Ad-supported and browser-hijacking software may not be malicious but it definitely can lead to serious consequences, if not removed on time. The more you postpone taking measures, the more vulnerable your system becomes to various forms of malware and spyware. Also, keep in mind that adware and browser hijackers often come bundled, which makes their removal even more challenging.
|Short Description||The two GsearchFinder browser hijackers (HoboSearch and YesSearches) add an extra Firefox profile.|
|Symptoms||Unwanted advertisements, unusual browser behavior, extra Firefox profile.|
|Distribution Method||In bundled installers.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by GsearchFinder|
|User Experience||Join our forum to discuss GsearchFinder.|
Researchers at Malwarebytes recently found out that two GsearchFinder browser hijackers, YesSearches and HoboSearch, add an extra Firefox profile on the compromised system. Continue reading, as we’re about to tell you how to fix the issue.
YesSearches Technical Resume
When YesSearches is installed on your computer, several unwanted changes may occur. The browser hijacker may change DNS settings, browser settings, including the homepage, new tab page and default search engine of all browsers. Affected browsers are Google Chrome and Mozilla Firefox.
Keep in mind that YesSearches uses a secondary technique, a standalone process called “ShortcutBoost.exe”. That process rearranges the launch options of the Desktop and Quick Launch items of all browsers, so they all project “Yes Searches” upon initiating any browser. The homepage of all browsers is changed to “YesSearches.com”.
Read more about YesSearches
HoboSearch Technical Resume
As reported by Enigma Software researchers, Hobosearch(.) com is likely promoted as a customized search engine for users in Asia. However, it’s only available in English and is in fact a crooked version of Google, created to display third party advertisements that may not be safe to interact with.
Keep in mind that Hobosearch may appear in your Plug-ins Manager with the name HohoSearch Enhancer and HohoSearch Toolbar.
The browser hijackers also add a scheduled task, which means that various (unwanted and intrusive) advertisements will be displayed at set intervals. Researchers have observed the scheduled task be triggered every two hours. Here we get to the novel activity performed by YesSearches and HoboSearch – the creation of an extra Firefox profile.
This may sound as something difficult to deal with, but in fact fixing it is not that hard at all. Instead of altering your default browser profile, the browser hijackers create a new, pre-hijacked one.
How to Remove the Extra Firefox Profile Created by YesSearches and HoboSearch?
- First, make sure to close all Firefox processes;
- Then, simultaneously click Windows key + R to open the Runbox;
- Write the command Firefox –P to open the Firefox profile manager;
- Select the Firefox Default profile (not the “default” one) and select Delete Profile;
- When asked if you want to delete the fake profile, click Delete Files;
- Select Use the selected profile without asking at startup;
- Keep in mind, that in case more than one profile is in the list, you should choose the one you want to use. Nonetheless, only the default profile should be left and selected automatically.
- Click the Start Firefox button.
After you’re done with removing the extra Firefox profile, you should definitely consider scanning your system via an anti-malware program. If you’re experiencing other “classical” issues with YesSearches or HoboSearch, consider following the removal manual below.