My computer is infested with searchqu malware
It's not a virus, it hijacks browsers such as Internet Explorer, Firefox and Google Chrome
whois search for searchqu.com
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Name Servers:
dns.netvision.net.il
nypop.netvision.net.il
whois search for netvision.net.il
person: Liora Barak
address: Netvision Ltd
address: Omega Center , Matam
address: Haifa
address: 31905
address: Israel
phone: 04-8560600 (answering service)
fax-no: 04-8551004
e-mail: registrar@netvision.net.il
person: Wide Area Network Group
address: NetVision - Israeli ISP
address: Advanced Technology Center Haifa, 31905, send SPAM and ABUSE complaints to abuse AT netvision.net.il
address: as above
phone: 04 8560 634 (not connected)
Main Office013 Netvision
15 Hamelacha St., Rosh Ha’ayin 48091
Fax: 972-3-9001113
Omega Center, Matam Haifa 31905
Tel: 972-4-8560660 Fax: 972-3-5201960 SalesTel: 1-800-013-013
customer service Tel: 972-4-8560660 Fax: 972-3-5201960
service@netvision013.net.il
Support Tel: 972-4-8560570
Spokesperson Dana Friedman
Telephone: + 972 3 9001861 (leave message)
Cell: 972 52 3133300
E-mail: dana@013netvision.co.il
Several phone calls to Dana Friedman's landline have not been returned, and she has not responded to mobile calls either.
Searchqu.com is owned and operated by Bandoo, Inc.
e-mail: privacy@searchqu.com
Postal: Bandoo, Inc., Attention: Privacy Policy Administrator, 40 kimonos st.3095 Limassol, Cyprus
................
The scumware installed by ilivid is very difficult to remove, if you believe the hundreds of forum posts on the subject. I have run both Malwarebytes and another removal tool which both picked up trojans and trackers, but so far nothing will remove Searchqu - it just keeps coming back.
Here's a post I've not yet tried:
http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145
.........
Not directly related, an article about suing malware distributors:
http://www.mediapost.com/publications/article/113850/microsoft-sues-malware-distributors.html
.........
On my XP machine I found an entry in Program Files/searchcore for browsers and ran the uninstall.exe, then deleted the remaining dlls and directories. I then uninstalled all mention of the scumware from IE again. 24 hours later, so far, so good.
....
Several days later, it's back.
Searchqu on Wikipedia
http://en.wikipedia.org/wiki/Searchqu
.........
Removing Searchqu from Google Chrome
Step 1. Press ctrl+shift+del in Chrome, and clear your private data, cookies etc
Step 2. Click on Tools (the spanner icon, top right) > Options > Basics then click the Manage Search Engines button. If the nasty is in there, remove it by clicking X on the right side when you highlight it. It will probably have a name like Web Search.
.........
Hard to believe, but this scumware is distributed not only by shady fly-by-night software sites, but also by some of the largest and ostenibly most trustworthy around, including cnet, which, to its credit, displays numerous negative review which say ie ""DANGER DO NOT INSTALL"
.........
Postscript Dec 2011
I posted something about Ilivid, searchqu and malware on Wikipedia. It was deleted with a warning indicating it was rather naughty to say whatever I said. Can't have been very complimentary!
It's not a virus, it hijacks browsers such as Internet Explorer, Firefox and Google Chrome
whois search for searchqu.com
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Name Servers:
dns.netvision.net.il
nypop.netvision.net.il
whois search for netvision.net.il
person: Liora Barak
address: Netvision Ltd
address: Omega Center , Matam
address: Haifa
address: 31905
address: Israel
phone: 04-8560600 (answering service)
fax-no: 04-8551004
e-mail: registrar@netvision.net.il
person: Wide Area Network Group
address: NetVision - Israeli ISP
address: Advanced Technology Center Haifa, 31905, send SPAM and ABUSE complaints to abuse AT netvision.net.il
address: as above
phone: 04 8560 634 (not connected)
Main Office013 Netvision
15 Hamelacha St., Rosh Ha’ayin 48091
Fax: 972-3-9001113
Omega Center, Matam Haifa 31905
Tel: 972-4-8560660 Fax: 972-3-5201960 SalesTel: 1-800-013-013
customer service Tel: 972-4-8560660 Fax: 972-3-5201960
service@netvision013.net.il
Support Tel: 972-4-8560570
Spokesperson Dana Friedman
Telephone: + 972 3 9001861 (leave message)
Cell: 972 52 3133300
E-mail: dana@013netvision.co.il
Several phone calls to Dana Friedman's landline have not been returned, and she has not responded to mobile calls either.
Searchqu.com is owned and operated by Bandoo, Inc.
e-mail: privacy@searchqu.com
Postal: Bandoo, Inc., Attention: Privacy Policy Administrator, 40 kimonos st.3095 Limassol, Cyprus
................
The scumware installed by ilivid is very difficult to remove, if you believe the hundreds of forum posts on the subject. I have run both Malwarebytes and another removal tool which both picked up trojans and trackers, but so far nothing will remove Searchqu - it just keeps coming back.
Here's a post I've not yet tried:
http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=57145
.........
Not directly related, an article about suing malware distributors:
http://www.mediapost.com/publications/article/113850/microsoft-sues-malware-distributors.html
.........
On my XP machine I found an entry in Program Files/searchcore for browsers and ran the uninstall.exe, then deleted the remaining dlls and directories. I then uninstalled all mention of the scumware from IE again. 24 hours later, so far, so good.
....
Several days later, it's back.
Searchqu on Wikipedia
http://en.wikipedia.org/wiki/Searchqu
.........
Removing Searchqu from Google Chrome
Step 1. Press ctrl+shift+del in Chrome, and clear your private data, cookies etc
Step 2. Click on Tools (the spanner icon, top right) > Options > Basics then click the Manage Search Engines button. If the nasty is in there, remove it by clicking X on the right side when you highlight it. It will probably have a name like Web Search.
.........
Hard to believe, but this scumware is distributed not only by shady fly-by-night software sites, but also by some of the largest and ostenibly most trustworthy around, including cnet, which, to its credit, displays numerous negative review which say ie ""DANGER DO NOT INSTALL"
.........
Postscript Dec 2011
I posted something about Ilivid, searchqu and malware on Wikipedia. It was deleted with a warning indicating it was rather naughty to say whatever I said. Can't have been very complimentary!
No comments:
Post a Comment