This security report dissects the Launchpage.org malvertising campaign aimed at redirecting web browsers to a rogue search engine and monetizing this traffic.
A lot of things in the malware world are blurred to an extent that telling clearly malicious code from a legitimate app may be problematic. Some perpetrating programs operate straightforwardly enough to deny access to victims’ data or computers overall, whereas some have a mild yet irritating impact. The Launchpage.org redirect virus is probably from the latter cluster. While it doesn’t make one’s computing go down the drain altogether, its adverse effects definitely require urgent troubleshooting. The worst part of this attack aftermath is that web browsers installed on a PC get out of hand. This cross-browser infection configures Google Chrome, Mozilla Firefox, Internet Explorer and Safari to resolve Launchpage.org URL instead of the preferred homepage, search provider and new tab.
The rerouting of Internet traffic to the site in question is actually an upshot of stealth code-level manipulations. The underlying corrupt entity categorized as a potentially unwanted application (PUA) circumvents authorization when entering a system and alters the way browsers behave without producing any popups or requests whatsoever. Custom web surfing settings undergo the biggest blow as the adware hijacks them and defines a new value for them beyond user permission. As a result, each one of the target browsers starts defaulting to Launchpage.org, which is loaded at routine events. In particular, this influence materializes when a browser is opened, when the plagued user runs a web search via the address bar, and every time he or she opens a new tab.
The unwanted page under scrutiny seems to be designed in compliance with the conventional practices of search engine architecture. It contains a conspicuous search field leading to a different provider when a query is put in. Also, the site includes useful links, or rather icons, for popular resources, including Facebook, YouTube, Amazon, Instagram, Twitter, and eBay. Behind this ostensible neatness and convenience, though, lurks an intricate traffic monetization scheme. The individuals in charge of the Launchpage.org campaign intercept numerous users’ traffic through the use of their offending program and sell these illegally obtained hits to third parties. To top it off, bad plugins like this are known to harvest personally identifiable data in the background, so it’s also a privacy issue.
The Launchpage.org virus reaches computers by means of shady bundling, a methodology intended to spread dubious code under the guise of multi-component software installation workflows. It’s hence imperative to explore setup clients when installing freeware and make sure there is no pig in a poke. If infected, users should resort to effective adware eradication techniques without delay.
Automated removal of Launchpage.org virus
Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:
1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.
Use Control Panel to get rid of Launchpage.org adware
• Open up the Control Panel from your Start menu in Windows and select Uninstall a program
• To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find Launchpage or some other unfamiliar entry under the Name column, click Uninstall and follow further directions to get the removal done.
Restore web browser settings to their original defaults
In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by Launchpage.org.
Reset Mozilla Firefox
• Open Firefox, type about:support in the URL area and press Enter
• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it
• Follow subsequent directions to reset Firefox to its original settings
• Restart the browser.
Reset Google Chrome
• Open Chrome, click the icon for Chrome menu and choose Settings
• Scroll down the settings screen and click Show advanced settings
• Click Reset settings
• Finally, confirm the restoration by clicking Reset on the warning message
• Restart Chrome.
Reset Internet Explorer
• Select Internet options under IE’s Tools
• Proceed by clicking on Advanced tab, then select Reset
• To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled
• Reboot the machine to fully implement the fix.
• Go to the Safari menu and select Preferences
• When on the Preferences screen, select the Privacy tab and hit the Remove All Website Data button if you are up to erasing all website data stored on your Mac. Otherwise, you can use a site-specific removal option described below
• A dialog will appear, asking you to validate your choice. Click the Remove Now button if you are sure. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.
• Safari also allows deleting data for specific sites rather than all sites in general. To use this option, click the Details button under Privacy tab
• Select the websites for which you would like to erase data and click the Remove button
• Click the Done button to confirm and exit. You can also select the Remove All option to remove all data stored by the listed websites.
Revise your security status
Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.
- Petya ransomware removal and system recovery (upd. June 27)
- Sorebrect ransomware – fileless malware exploits PsExec utility
- Remove MOLE02 ransomware virus and decrypt .mole02 files (upd. June 15)
- Erebus ransomware infects Linux web servers in South Korea
- Decrypt .master ransomware files – BTCWare virus variant