Yoog Search/blueskyadagency/contextual Ads/snappyads Removal Guide


Recommended Posts

Yoog Search and its variations is a FireFox hijacker whose goal is to re-direct your searches and force you to use their search engine ( Yoog Search ). It also installs a Yoog Search Bar in Mozilla Firefox, which you can see below in the screenshots

yoog.jpg

yoog2.jpg

You will get popups from Contextual ads by Blueskyadagency, Addestination and Snappyads as well.

Symptoms :

Although its easy to tell whether you have this infection just from using your browser, here are some other symptoms. It drops the following files ( among others ) onto your PC

C:\Program Files\Mozilla Firefox\searchplugins\Yoog.xml

C:\Program Files\Mozilla Firefox\components\nsadzgalore.dll

C:\Program Files\Mozilla Firefox\components\nsadsoftinc.dll

C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll

Also if you see any randomly numbered 36 digit file in the following folder

C:\Program Files\mozilla firefox\components

then the infection is present on your machine

eg :

C:\Program Files\mozilla firefox\components\2d459f29-8673-5b62-1b99-d126554a936e.dll

Removal :

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows ( especially FireFox ) are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www3.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www5.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www6.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www7.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www8.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www9.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www10.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www11.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www13.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www14.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www15.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www26.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www27.yoog.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www28.yoog.com/
    FF - prefs.js..browser.search.defaulturl: "http://www28.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www28.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www28.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www28.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
    FF - prefs.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
    FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
    FF - prefs.js..keyword.URL: "http://www14.yoog.com/search.php?q="
    FF - user.js..browser.search.defaultenginename: "Yoog Search"
    FF - user.js..browser.search.defaulturl: "http://www14.yoog.com/search.php?q="
    FF - user.js..browser.search.selectedEngine: "Yoog Search"
    FF - user.js..keyword.URL: "http://www14.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www8.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www8.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www8.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www8.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www5.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www7.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www7.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www7.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www7.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www13.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www13.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www13.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www3.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www3.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www3.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www3.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www10.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www10.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www10.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www11.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www11.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www11.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www11.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www2.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www2.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www2.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www2.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www26.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www26.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www26.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www26.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www5.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www5.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www5.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www5.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www1.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www1.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www1.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www1.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www9.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www9.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www6.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www6.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www6.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www6.yoog.com/search.php?q="
    FF - prefs.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
    FF - prefs.js..keyword.URL: "http://www27.yoog.com/search.php?q="
    FF - user.js..browser.search.defaulturl: "http://www27.yoog.com/search.php?q="
    FF - user.js..keyword.URL: "http://www27.yoog.com/search.php?q="
    FF - user.js..keyword.enabled: true
    FF - component: c:\program files\mozilla firefox\components\ozunxgvjpnsoioviq.dll
    FF - component: c:\program files\mozilla firefox\components\rnqbuctnbrd.dll

    :Files
    %ProgramFiles%\IEToolbar
    %ProgramFiles%\Mozilla Firefox\components\nsadzgalore.dll
    %ProgramFiles%\Mozilla Firefox\components\nsadsoftinc.dll
    %ProgramFiles%\Mozilla Firefox\components\nsBrowserOpt.dll
    %ProgramFiles%\Mozilla Firefox\searchplugins\Yoog.xml
    %ProgramFiles%\Mozilla Firefox\components\nsBrowserDc.dll
    %ProgramFiles%\Mozilla Firefox\components\nsdcads.dll
    %APPDATA%\Mozilla\Firefox\Profiles\Yoog Search.xml /s
    %PROGRAMFILES%\Mozilla Firefox\components\mexmgzdhgnvqilpib.dll
    %SystemRoot%\system32\mexmgzdhgnvqilpib.dll
    %PROGRAMFILES%\mozilla firefox\components\zvakwomxas.dll
    %SystemRoot%\system32\zawcukanoit.exe
    %SystemRoot%\System32\lkvwtxiako.dll
    %SystemRoot%\system32\zvakwomxas.dll
    %SystemRoot%\system32\dgbzetddjouspgzqz.dll
    %SystemRoot%\System32\nsn*.dll
    %SystemRoot%\nmwi*.exe
    %SystemRoot%\system32\nsx*.dll
    %SystemRoot%\system32\nsj*.dll
    %SystemRoot%\system32\nsv*.dll
    %systemroot%\system32\nsf*.dll
    %systemroot%\mutfp*.exe
    %systemroot%\obwu*.exe
    %systemroot%\ntaj*.exe
    %systemroot%\nwuhr*.exe
    %systemroot%\System32\nss*.dll
    %SystemRoot%\system32\*-uninst.exe
    %SystemRoot%\system32\*-remove.exe
    %systemroot%\system32\nsr*.dll
    %systemroot%\reax*.exe
    %systemroot%\giptf*.exe
    %systemroot%\tkoo*.exe
    %systemroot%\axjth*.exe
    %systemroot%\ertbg*.exe
    %systemroot%\jnnmp*.exe
    %systemroot%\bprxe*.exe
    %systemroot%\xwisg*.exe
    %systemroot%\jpng*.exe
    %systemroot%\fhsv*.exe
    %systemroot%\dfmqc*.exe
    %systemroot%\wgfp*.exe
    %systemroot%\gweq*.exe
    %systemroot%\pxwis*.exe
    %systemroot%\fcvmq*.exe
    %systemroot%\System32\hfkxlchuhv.dll
    %systemroot%\System32\nst*.dll
    %systemroot%\dmkv*.exe
    %systemroot%\system32\nseE*.dll
    %systemroot%\System32\nsk*.dll
    %systemroot%\system32\mexmgzdhgnvqilpib.dll
    %systemroot%\system32\ibgyxrpdcrlay.dll
    %systemroot%\system32\ympweffizcodl.exe
    %systemroot%\kdiue732.txt
    %systemroot%\system32\jmcvcflmiugsrfia.exe
    %PROGRAMFILES%\VnrBlock
    %PROGRAMFILES%\iCheck
    %systemroot%\tvilp*.exe
    %systemroot%\itqot*.exe
    %systemroot%\system32\wskuofzpxkxdb.exe
    %systemroot%\tutvo*.exe
    %systemroot%\hsep*.exe
    %systemroot%\system32\pihtwcdtsghokinvg.dll
    %systemroot%\system32\juluypfvhofv.dll
    %systemroot%\system32\nsl*.dll
    %systemroot%\system32\gchnamepziopknko.dll
    %systemroot%\system32\pihtwcdtsghokinvg.dll
    %systemroot%\system32\yprhhrqubcbujp.exe
    %systemroot%\system32\ucicolizrhssr.dll
    %systemroot%\system32\hiwdrlnk.exe
    %systemroot%\System32\nsg*.dll
    %systemroot%\System32\jifgoojjyhmkthcfk.dll
    %USERPROFILE%\Start Menu\Programs\Startup\runit_32.lnk
    %PROGRAMFILES%\runit
    %systemroot%\System32\hokfklenusuebapl.dll
    %systemroot%\System32\drsqpwimruypmc.dll
    %systemroot%\System32\nsxE*.dll
    %ProgramFiles%\Mozilla Firefox\components\drsqpwimruypmc.dll
    %ProgramFiles%\Mozilla Firefox\components\hokfklenusuebapl.dll
    %systemroot%\System32\kxzubfhuxew.exe
    %systemroot%\System32\dsygtypzdloyoxivg.exe
    %systemroot%\System32\qdfggdhhofhhylbfx.exe
    %systemroot%\system32\spkr.exe
    %systemroot%\system32\winset.ini
    %systemroot%\ajis*.exe
    %systemroot%\cdmb*.exe
    %systemroot%\vsoei*.exe
    %systemroot%\bkit*.exe
    %systemroot%\okjo*.exe
    %systemroot%\xwaro*.exe
    %systemroot%\ojxde*.exe
    %systemroot%\system32\spkr.exe
    %systemroot%\system32\winset.ini
    %systemroot%\system32\cabine.dll
    %systemroot%\system32\rnqbuctnbrd.dll
    %systemroot%\system32\nsy*.dll
    %ProgramFiles%\mozilla firefox\components\ozunxgvjpnsoioviq.dll
    %ProgramFiles%\mozilla firefox\components\rnqbuctnbrd.dll
    %systemroot%\system32\nsa*.dll
    %systemroot%\system32\ebrhmlpemih.dll
    %systemroot%\system32\sfirpzmipv.dll
    %systemroot%\system32\dkwjlgwkreqy.exe
    %systemroot%\system32\nsm*.dll
    %ProgramFiles%\mozilla firefox\components\????????-????-????-????-????????????.dll
    %systemroot%\System32\????????-????-????-????-????????????.exe

    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0d2e786-354b-fea1-8de7-883e7524e6d2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2fe5f61-3eb4-4e22-7c84-f52993635f52}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f20e8516-7d08-c1e3-e689-96d39bb42220}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ad7781e6-d262-25f8-389d-967a6d974748}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77cab7d9-e377-ddfc-7d69-cd9cab0e10ff}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8620A38-0404-12B1-FA60-5A0C1FB1C6A5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B188763A-902C-98E9-780E-DAA0BF25BBFD}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c18a538-eb55-9029-1fdb-37769fbefee2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58b39041-fe10-d989-5b61-50d6fe664b48}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{994b5fb4-0103-44a6-b6b3-c73572b362bc}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8217294-fa91-dd4d-ba56-4561001b63c8}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{670b520c-3f08-4d72-94a5-047740c07766}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78f9a905-789c-d4b1-d5d6-336920981691}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78ff6579-e7fe-8225-43c1-3fe7864edc62}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8217e11-e93b-fc21-7455-fea561f86263}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlhbxrcsmhodrzf]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iztcfgmowgboporyl]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b5b5ca3-3bec-e287-841a-52b690c5641a}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8415b27c-0bd3-dcf3-6c9b-354472fd2f31}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a09d0f21-af0a-aba8-16d7-6b8ffabcb6a0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c7368fb-d033-ce70-4757-e3b62547b82c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{667675cf-b246-41eb-a1c4-5d8c6231bd49}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{733716e1-76d2-4003-ac39-845281c0ef85}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7e5f38b-3105-3aa1-4519-bd2d7e219a76}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{031502ac-155a-922d-031c-bcd735a47512}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{040dc938-3620-9395-8810-c742263372c8}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d685ddf2-6463-fd20-4a25-97da85835f20}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1bd3b92c-ee2e-f53d-24ca-4244ab728c8a}"=-

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • The fix should only take a few minutes to run. If it appears to freeze then try it again.

Your computer should now be clean from Yoog Search and its friends. If you find it is still present then you need to visit the Malware Removal forum to ensure its complete removal. This can be due to new variants or other infections being present on your machine.

If you have had any issues or problems with this fix please let us know.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...