Remove WebSearcher Adware

Ads. This three letter word makes most of internet companies’ earnings. Facebook, Google, Yahoo, and other sites get their bread and butter from ads they post on their sites. If not for these ads, these companies would not even get to breakeven point. It gets really pesky when you are in the middle of watching an instructional video on Youtube when suddenly a car insurance ad pops up. What a party pooper! There are other sites that give you a premium account to get rid of these ads while some don’t. No matter how annoying these things become, they are here to stay. Some companies also make adware (ad supported software) to generate ads for the products that they are selling.

Adware, according to Wikipedia, is any software package that automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the UI of the software or on a pop up shown to the user during installation. WebSearcher, authored by Web Fox Ltd, is an adware which was just recently discovered by IT security professionals on February 5, 2016. It is affecting computers using the Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP operating systems. This adware will generate pop-up ads on the computer that it was installed to. It is quite easy to remove WebSearcher adware from your computer though.

To remove WebSearcher adware, you first have to reboot your computer and get it to start on Safe Mode. Once you are there you need to, run Rkill. It is a program that is used to terminate all malicious processes. After doing that you need to run Norton Power Eraser or NPE. Once NPE has done its job you need to delete these following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\”Options” = “0”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\”Version” = “10001”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\”DSPath” = “LocalGPO”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\”FileSysPath” = “%System%\GroupPolicy\Machine”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\”DisplayName” = “Local Group Policy”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\”Extensions” = “[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7D3–0000F87571E3}]”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\”Link” = “Local”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\”GPOName” = “Local Group Policy

You need to reboot your computer after removal is done to ensure all changes made will take effect. A word of advice though, if you have no experience dealing with the Windows Registry and you don’t have the guts to tinker with it, it is suggested that you let an IT professional remove those entries for you. One wrong move will corrupt your operating system and leave your computer useless.