Not so funmood
August 18, 2012 9:41 AM Subscribe
How do I completely remove the funmoods search toolbar from Windows 7?
I've tried disable add-on in firefox and chrome. I've removed the program using add/remove. I went through regedit and removed every entry associated with 'funmood'. I search the C: drive and deleted every file or directory with 'funmood'
No dice.
What's the current state-of-the-art in malware removers?
I've tried disable add-on in firefox and chrome. I've removed the program using add/remove. I went through regedit and removed every entry associated with 'funmood'. I search the C: drive and deleted every file or directory with 'funmood'
No dice.
What's the current state-of-the-art in malware removers?
deezil's (amazing) malware fighting profile
posted by inigo2 at 9:59 AM on August 18, 2012 [1 favorite]
posted by inigo2 at 9:59 AM on August 18, 2012 [1 favorite]
Response by poster: Update: tried Malwarebytes and SUPERAntiSpyware. They both detected and removed the toolbar.
It then immediately reappeared after reboot.
I'll try deezil's approach next.
posted by Bonzai at 11:49 AM on August 18, 2012
It then immediately reappeared after reboot.
I'll try deezil's approach next.
posted by Bonzai at 11:49 AM on August 18, 2012
Will you update when you have the fix? I have the same issue, and it's annoying.
posted by zug at 1:17 PM on August 18, 2012
posted by zug at 1:17 PM on August 18, 2012
It's possible you have a rootkit or startup item that is re-injecting the toolbar when triggered.
Two programs may help:
1. TDSSKiller which is a decent rootkit scanner (picks up on more than TDSS). Before scanning, change parameters to detect the TDL/FS and any unsigned drivers.
2. Sysinternals Autoruns should give a good picture of what runs on your PC at startup as well as other conditions.
Also, for most malware removal attempts, create a system restore point before removing things you're unsure of (that also brings to mind something simple too: perhaps first try restoring to an earlier point before the toolbar existed if you haven't tried that yet)
posted by samsara at 12:51 AM on August 19, 2012
Two programs may help:
1. TDSSKiller which is a decent rootkit scanner (picks up on more than TDSS). Before scanning, change parameters to detect the TDL/FS and any unsigned drivers.
2. Sysinternals Autoruns should give a good picture of what runs on your PC at startup as well as other conditions.
Also, for most malware removal attempts, create a system restore point before removing things you're unsure of (that also brings to mind something simple too: perhaps first try restoring to an earlier point before the toolbar existed if you haven't tried that yet)
posted by samsara at 12:51 AM on August 19, 2012
I just was dealing with this on an acquaintance's computer. Have you tried just reinstalling Firefox? I think that dealt with it, although now I can't remember whether the solution lasted through a reboot.
posted by col_pogo at 5:22 AM on August 19, 2012
posted by col_pogo at 5:22 AM on August 19, 2012
Best answer: I'd recommend ComboFix. In fact, at the risk of putting myself out of business, I'd reccomend Bleeping Computer for any malware issue. The site does take a little extra work to navigate, sine it's intended for IT pros, but membeship is free and the forums are great for working out stubborn issues.
posted by Fferret at 6:05 AM on August 19, 2012 [1 favorite]
posted by Fferret at 6:05 AM on August 19, 2012 [1 favorite]
Response by poster: TDSSKiller found nothing.
Combofix found a bunch of stuff but the search is redirected.
I am defeated for now.
One thing I noticed is that the actual toolbar doesn't come back it's just that the search is redirected to funmoods.com.
I haven't tried uninstalling/reinstalling firefox and/or chrome but I'm going to take a break from this and try tomorrow.
posted by Bonzai at 11:55 AM on August 19, 2012
Combofix found a bunch of stuff but the search is redirected.
I am defeated for now.
One thing I noticed is that the actual toolbar doesn't come back it's just that the search is redirected to funmoods.com.
I haven't tried uninstalling/reinstalling firefox and/or chrome but I'm going to take a break from this and try tomorrow.
posted by Bonzai at 11:55 AM on August 19, 2012
Response by poster: Success!
To my surprised I received a reply from Funmoods customer support on how to remove all of it's hooks in Chrome and with that information I was able to figure out where to take it out of Firefox as well.
I imagine IE is still infected but nobody ever uses that.
posted by Bonzai at 6:52 PM on August 19, 2012 [1 favorite]
To my surprised I received a reply from Funmoods customer support on how to remove all of it's hooks in Chrome and with that information I was able to figure out where to take it out of Firefox as well.
I imagine IE is still infected but nobody ever uses that.
posted by Bonzai at 6:52 PM on August 19, 2012 [1 favorite]
This thread is closed to new comments.
If your malware is mal enough, you may have to download these on a different computer and put them on a flash drive.
posted by Lyn Never at 9:52 AM on August 18, 2012