Home Guides Remove RedNews7 virus popup from Chrome/Firefox/IE/Safari

Remove RedNews7 virus popup from Chrome/Firefox/IE/Safari

4 min read
Find out how the RedNews7 virus manifests itself on a PC and how to get rid of it so that the web browser isn’t redirected to dubious sites hosting scam popups.
  1. What is the RedNews7 virus?
  2. Automated removal of RedNews7 virus
  3. Restore web browser settings to their original defaults

What is the RedNews7 virus?

The scourge of browser hijacking is gaining traction these days. Whereas online crooks’ toolkit used to be restricted to malicious plugins that would replace one’s Internet defaults to cause redirects, it has expanded with a very special trick resulting in a loop of rerouting instances accompanied by irksome permission requests. The RedNews7.com popup virus is a recent example of this scheme in action. In terms of coding semantics, the malefactors are leveraging Access-Control-Allow-Origin (ACAO) response headers to trigger fraudulent instances of cross-origin resource sharing. Most people will probably find this information too techie, so in plain words, the goal of this technique is to obtain privileges that will allow perpetrators to extend their reach. In particular, it authorizes a web page to request arbitrary resources from another domain. This way, the operators of the hoax can fully automate the routine of invoking harmful downloads and generating sponsored content in a contaminated browser.

One of the landing pages associated with RedNews7 virus

The main symptom of the RedNews7 virus activity is that the victim’s preferred web browser acts up by being forwarded to the respective fishy site. The cross-browser compatibility of the hoax ensures that a maximum audience of users is covered, no matter if they use Google Chrome, Mozilla Firefox, Internet Explorer, or Safari. The redirecting appears to happen without any direct action of the user – obviously, it is in nobody’s interest to keep visiting a dangerous page. However, this is a misconception to a certain extent, because the attack is often preceded by a software installation that involves a great deal of obfuscated foul play. Ever heard of bundling? This term denotes an app promotion method that drags several programs into a computer along with one the user is knowingly installing. In theory, this isn’t an offensive technique and is being commonly employed to monetize freeware development. In practice, the extras covertly tailgating into systems can be deleterious, as is the case with the RedNews7 virus.

Threat details:
Name RedNews7.com popup / redirect virus
Threat Category Pop-up ads, adware, browser hijacker
Domains involved 0.rednews7.com, 1.rednews7.com, 2.rednews7.com,
3.rednews7.com, 4.rednews7.com, 5.rednews7.com,
6.rednews7.com, 7.rednews7.com, 8.rednews7.com, 9.rednews7.com
Symptoms Browser redirects, fraudulent permission requests,
unwanted pop-up ads, browser slowdown
Distribution techniques Malicious app bundles, search engine poisoning,
compromised websites
Severity Medium
Damage Internet activity tracking, search redirects, unauthorized
changes of browsing preferences, malicious ads
Removal Scan your PC with SpyHunter to detect all files related to RedNews7 virus. Free scan determines if your system is infected. To get rid of the threat, you need to purchase full version of the anti-malware tool:

As soon as the threat is on board, it surreptitiously drops a plugin into the user’s preferred browser in order to turn the web surfing activities upside down. When the interference is in full swing, the browser will be recurrently forwarded to the unwanted site. Its URL is concatenated with a random-looking tail, so the resulting address will be something like rednews7[dot]com/?p=giygenzsmi5gi3bpgi4dini. It can as well be prepended with a number from 0 to 9. The suffix reflects a specific malvertising sub-campaign and therefore varies. The numerous versions of landing pages can be disguised as different types of services. Some of them look like a YouTube-style streaming video page that emulates buffering. Some are camouflaged as adult sites asking the visitor to confirm that they are 18+. There are also ones mimicking CAPTCHA verification.

Regardless of the theme, they all share one characteristic. It is a popup dialog saying, “rednews7.com wants to show notifications” (in Chrome) or “Will you allow rednews7.com to send notifications?” (in Firefox). The Allow and Block buttons on these popups seem to be diametrical opposites in terms of their function, but even if the latter is clicked, the hoax will continue and the same or similar-looking scam pages will be resolved. A few examples of the affiliated ones are gofesm.com and ahdrold.com. In case the unsuspecting user clicks Allow, the felons’ plan will move on to a nastier stage where the range of manipulative sites gets much bigger. To top it off, the permissions that were unknowingly granted to RedNews7 virus can be abused to serve ads, alter the custom browsing settings such as the default search and homepage, and gather sensitive information about the victim’s online life. In order to avoid these adverse consequences and prevent a browser from being repeatedly routed to RedNews7.com, it is strongly advised to detect and remove the underlying malicious app.

Automated removal of RedNews7 virus

Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:

1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button

Download Rednews7 virus remover

2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.

Use Control Panel to get rid of the RedNews7 virus

  • Open up the Control Panel from your Start menu in Windows. Open up the Control Panel from your Start menu in Windows. Depending on the OS build, select Uninstall a program (Windows 10, 7 and Vista) or Add or Remove Programs (Windows 8)
    Access program uninstall screen on Windows
  • To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find an unfamiliar, suspicious entry under the Name column, click Uninstall and follow further directions to get the removal doneUninstall unwanted program

Restore web browser settings to their original defaults

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the RedNews7.com popup virus.

Reset Google Chrome

  • Open Chrome, click the icon for Chrome menu and choose Settings
  • Scroll down the settings screen and click Show advanced settings
  • Click Reset settings
  • Finally, confirm the restoration by clicking Reset on the warning message
  • Restart Chrome

Reset Mozilla Firefox

  • Open Firefox, type about:support in the URL area and press Enter
  • On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it
    Refresh Firefox button
  • Follow subsequent directions to reset Firefox to its original settings
    Complete refreshing Firefox
  • Restart the browser.

Reset Internet Explorer

  • Select Internet options under IE’s Tools (Alt+X)
    Open up Internet options in Internet Explorer
  • Proceed by clicking on Advanced tab, then select Reset
    Locate and click the Reset button in IE
  • To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled
    IE reset confirmation
  • Reboot the machine to fully implement the fix.

Reset Safari

  • Go to the Safari menu and select Preferences
    Go to Safari Preferences
  • When on the Preferences screen, select the Privacy tab and hit the Remove All Website Data button if you are up to erasing all website data stored on your Mac. Otherwise, you can use a site-specific removal option described below
    Remove All Website Data button
  • A dialog will appear, asking you to validate your choice. Click the Remove Now button if you are sure. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.
    Confirm website data removal
  • Safari also allows deleting data for specific sites rather than all sites in general. To use this option, click the Details button under Privacy tab
    Details button under Privacy tab
  • Select the websites for which you would like to erase data and click the Remove button
    Removing data for selected sites in Safari
  • Click the Done button to confirm and exit. You can also select the Remove All option to remove all data stored by the listed websites.

Revise your security status

Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.

Download Rednews7 virus removal tool

Rate article

5/5 (1)

Leave a Reply

Your email address will not be published. Required fields are marked *