Soft2Secure

How to remove WebDiscover Browser virus (March 2019 upd.)

How to remove WebDiscover Browser virus (March 2019 upd.)

March 2019 update

Browser malware is so widespread these days that the ways to avoid it should probably be taught in a separate school course. Some of these pests display numerous online ads, while others focus on redirecting web traffic instead. The malicious program called WebDiscover Browser does both. It adds a search toolbar at the top of a victim’s Windows desktop that promotes a junk web service crammed up with sponsored information.

What is the WebDiscover Browser virus?

WebDiscover Browser is an annoying Windows application that narrows down the infected users’ Internet search routine by making it default to a specific service with hardly any real information value. When installed – typically without one’s knowledge and consent – it embeds a toolbar at the very top of the desktop. At first sight, this navigation panel appears to deliver a web search functionality without involving a full-page browser. That’s perhaps a feature some people may find helpful to have at their fingertips, but the downsides of this presumable convenience make the whole user experience component of it go down the drain.

First of all, any search request entered in the bar triggers the Chromium browser and returns results via a questionably safe service. One of the problems is that the Chromium sample has rogue settings hard-coded in it, which means the user will be stuck in a loop of iterative hits to unwanted websites. To top it off, the adverse configuration cannot be modified manually due to the persistence of the infection and the corresponding entry having been added to Windows Task Scheduler without proper permission.

In the aftermath of the attack, WebDiscover Browser toolbar is deposited at top of the host computer’s desktop

So, it becomes obvious from the get-go that WebDiscover Browser pushes a search provider of its own. It is hosted at search.ydserp.com. The homepage isn’t verbose at all – in fact, it only includes a search box and links to a few garden variety subsections, such as the contacts page and Privacy Policy. Everything you type in the search area ends up being looked up on Bing. A quick recap on the services involved is as follows: the toolbar docked on the desktop opens Chromium and forwards queries to a worthless pseudo-provider at search.ydserp.com (the URL usually has “wd_ext” part in its tail). All keywords subsequently entered in there further redirect you to Bing, Microsoft’s proprietary search engine. This seems like nonsense, doesn’t it? However, this is exactly the way most of the known malicious traffic monetization campaigns work. Everything comes down to generating web traffic and selling it to advertisers as well as other interested parties along the way. What happens in between these stages is a bunch of hosts being inconspicuously resolved to constitute a fraud of emulating user visits as part of large-scale malvertising.

Search.ydserp.com, the rogue search engine propped by WebDiscover Browser virus

There is one more flavor of WebDiscover Browser that’s on the big minus side of the app. The homepage of its purported search engine mentioned above raises a serious red flag when accessed. The browser displays an “Insecure content blocked” warning sign that says, “The page is trying to load scripts from unauthenticated sources”. If you manually allow those scripts to run, you will see advertisements in the form of large icons leading to popular services like Facebook, Booking.com, TripAdvisor, Best Buy, Walmart, and Verizon. Of course, when the adware is operating inside a system, it recurrently opens the browser with those scripts already enabled and loading automatically without any notification. That’s a potential privacy risk and covert advertising combo.

The WebDiscover Browser virus enters PCs by means of a shady tactic. Its unscrupulous publisher is leveraging freeware bundles to manipulate users into downloading and installing their controversial product. There’s a bevy of these tricky installation clients out there that appear to streamline the setup of Adobe Flash Player, Notepad-like word processors, multimedia enhancement tools, video downloaders, application cracks, utilities for driver updates and the like. The installation wizards of these tools, upon a bit closer scrutiny, may recommend WebDiscover Browser as an extra offer. Therefore, as long as you are okay with the Express installation option, you will fall victim to the malicious program in question. This is why the custom, or advanced mode is more than preferable during such installs. It lets you see what’s being pushed and uncheck it as appropriate. If this hoax has worked out in your case and the WebDiscover Browser toolbar virus is on board your computer, here is what you should do to get rid of it completely.

WebDiscover Browser pup automatic removal

The extermination of WebDiscover Browser PUP can be efficiently accomplished with reliable security software. Sticking to the automatic cleanup technique ensures that all components of the infection get thoroughly wiped out from your system.

1. Download recommended security utility and get your PC checked for malicious objects by selecting the Start Computer Scan option

Download WebDiscover Browser remover

2. The scan will come up with a list of detected items. Click Fix Threats to get the PUP removed from your system. Completing this phase of the cleanup process is most likely to lead to complete eradication of the infection. However, it might be a good idea to consider ascertaining the PUP is gone for good.

Remove WebDiscover Browser pup using Control Panel

  • Open Control Panel. On Windows XP / Windows 8, go to Add or Remove Programs. If your OS is Windows Vista / Windows 7 / Windows 10, choose Uninstall a program Access Control Panel's program uninstall interface
  • Look down the list and locate an app that appears fishy. Click the Uninstall/Change (Change/Remove) option to get the intruder removed if spotted Uninstall software related to en.savefrom.net via Control Panel

WebDiscover Browser pup removal by resetting the affected browser

Please take into consideration that as effective as it is, the procedure of restoring browser defaults will lead to the loss of personalized settings such as saved passwords, bookmarks, browsing history, cookies, etc. In case you are not certain this outcome is suitable despite its obvious efficiency, it’s advised to follow the automatic removal method described in one of the previous sections of this tutorial.

Reset Google Chrome

  • Click on the Chrome menu icon and select SettingsGo to Chrome settings
  • Locate the Advanced option under Settings and click on it to expand the menu. Then, pick the Reset button at the bottomClick the Reset button
  • When a new screen appears, hit Reset once againClick the Reset button one more time
  • Chrome will now display a confirmation dialog box listing the types of data that will be lost if you proceed. Read the message carefully and, if you’re sure, click ResetConfirm the reset

Reset Mozilla Firefox

  • Click on Help menu and select Troubleshooting Information from the drop-down list, or type about:support in the URL field Firefox Troubleshooting Information interface
  • On the Troubleshooting Information screen, click Refresh Firefox option and confirm the procedure on another dialog Refresh Mozilla Firefox

Reset Internet Explorer

  • In IE, go to Tools and select Internet Options from the listGo to Internet Options in IE
  • Hit the Advanced tab and click on the Reset optionChoose to reset Internet Explorer
  • IE will now display Reset Internet Explorer Settings box, where you should put a checkmark next to Delete personal settings option and click Reset at the bottomConfirm IE reset

Verify whether WebDiscover Browser pup has been completely removed

For certainty’s sake, it’s advised to repeatedly run a scan with the automatic security software in order to make sure no harmful remnants of this PUP are left inside Windows Registry and other operating system locations.

4.4/5 (5)

Please rate this

Posted in: KnowledgeBase

Leave a Comment (0) ↓