Wickedsearchsystem.com is a ZeroAccess/Serifef-related browser hijacker that redirects users to spam websites. Random redirects occur when user clicks on Google search results. It usually doesn't happen every time, just some times. The rootkit displays the correct location/URL in the address bar but absolutely irrelevant site is loaded. Also, at the bottom of your web browser it says Waiting for wickedsearchsystem.com.
Then the rootkit loads spammy websites. Here's an example of fake video streaming website which looks pretty much the same as Youtube. Apparently, it's a new stolen video about Emma Watson titled "Emma Watson never seen before home video".
When you click Play it says you need to update Flash Player. How typical.
Incredibly slow web browser performance is another sign of this infection. That's because the ZeroAccess rootkit sends browser requests through servers controlled by cyber criminals. The same rootkit blocks legitimate anti-virus software. We've also found some traces of Rootkit.Win32.PMax malware on the infected machines. And probably the most obvious sign of wickedsearchsystem.com and ZeroAccess infection is a running process that has the following structure: numbers:numbers.exe, for example 1654325:985646.exe.
This infection is rather sophisticated, you can't remove it manually. Thankfully, you can use ZeroAccess/Serifef removal tools to remove the rootkit. Once the rootkit is removed, you should run anti-malware software to remove the leftovers and additionally installed malware from your computer. To stop annoying wickedsearchsystem.com and remove rootkits from your computer, please follow the removal instructions below. If you need help removing this virus, please leave a comment below. Good luck!
http://computertipsandguide.blogspot.com
Wickedsearchsystem.com removal instructions:
1. First of all, download and run ZeroAccess/Sirefef/MAX++ removal tool. (works on 32-bit systems only!)
2. Then use TDSSKiller.
3. Finally, scan your computer with recommend anti-malware software (STOPzilla) to remove the leftovers of this virus from your computer.
It's possible that an infection is blocking STOPzilla from properly installing. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. Don't forget to update the installed program before scanning.
Alternate malware removal tools can be used in case STOPzilla has missed a threat:
NOTE: if you get the following Windows Security Alert, please click on Unblock button. This alert is caused by ZeroAccess rootkit.
Share this information with your friends:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment