Not so funmood
August 18, 2012 9:41 AM   Subscribe

How do I completely remove the funmoods search toolbar from Windows 7?

I've tried disable add-on in firefox and chrome. I've removed the program using add/remove. I went through regedit and removed every entry associated with 'funmood'. I search the C: drive and deleted every file or directory with 'funmood'

No dice.

What's the current state-of-the-art in malware removers?
posted by Bonzai to Computers & Internet (10 answers total) 1 user marked this as a favorite
Best answer: Malwarebytes and SUPERAntiSpyware.

If your malware is mal enough, you may have to download these on a different computer and put them on a flash drive.
posted by Lyn Never at 9:52 AM on August 18, 2012

Response by poster: Update: tried Malwarebytes and SUPERAntiSpyware. They both detected and removed the toolbar.
It then immediately reappeared after reboot.

I'll try deezil's approach next.
posted by Bonzai at 11:49 AM on August 18, 2012

Will you update when you have the fix? I have the same issue, and it's annoying.
posted by zug at 1:17 PM on August 18, 2012

Revo uninstaller? It's free, worth a shot.
posted by raisingsand at 7:38 PM on August 18, 2012

It's possible you have a rootkit or startup item that is re-injecting the toolbar when triggered.

Two programs may help:
1. TDSSKiller which is a decent rootkit scanner (picks up on more than TDSS). Before scanning, change parameters to detect the TDL/FS and any unsigned drivers.

2. Sysinternals Autoruns should give a good picture of what runs on your PC at startup as well as other conditions.

Also, for most malware removal attempts, create a system restore point before removing things you're unsure of (that also brings to mind something simple too: perhaps first try restoring to an earlier point before the toolbar existed if you haven't tried that yet)
posted by samsara at 12:51 AM on August 19, 2012

I just was dealing with this on an acquaintance's computer. Have you tried just reinstalling Firefox? I think that dealt with it, although now I can't remember whether the solution lasted through a reboot.
posted by col_pogo at 5:22 AM on August 19, 2012

Best answer: I'd recommend ComboFix. In fact, at the risk of putting myself out of business, I'd reccomend Bleeping Computer for any malware issue. The site does take a little extra work to navigate, sine it's intended for IT pros, but membeship is free and the forums are great for working out stubborn issues.
posted by Fferret at 6:05 AM on August 19, 2012 [1 favorite]

Response by poster: TDSSKiller found nothing.
Combofix found a bunch of stuff but the search is redirected.

I am defeated for now.

One thing I noticed is that the actual toolbar doesn't come back it's just that the search is redirected to

I haven't tried uninstalling/reinstalling firefox and/or chrome but I'm going to take a break from this and try tomorrow.
posted by Bonzai at 11:55 AM on August 19, 2012

Response by poster: Success!

To my surprised I received a reply from Funmoods customer support on how to remove all of it's hooks in Chrome and with that information I was able to figure out where to take it out of Firefox as well.

I imagine IE is still infected but nobody ever uses that.
posted by Bonzai at 6:52 PM on August 19, 2012 [1 favorite]

« Older SEA -> JAC by Air and Land   |   Launched myself into uncertainty, now what? Newer »
This thread is closed to new comments.