I'm using Windows 7 and IE 9. Recently, as part of downloading the Adobe
Flash Player 11 update, Google Chrome was installed. I didn't want it so I
uninstalled it. Since then, when I type search terms in the address window,
fantastigames.metacrawler.com/fantastigames2/search has taken over instead of
plain old Google. How can I get rid of this? I've looked on your site but I
don't see the topic. I'd really appreciate your help.
In this excerpt from
Answercast #53, I look at a case where suspected malware was installed as
part of an upgrade installation.
Become a Patron of Ask Leo! and go ad-free!
Hijacked search
So, the short answer is that this is typical of malware. You have malware on
your machine.
What I'm going suggest you do is run up-to-date scans with your anti-virus
software, your anti-spyware software, and that you also consider running a scan
using the free tool from Malwarebytes.org.
Pay attention to downloads
Now, one thing I wanted to point out here - is exactly how this happened to
get on your machine.
One of the things I've been cautioning people on, for quite awhile, is to
pay special attention whenever you're downloading software, whenever you're
installing software - and that apparently also includes updates to software that
you already have installed. Updates to otherwise very legitimate software.
Additional downloads
Unfortunately, what a lot of software vendors are doing (in an opportunity
to make a little additional revenue from their otherwise free software) is they
are promoting additional, and unrelated, software packages with their
download.
Typically, you are offered a choice:
-
But the choice is often hidden;
-
The choice often defaults to being, "Yes, I want this other software;"
-
And the choice is often such that it is only displayed if you
choose the advanced setup options when you're installing software.
Don't agree to extras
So, my recommendation in the future is that you make sure to (whenever
installing, or updating, or running an installer that updates anything) is to
make sure to choose the Advanced option. Then make very special note of
everything that it's asking you to install.
If it's asking you to install something that is not related to the software
that you're updating or installing, just say no. Uncheck the option. If it's
a toolbar, if it's a browser, if it's something else unrelated to what you're
actually downloading and installing, just uncheck it, say no.
That will help you to avoid problems very much like this in the future.
Next from Answercast 53 - Is downloading .torrent files without downloading the files they point to a
problem?
Thanx Leo.
May I add…..
Even if the extra program offered is something you might want, don’t load it now.
When you’re finished with what you’re doing, do some research on the other program. There might be info about it, found by using search. Also, if it turns out you really want it, there might be better sources from which to obtain it.
I won’t list sources, as I’m not sure about Leo’s forum rules, but you can also find good info regarding safe download sources, via search.
The other day I did as you suggest before I read this article, and the software downloaded the Babylon Toolbar even though I told the software not to.
I went into add/remove programs and uninstalled Babylon. I then ran Spybot Search and Destroy and Malwarebytes, that both said they removed Babylon. I rebooted the computer, but Babylon Search was still hijacking my homepage and my Firefox search (Babylon search page was the new hijacked homepage) and Firefox “new tabs” opened into the Babylon search page.
I then changed registry entries in Firefox, which didn’t remove Babylon search.
To get rid of Babylon search, I had to reinstall a recent Firefox profile that I had saved with FEBE. Unfortunately, FEBE wouldn’t reinstall the profile through FEBE itself, so I had to change the profile extension to a .zip file and zipped the profile it into a new Firefox profile folder to get the old profile back.
I think bedlamb makes a really good point about not installing any additional software from a different vendor within an installer. There are probably some legitimate ‘partnerships’ out there, but most software vendors are in it for the money which means they will not check, nor care, what rubbish they fool people into installing. This is a real problem for consumers, but the problem is as long as they have the correct legal documentation, the vendors are quite within their rights to do so.
And, how I despise Babylon. I won’t even get started on them. This type of behavior is completely wrong and there should be a stop to it! But until there is a guess we’re all just going to have to learn to be more careful. Maybe if nobody installs any of this extra software, the companies will stop paying each other because it is no longer profitable and we will eliminate this problem. Haha
Recently while installing software, I had to click trough several installation screens labeled “Advanced” to discover that extra, unwanted software would be installed with the software I wanted. This is nothing short of devious tactics and unethical behavior and I can’t see how any legitimate software can allow this kind of thing to be associated with their companies. I don’t consider myself “Advanced,” just curious, so I would imagine the unwanted software gets installed with regularity.
I run my browser sandboxed when downloading/testing new software and then if necessary run the downloaded software sandboxed. If all seems well after a time I might install and run un-sanboxed.
Sandboxie is available free and is well worth having..although maybe a little geeky for some home users.
Jp
How do I remove Babylon when it doesn’t appear in Programs in the Control Panel and Revo can’t find it either? It imposed itself on Firefox, and is activated whenever I write something in the Address Bar. I don’t have anything against Babylon other than I don’t like programs sneaking their way onto my machine. BTW, I am very careful about not accepting added programs on installations, but maybe Babylon got past me.
@MVF,
Babylon does seem to attach itself to Firefox. Try uninstalling Firefox, cleaning up with Revo, and then reinstalling.
Here’s an article where Leo treats hijacks like this as a virus … a good approach!
How do I remove this hijack of my search engine?