Friday, April 25, 2014

Remove Wow.com Search Engine Geared by PUP.Optional.WowSearch.A

VilmaTech Onlione Support and this
website should not be mistakenly taken
to be associated, affiliated, sponsored
or owned by wow.com’s creator or distributors.
The provision of information and solution
is the one and only intent.




 

Wow.com – What’s Happening? 



Wow.com Hijacks Homepage and Search Engine

Many PC users started to see wow.com when they typed in queries. Only when the outcome is somehow different from that of Google.com did they notice that both homepage and search engine had been hijacked by the application called wow.com. Most of PC users found that wow.com homepage could be easily to remove, but this is not the case when removing its search engine.


Wow.com Can’t be Removed by Anti-virus Programs

According to some victims, most installed anti-virus programs will not detect wow.com when hijacking and redirecting is putting on. Only MalwareBytes picks up several files called "PUP.Optional.WowSearch.A". However, quarantining and removing those files will not drive away wow.com search engine.


What Is Wow.com?

At the sight of the below behaviors, people would consider wow.com as virus:
  1. Additional files related to wow.com are detected by installed anti-virus programs.
  2. Wow.com installs itself without permission and will not go away without a hitch.
  3. Slowness is manifested on both page-loading speed and executing commands.
  4. Multiple processes are running in the background to consume CPU.
The fact is just on the contrary, wow.com is not a virus at all; given all these aggravating behaviors, it is no more than a PUP (potentially unwanted program). So we don’t have to fuss about it any more? NOT NECESSARILY. One should raise queries as follows:
  1. If wow.com is not a virus at all, how come it manages to stick to a computer and will not be removed with conventional methods?
  2. What it hijacks for?

The below answers are given by senior technicians from Global PC Support Center:

For question NO.1: BHO and JS techniques are imperative when making a website, wow.com is no exception. Besides the normal functions of the two techniques, further functionality have been extracted by the creator of the rogue search engine – preload codes into system configuration and make the JS modifications solid to ensure frequent redirect and automatic start at each Windows start.

For question NO.2: Wow.com is a PUP, the category that nowadays online operators are prone to use for product promotion as well as traffic interception. Perhaps some PC users are confused about its motive when nothing but hijacking is happening. But wow.com is recording your surfing preference and absorbing as much traffic as it can when you are wondering why. What for? By uploading such information, its creator will be enabled to post ads onto the sites that are frequently visited and obtain profitable income by reselling traffic to some lazy and greedy online operators.



Should I Be Worried about Wow.com?


YES. What do you think that wow.com uses to upload the collected information? It is backdoor program. Potential dangers also can be stemmed from BHO and JS techniques as wow.com is not strictly built. How can we say that so doubtlessly? Remember key-find.com and dm.StartNow.com and the many others? Wow.com is just one of them. Without it, there are many others to do the same work. Therefore, bug can be readily detected and exploited by virus. Consequently, BHO and JS techniques will be utilized to preload vicious codes into system configuration and record log-in credentials without knowledge and authorization.




Since security utilities are not able to deal with wow.com and its component PUP.Optional.WowSearch.A, manual removal method is provided below to offer help. Stick to the steps only if you are technically sound. If not, please do feel free to start a live chat with security adviser here.
live chat to get expert help in removing wow.com



Manual Removal Thread to Help Remove Wow.com Search Engine


Step1. Remove the extensions created on the day when wow.com was firstly detected.

Internet Explorer
Tools > Manage add-ons > ‘Toolbars and Extensions’ > remove wow.com's extension > ‘Search Providers’ > remove wow.com's extension.

Mozilla Firefox
Tools > Options > ‘Extension’ > remove wow.com's  extension > ‘Plugins’ panel > remove wow.com's extension.

Google Chrome
Spanner icon > "Tools" > ‘Extensions’ > remove wow.com's extension.

Opera
Opera menu > Extensions > Manage Extensions > remove wow.com's extension.

Safari
Safari Menu > Preferences > extensions tab > remove wow.com's extension.




Step2. Restore the homepage from wow.com.

Internet Explorer
‘Search Providers’ > select desirable search engine > press “Set as Default” button.

Mozilla Firefox
Options > General tab > "homepage" > type your desirable URL.

Google Chrome
Spanner icon > "Settings" > Search section > click dropdown menu to select desired search engine.

Opera
Opera menu > Settings > Preference > General tab > "Home Page" > set your desirable homepage.

Safari
Safari Menu > Preferences > General tab > Default Search Engine > set desirable search engine.




Step3. Modify Hosts file to block wow.com from appearing.

Windows
Win+R key combination > type CMD > hit Enter key > type "ping wow.com"  > Enter key > note down the IP address for wow.com > navigate to C:\WINDOWS\system32\drivers\etc > click open Hosts file > paste the IP address to the last line > save file.

Mac OS X
Finder launchpad icon > Utilities > Terminal > type "ping wow.com"  > Enter/Return key > note down the IP address for wow.com > shift+command+g key combination > type “etc” (/private/etc/hosts) > Enter/Return key > click open Hosts file > paste the IP address to the last line > save it to modify host file.




Step4. Run full scan with reputable anti-virus program again, try to remove any possible items.




Step5. Show hidden files and folders to remove the ones related to wow.com.

Windows 8
Start screen > open any folder > open Windows Explorer > select View tab > Tick ‘File name extensions’ and ‘Hidden items’ options > mainly navigate to C:\windows\winstart.bat, C:\windows\wininit.ini and C:\windows\Autoexec.bat to find and delete every files and folders created on the day when wow.com and PUP.Optional.WowSearch.A was firstly detected.

Windows 7/XP/Vista
Click open ‘Control Panel’ > search for ‘Folder Options’ > tap View tab > tick ‘Show hidden files and folders' and non-tick 'Hide protected operating system files (Recommended)’ > press ‘OK’ > mainly navigate to C:\windows\winstart.bat, C:\windows\wininit.ini and C:\windows\Autoexec.bat to find and delete every files and folders created on the day when wow.com and PUP.Optional.WowSearch.A was firstly detected.


When done, access the following directories and remove the given items.
(tip: the offered directory can vary from system configuration accordingly)
  1. C:\Users\[user name]\AppData\Local\Temp\
  2. C:\Users\[user name]\AppData\Local\Temp\
  3. C:\Users\[user name]\AppData\Local\Temp\ct2504091[or other folders with unreasonable combination of letters and numbers]\
  4. C:\Users\[user name]\AppData\Local\Temp\ct2504091[or other folders with unreasonable combination of letters and numbers]\
  5. c:/windows/system32/roboot64.exe 
  6. c:\users\[username]\appdata\locallow\the item triggered by wow.com and PUP.Optional.WowSearch.A.


Mac OS X
Finder > Utilities > terminal > paste“defaults write com.apple.Finder AppleShowAllFiles YES” > return button > hold ‘alt’ and right click on the Finder icon at once > click on Relaunch button.

When done, go to applications, dock and displays and library folder in your home folder to remove any items that has letters like wow.com and PUP.Optional.WowSearch.A.



Step6. Search for and remove the items related to wow.com and PUP.Optional.WowSearch.A.

Click open random folder and hit on Search icon, type "PUP.Optional.WowSearch.A" and "wow.com"/"wow" respectively in all the search blanks and hit Enter button so as to remove all the detection.



The above manual removal thread should be working and helpful after tens of tests. But be noted that the above thread is exclusively applicable to wow.com rather than any other incidental issues or infections. In the event that additional virus is caught in sight after the harassment of wow.com, go to virus reservoir for corresponding solution or simply ask VilmaTech Online Support for quick fix according to your concrete situation.

live chat to get expert help in removing wow.com

Reference: 

BHO (Browser Helper Object) – Wikipedia

PUP (potentially unwanted program) – Wikipedia

JS (JavaScript) – Wikipedia



No comments: