Newsearch123 browser extension gets fairly high privileges on a computer without the user’s actually granting them, which is a clear signal of viral activity.
When confronted with enticing free software downloads on the Internet, PC users should always be on the lookout for a catch that may lurk underneath the setup wizard screens. This is particularly relevant for adware attack incidents, like in the case of the newsearch123 hijacker. The merged installation of affiliated open source programs is made deliberately blurred so that people keep clicking ‘Next’ without noticing the supplementary promotion. As soon as the unsafe code is thus deposited onto the targeted operating system, it detects all installed web browsers and integrates a new add-on into each one. The offending extension gets around the authorization barriers, therefore the victim normally won’t get a confirmation popup or anything similar.
The adware doesn’t run into hurdles modifying several custom values on Chrome, Firefox and Internet Explorer. These include the homepage, default search and new tab settings. Regardless of the original user-defined configuration of the above preferences, the infection replaces them with newsearch123.com. The site will be constantly opening in the course of web browsing sessions, making the user close it over and over or put up with this state of things. The latter scenario isn’t likely because forcible traffic capturing like that is extremely annoying.
Newsearch123.com, the landing page pushed by this pest, isn’t harmful when viewed in isolation. It redirects all search requests over to another search engine, but before that it gets the chance to serve advertisements of its own. Delivery of sponsored content is the main objective of this campaign. When combined with the presence of the hijacker on board, though, this activity tends to cause more issues than just the rerouting nuisance. The infected person’s Internet history and other PID (personally identifiable data) may be monitored in the background and then handed over to illegal marketing actors or identity thieves.
The adware is too tricky to be easily removable. It’s inefficient to simply toggle the twisted settings in the manual way, because a special scheduled task will eventually undo those changes. A more thoroughgoing procedure is what will help get rid of the redirects.
Automated removal of Newsearch123.com virus
Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:
1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.
Use Control Panel to get rid of Newsearch123 adware
• Open up the Control Panel from your Start menu in Windows and select Uninstall a program
• To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find Newsearch123 or some other unfamiliar entry under the Name column, click Uninstall and follow further directions to get the removal done.
Restore web browser settings to their original defaults
In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by Newsearch123.
Reset Mozilla Firefox
• Open Firefox, type about:support in the URL area and press Enter
• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it
• Follow subsequent directions to reset Firefox to its original settings
• Restart the browser.
Reset Google Chrome
• Open Chrome, click the icon for Chrome menu and choose Settings
• Scroll down the settings screen and click Show advanced settings
• Click Reset settings
• Finally, confirm the restoration by clicking Reset on the warning message
• Restart Chrome.
Reset Internet Explorer
• Select Internet options under IE’s Tools
• Proceed by clicking on Advanced tab, then select Reset
• To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled
• Reboot the machine to fully implement the fix.
Revise your security status
Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.
- Petya ransomware removal and system recovery (upd. June 27)
- Sorebrect ransomware – fileless malware exploits PsExec utility
- Remove MOLE02 ransomware virus and decrypt .mole02 files (upd. June 15)
- Erebus ransomware infects Linux web servers in South Korea
- Decrypt .master ransomware files – BTCWare virus variant