Computer users’ web traffic is a juicy target for cybercriminals, and that’s for a strong reason. Online advertising campaigns cost money to carry out, so lots of interested parties are willing to pay a pretty penny for page views. The ethical way to do this type of business requires a great deal of efforts and resources, but crooks have their own take on this activity and use browser malware like cobalten.com instead.
What is the cobalten.com malware?
Cobalten.com is a generic name denoting a potentially unwanted program (PUP) that affects the behavior of web browsers on a host computer. The underlying malware installs an obtrusive rogue browser plugin that tweaks the victim’s Internet surfing settings so that the bulk of their online navigation routine becomes isolated to visiting cobalten.com page. Interestingly, if you decide to play around with that URL and simply enter it in the address bar of your browser, nothing malicious will happen – you will simply end up on Google homepage. The “black magic” starts once you add a certain tail to the domain name itself. The current malvertising wave, for instance, resolves the following string: cobalten.com/afu.php?zoneid=1365143&var=1138995.
Notice the “afu.php” part following the original URL. It is an invariable component of it, whereas the “zoneid” and other values tends to vary. The technical lowdown on this shady site is, therefore, mostly about intercepting unsuspecting users’ traffic and dispatching it so that the victims hit landing pages with certain sponsored content. Some of the destination pages, though, serve up malicious code, so the crooks are playing on both sides of the pitch by promoting certain legit services and concurrently spreading harmful entities, such as adware, spyware, Trojans and ransomware. Meanwhile, cobalten.com is the kernel element of this plot, although you might not notice it much in your malfunctioning browser. What’s a lot more conspicuous is the slew of affiliated landing pages popping up nonstop.
The fishy sites endorsed by the threat actors include download pages for some junk utilities whose makers probably cannot get people to download their tools in a regular way. These can be browser toolbars with questionable reputation, ad-supported video downloaders, media players and the like. Another category of promoted content encompasses ecommerce, various diets, online gambling, fake crypto startups and some “make money online” resources. But, again, the most nefarious type of resources being pushed via cobalten.com/afu.php is malware propagation sites. These ones host obfuscated drive-by downloads that get triggered automatically behind the victim’s back or require some action first, for example, clicking on the Allow button to unlock access to the website.
The pseudo add-on propping the obnoxious cobalten.com redirect activity is typically deposited on computers in a stealthy fashion. The infection chain usually begins with a freeware bundle that the user unwittingly installs, hoping that they will get some fancy new app without spending a penny. The installation client in such scenarios tends to mention the tip of the iceberg only, encouraging users to continue the setup. The trick is that one or a few malicious applications may accompany the one that’s used as a lure. Most of the time, selecting Custom instead of Default in the installation options will keep you on the safe side and make your day.
If the sneaky redirect culprit in question has infiltrated your PC, commonplace program uninstall techniques aren’t likely to help because it was designed with persistence in mind. The part below covers cobalten.com virus removal done right.
Cobalten.com hijacker automatic removal
The extermination of Cobalten.com malware can be efficiently accomplished with reliable security software. Sticking to the automatic cleanup technique ensures that all components of the infection get thoroughly wiped out from your system.
1. Download recommended security utility and get your PC checked for malicious objects by selecting the Start Computer Scan option
2. The scan will come up with a list of detected items. Click Fix Threats to get the PUP removed from your system. Completing this phase of the cleanup process is most likely to lead to complete eradication of the infection. However, it might be a good idea to consider ascertaining the hijacker is gone for good.
Remove Cobalten.com hijacker using Control Panel
- Open Control Panel. On Windows XP / Windows 8, go to Add or Remove Programs. If your OS is Windows Vista / Windows 7 / Windows 10, choose Uninstall a program
- Look down the list and locate an app that appears fishy. Click the Uninstall/Change (Change/Remove) option to get the intruder removed if spotted
Cobalten.com hijacker removal by resetting the affected browser
Please take into consideration that as effective as it is, the procedure of restoring browser defaults will lead to the loss of personalized settings such as saved passwords, bookmarks, browsing history, cookies, etc. In case you are not certain this outcome is suitable despite its obvious efficiency, it’s advised to follow the automatic removal method described in one of the previous sections of this tutorial.
Reset Google Chrome
- Click on the Chrome menu icon and select Settings
- Locate the Advanced option under Settings and click on it to expand the menu. Then, pick the Reset button at the bottom
- When a new screen appears, hit Reset once again
- Chrome will now display a confirmation dialog box listing the types of data that will be lost if you proceed. Read the message carefully and, if you’re sure, click Reset
Reset Mozilla Firefox
- Click on Help menu and select Troubleshooting Information from the drop-down list, or type about:support in the URL field
- On the Troubleshooting Information screen, click Refresh Firefox option and confirm the procedure on another dialog
Reset Internet Explorer
- In IE, go to Tools and select Internet Options from the list
- Hit the Advanced tab and click on the Reset option
- IE will now display Reset Internet Explorer Settings box, where you should put a checkmark next to Delete personal settings option and click Reset at the bottom
Verify whether Cobalten.com hijacker has been completely removed
For certainty’s sake, it’s advised to repeatedly run a scan with the automatic security software in order to make sure no harmful remnants of this malware are left inside Windows Registry and other operating system locations.