sort by votes
ItsZanoniBro

ItsZanoniBro

Distinguished
Aug 21, 2014
44
0
18,540
I've done something similar with chrome and followed this guide after the obvious step 1 of uninstall:

step2. Remove all files associated with SaferSurf from your computer completely:

malicious files

%AppData% Safer Surf random.exe
%program files% Safer Surf .dll
%windows%system32Safer Surf random. sys
%AllUsersProfile%Application Data.exe(rnd)
%Documents and Settings%All Users application dataSafer Surf adsmul.bin
[CSIDL APPDATA]Microsoft[RANDOM CHARACTERS FILE NAME].dll
[CSIDL PERSONAL]Startup[RANDOM CHARACTERS FILE NAME].exe

Step 3: Open Registry Editor, locate all the malicious registry keys that are added by Safer Surf, then delete all of them:

xp-start-run-command

xp-start-regedit-command

registry editor

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{safer surf}
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{ SaferSurf }
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices{toolbar NAME}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun”PCI Compliant SCard” = “%UserProfile%Application Datasvchost.exe”
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList”%UserProfile%Application Datasvchost.exe” = “%UserProfile%Application Datasvchost.exe:*:Enabled:svchost”

Could visit here for pics: http://blog.mitechmate.com/remove-safersurf-virus-get-rid-of-safer-surf/

Good luck.
 
Upvote 0 Downvote
S

Spot717

Honorable
Sep 18, 2013
16
0
10,510


I'll give this a read through and post back here once I've gone through this, thank you :)
 
Upvote 0 Downvote
S

Spot717

Honorable
Sep 18, 2013
16
0
10,510


It's ok! Pardon my delayed response. I followed the above steps, and while I did find entries related to the problem, I did not successfully remove safer-surf.exe from the system tray in the bottom right hand corner of the screen (I run Windows 7).

I had forgot to mention in the original post that along with that safer-surf there was a program called Maxiget that also was installed, those two I believe are the only two things that got installed. While going through the registry, I found quite a few files from Maxiget, which I proceeded to delete and then run CCleaner and Malwarebytes again, with no successful removal. Malwarebytes came up with no threats. Any additional help or ideas would be great! Thank you :)
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom