LuckySearches, delta-homes, protectservice, Xtab, Picexa picture viewer virus package

[AWS]

Windows ALL versions

 

LuckySearches

delta-homes

protectservice

Xtab

Picexa picture viewer

 

The purpose of this discussion is to link the malware that installs itself as a group.

I have noticed that removal guides often deal with only 1 issue & that will not result in a full removal of the applications.

 

This is the full list of things you need to uninstall to fully get rid of the package.

 

They;

1. install as an extension, homepage & search engine
   
2. add extra scripting to the shortcuts for every browser related program/app
   
3. wipe history, account logins & defaults related to browsers, while also editing browser related links
    
   
4. also they install in many locations in the registry
   
5. may add an entry to startup (but are often not listed in startup)
   

I have found nothing truly effective, except for manual removal.

You need to do thorough searches for all of the names listed & work hard at removing them.

 

The problem is that it can be removed, but unless you deal with the registry, it will lie dormant until a time or trigger event.

It seems that it re-installs itself at around a month later & in re-installing you get the whole package back.

The edits to the registry total around 20-40 deletions/modifications - substatial!

 

(please do not edit your registry if you are unfamiliar, get some help)

 

This guide helps to remove the added scripting to browser shortcuts, but does not go into details regarding the removal of homepages

 

http://malwaretips.com/blogs/luckysearches-removal/

 

Internet Explorer - reset functions are useless, even removing IE as a windows feature will not result in the sufficient removal.

You must manually edit all Internet options in IE & either use default or enter a preferred homepage address.

 

Firefox - you are unable to "refresh browser" using troubleshooting. Manually edit the homepage address first through about:preferences.

Remove the script on the shortcut, manually type bing.com in the address bar & search for refresh firefox. Go to the support.mozilla link that is listed & use the button on that page to "refresh Firefox"

 

Chrome - a full "Reset settings" in Advanced settings will remove it from Chrome. Make sure you remove the addition to the shortcut.

 

As the Windows versions progress, it becomes harder & harder to remove these items.

I am hoping this discussion provides help & also leads to a review of the diminishing user control, that these programs can so easily bypass.

W8/8.1 may be able to restore the system beautifully, but for many reasons that option may be unavailable.

 

 

 

View this thread