Tuesday, May 14, 2013

How to avoid infection with searchqu toolbar and prevent change of your default search setting?

As I write this, I am looking at a "Notification" window from the Searchqu Toolbar, that looks like this:

when you click the ballon you get:

Searchqu Toolbar Notification about detection of an attempt to change your default searchsetting
Searchqu Toolbar Notification
The full text of the searchqu notification message is:

Searchqu Toolbar has detected an attempt to change your default search setting.
The default search setting applies to searches made via your browser.
What would you like to do?
  • Keep my current default search setting
  • Disable default search protection and replace my default search with (6A1806CD-94D4-4689Searchqu Toolbar option disable search protection chinese)

If you click settings, you get this window:

Searchqu Toolbar Settings Window Option to enable searchqu toolbar default search protection
Searchqu Toolbar Settings
The full text of the Searchqu Toolbar Settings dialog window is:
Searchqu Toolbar SettingsSearchqu Toolbar protects your default search setting from being automatically changed by different applications
Checkbox: Enable Searchqu Toolbar default search protection
I did not know what this was at first, but now, after a few searches, I know that the Searchqu Toolbar is a sort of malware/adware browser hijacker that takes over your browser default search engine settings and uses the searchnu search engine instead.

I am still looking at the notification and it is very clear that whatever I choose, I am very likely to get infected.
I searched for ways to prevent or avoid the toolbar from even installing, but I only found ways to uninstall the toolbar.

There are a lot of articles and tutorials on the web about how to uninstall the searchqu toolbar and I don't really know which one to follow or to trust. Excuse me for being paranoid with the virus half way in my system, but out there it looks like an industry of tutorials and how to's for removing searchnu, which makes me suspect that they are in it somehow. They might be in it for the benefits of traffic I guess, as I am also using this article to attract some traffic. And maybe some are just helping and some are just riding this wave of searches for other marketing purposes and why not, even other scams.

After understanding that I have to remove the application form Windows via the control panel, I checked to see if the toolbar is already installed in program files. Although I haven't yet clicked on OK or X the Searchqu Toolbar is already listed in programs and I can uninstall it. The default browser, Google Chrome, has apparently not been affected, yet, while Firefox is definetly already infected and loading searchnu.com

I have yet to check the windows registry with regedit but since one browser is compromised, I am pretty sure it is too late to prevent getting the searchqu/searchnu 'virus'.

I am wondering though, how, why and when did it happen. When the notification appeard I was working on a laptop that I dont use very often, on which is running Windows 7, with protection form Microsoft Security Essentials active but to my disappointment not updated (now running a quickscan).

I was involved in a few activities using the following programs on Windows 7:

  • Editing pages online on a Wordpress blog with the theme Tungstenation installed using Google Chrome
  • Editing files via FTP using Notepad++
  • Copying tungstenation.pot file  via FTP using Total Commander
  • Editing tungstenation.pot file with Poedit (that had just updated)
Now that i had a better look at the programs installed i see that the toolbar was installed since 11.11.2012?!.

If there is any way to prevent this form happening pleas comment and leave a useful message for others to find.