Computer Help forum

Resolved Question

'Searchiu' browser hijacker removal?

by TyTucson / January 16, 2013 8:05 AM PST

(note: I am using Firefox)

So it appears my computer is infected with a new strain of browser hijacker called 'searchiu.'

Whenever I open a new tab, it opens a browser under 'searchiu.'

Unlike previous incarnations (searchnu, searchqu, etc.), it doesn't appear in my add-ons, it didn't install as a new toolbar, Google is still set as my default search engine, and it doesn't appear under 'search providers' in my 'internet options' settings. And it doesn't show up when I run a scan via malwarebytes or Microsoft SE.

I don't know enough about software to go about deleting files in the operational folders of my computer.

Any suggestions on how to get rid of this sneaky SOB?

TyTucson has chosen the best answer to their question. View answer »
Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: 'Searchiu' browser hijacker removal?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: 'Searchiu' browser hijacker removal?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Best Answer as chosen by TyTucson

Collapse -
Reset profile
by tli004 / January 19, 2013 9:01 AM PST

I had the same problem on Firefox and the solution is actually quite simple. Click on the Firefox tab in the upper left corner, go to Help>Troubleshooting Information, then select the Reset Firefox button on the right. That fixed the problem for me and hopefully for you as well. I would say you should try to do the same with other browsers if this is occuring on Chrome, IE, etc.

Collapse -
Reset Profile fails.
by NoBlog / January 25, 2013 7:55 AM PST
In reply to: Reset profile

Resetting Firefox removes this problem, but only until you reboot. Then it is back. It is also present on ALL OTHER browsers installed on your computer. Searching for info about "searchiu.com" results in a site offering "removal instructions" consisting of downloading and then running three seperate files. You get there from anyplace in a google search, which means that you are being DIRECTED there by the malware. Following those instructions will probably install something far worse and far more dangerous.
Norton Antivirus finds nothing, but they offer a tool called "Norton Power Eraser" which does a more thorough scan. That tool finds a "bad file" called (rikvm_f47b619c.sys). After removing that file, it re-appears with a new set of characters following the underscore character, so this tool obviously fails to find the core problem.

Collapse -
Reset WORKS!
by NoBlog / January 26, 2013 4:42 AM PST
In reply to: Reset Profile fails.

I repeated the reset on all browsers and it worked in all cases. Not sure what I did wrong before, but the "Best Answer" by tli004 is the answer.

Collapse -
Reset WORKS!
by NoBlog / January 26, 2013 4:46 AM PST
In reply to: Reset Profile fails.

I repeated the Reset procedure on all browsers and it successfully eliminated the problem. Not sure what I did wrong previously, but this easy "reset" fix is valid.

Collapse -
Reset is only a PARTIAL solution!
by NoBlog / January 27, 2013 12:11 AM PST
In reply to: Reset Profile fails.

After reclaiming your home page through Reset, do a google search for "easyfixvirus.com" If you get hits that tell you that this is a fake antivirus that just extorts money, you are good top go. If instead, you find only direct links to easyfixvirus.com, with few if any exceptions, you are still infected, as am I.
It obviously affects searches, but God knows wjat ELSE it's doing!

Collapse -
OOPS!
by NoBlog / January 27, 2013 3:11 AM PST

After finally being able to use another computer for searches, I was able to verify that I was WRONG! Searches appear to function normally, making it likely that hijacking the home page is the only problem with this nuisance. Resetting all affected browsers does, in fact, appear to be a complete cure.
Sorry for my previous misleading information. This thing caused me much more panic than was deserved.I promise to quit "helping" now!

Collapse -
To All : PLEASE verify sites offering Removal Instructions
by Carol~ Forum moderator / January 27, 2013 6:35 AM PST
In reply to: Reset Profile fails.

To those reading this thread:

Unless you're using a safe browsing tool such as Web of Trust (WOT), please be cautious when visiting sites offering removal tools/instructions for searchiu.com. Or any other type/named malware, for that matter.

A good deal of the sites found via a Google search (or other search engines) are deemed unsafe. Verify the site's reputation, prior to downloading any of their tools or running any of their scans.

Read what Web of Trust reports about a few of the sites which "claim" to have a fix.

http://www.mywot.com/en/scorecard/easyfixvirus.com
http://www.mywot.com/en/scorecard/cleanpcguide.com
http://www.mywot.com/en/scorecard/uninstallvirus.com
http://www.mywot.com/en/scorecard/fixspywarenow.com
http://www.mywot.com/en/scorecard/killallvirus.com
http://www.mywot.com/en/scorecard/mygoodpc.com

And the list goes on and on and ....

Carol

Collapse -
worked...so far
by TyTucson / January 26, 2013 12:32 AM PST
In reply to: Reset profile

I reset firefox, which seems to have worked. It didn't come back after reboot - but I don't think all of the files associated with the hijacker are present - I deleted temp folder contents, which might have contained the reinstall files, preventing it from coming back.

Collapse -
Answer
When you say it doesn't 'appear'..
by Carol~ Forum moderator / January 16, 2013 12:37 PM PST

When you say "it doesn't appear in your add-ons", do you mean (the name) searchiu didn't "appear" to you? In other words, did you (only) look for searchiu and nothing more?

Did you start Firefox in safe mode with all add-ons disabled? If not, it's the easiest way to rule out if an add-on is the cause of the issue. Needless to say, if it fixes it you're going to have to enable them one by one in normal mode.

I read a list of problematic add-ons/extensions just yesterday, which caused a similar problem. The names were entirely different and unrelated to the one when opening a new tab. The same held true for toolbars.

Carol

Collapse -
add-ons
by TyTucson / January 16, 2013 10:38 PM PST

No, I haven't tried it in safe mode yet - I will. But I examined each and every add-on, and none look suspicious (Java, DivX, Microsoft .Net, Realplayer are the only add-ons).

Unless it somehow appears as an official, recognized 'toobar and extension,' disguised as something like "Google Earth," they all look legit, too (unidentified/unverified add-ons have been disabled)

Collapse -
Searchiu
by pgc3 / January 16, 2013 10:43 PM PST
In reply to: add-ons

When you run Malwarebytes to intercept or attempt to do a removal boot to then scroll to SAFE MODE WITH NETWORKING to do this, not just basic SAFE MODE...you have a better shot at interception/removal of certain nefarious entities by using this procedure.

Collapse -
additional info
by Temp_Acct_369 / January 16, 2013 10:51 PM PST
In reply to: add-ons

I'm having the same problem on my computer, I think for a couple of days now. I can confirm that none of the add-ons are the problem. Starting in safe mode with add-ons disabled results in the same issues. I can also confirm that the problem goes beyond Firefox. I'm having the same problem with Chrome, which I almost never use, and certainly not in the past several months. I ran Ad-Aware and found a couple of things which I removed, but didn't solve the issues.

Collapse -
Issues
by pgc3 / January 17, 2013 3:15 AM PST
In reply to: additional info

Try running a Malwarebytes scan in SAFE MODE WITH NETWORKING..as mentioned in a prior post. The other thing(s) I would be concerned with would be the type of A/V software you might be running in your system, configuration, etc. If you also are depending on MSE to be the panacea to all security issues, web related, I'd give it another guess..

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the school year

Smart tech for smart students

Forget the pencils and notebooks. Gear up your students with these portable and powerful note-taking machines.