Get rid of the persistent malware that redirects web browsers to newtab.win or newtab.review page as part of a fraudulent traffic monetization campaign.
Adware, hijackers, redirect viruses – whatever you call them, perpetrating programs targeting web browsers are amongst the most commonly encountered online threats these days. They make cybercriminals’ day for a reason. The impact isn’t severe, at least as compared to such nasty infections as ransomware or banking Trojans. Consequently, there is unlikely to be massive law enforcement action against this activity. Another aspect is that their distribution is technically legit, being backed by regular bundling techniques. All of these properties hold true for the newtab.win and newtab.review viruses. When either one of them infects a Windows PC, the user’s web browsing experience goes down the drain.
So, what symptoms accompany the attack under scrutiny? First of all, the victim repeatedly visits newtab.win or newtab.review website. This mishaps occur when they open Mozilla Firefox, Google Chrome, Internet Explorer or Safari on the infected machine. Another trigger for the redirects is an instance of performing web search or opening a new tab. The causality here is as follows: the malicious program installs a persistent cross-browser extension or plugin to every web browser detected on the host. This phony helper object modifies the user’s custom browsing settings, replacing the homepage, default search provider and new tab page with newtab.win or newtab.review URL. Both resolve a page with identical design.
At first sight, the landing page looks fairly vanilla. Its title, predictably enough, is “New Tab”. The layout includes a search bar and large icons hyperlinked with popular Internet resources, including AliExpress, Facebook, YouTube, Amazon, eBay, and Pinterest. Any search query entered will further reroute to regular Google SERPs (search engine results pages). The gist of this whole interference is all about intercepting people’s traffic and selling it to interested parties. Unfortunately, this is done at the expense of user experience.
As it has been touched upon, newtab.win and newtab.review redirect viruses are making the rounds via software bundling. Such a propagation paradigm legitimizes the installation of perpetrating code, because users opt for it without realizing the consequences. The catch is that the malicious entities are promoted alongside regular programs, so people kind of authorize the contamination while thinking they are installing some benign freeware only. If the incursion has taken place and browsers are acting up, follow the steps below to sort things out.
Automated removal of newtab.win / newtab.review virus
Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:
1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.
Use Control Panel to get rid of newtab.win and newtab.review PUP
• Open up the Control Panel from your Start menu in Windows and select Uninstall a program
• To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find New Tab or some other unfamiliar entry under the Name column, click Uninstall and follow further directions to get the removal done
Restore web browser settings to their original defaults
In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by newtab.win / newtab.review hijacker.
Reset Mozilla Firefox
• Open Firefox, type about:support in the URL area and press Enter
• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it
• Follow subsequent directions to reset Firefox to its original settings
• Restart the browser.
Reset Google Chrome
• Open Chrome, click the icon for Chrome menu and choose Settings
• Scroll down the settings screen and click Show advanced settings
• Click Reset settings
• Finally, confirm the restoration by clicking Reset on the warning message
• Restart Chrome.
Reset Internet Explorer
• Select Internet options under IE’s Tools
• Proceed by clicking on Advanced tab, then select Reset
• To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled
• Reboot the machine to fully implement the fix.
• Go to the Safari menu and select Preferences
• When on the Preferences screen, select the Privacy tab and hit the Remove All Website Data button if you are up to erasing all website data stored on your Mac. Otherwise, you can use a site-specific removal option described below
• A dialog will appear, asking you to validate your choice. Click the Remove Now button if you are sure. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.
• Safari also allows deleting data for specific sites rather than all sites in general. To use this option, click the Details button under Privacy tab
• Select the websites for which you would like to erase data and click the Remove button
• Click the Done button to confirm and exit. You can also select the Remove All option to remove all data stored by the listed websites.
Revise your security status
Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.