Does your story sound at all like mine? Allow me to share...
I woke up yesterday morning and began my day (as usual) by starting up my system and getting online to check my email and Facebook, etc. However, when I opened my Firefox browser, I got a message saying it was installing updates - and that isn't unusual at all for Firefox so I waited the 30 seconds or so for it to do its thing. Well, instead of showing the Mozilla page it always takes me to after an update, it shows me this strange search page, with a search box added to my tabs at the top of the browser, and a strip of popular links for Facebook, Twitter, etc. I never use ANY search engine add-on in any of my browsers (IE, Firefox or Chrome) because I know they are vulnerable to malware. I have to be ultra-aware of malicious software because I am webmaster. I don't even open fowarded emails, folks.
Anyway... All it showed me was a quad-colored icon next to a text field (much like Google's search or Bing, but this clearly cannot be mistaken for either) and the title "Search Results". I thought Mozilla might have started a new search engine of its own or something, but it still made me mad and I didn't use it. So I went to Internet Explorer and it was there, too. And then I opened Chrome... there too.
1. Don't panic. Whomever created this pain in the butt thing wasn't very sharp - it's easily found and removed, at least it was in my case. Take into consideration that I did NOT use this fake search engine because I am generally leery of anything I didn't authorize or install on my system myself.
2. It will be in ALL of of the internet browser programs on your system because they all use similar files to execute getting onto the internet. It will have changed your default home pages in all of them, and no matter how many times you change it back to what you originally wanted, it will always come back until it's been removed.
3. You can try and run your anti-malware/spyware program(s) to detect and remove this. Spyware Terminator, Malwarebytes and even Vipre didn't recognize this as malicious on my system, and all of my definitions have been updated as recently as this morning. Go ahead and run what you like, but you're probably here because you already tried an nothing's worked.
4. DO NOT DO ANYTHING SENSITIVE ON THE NET WHILE THIS CRAP IS STILL ON YOUR SYSTEM! Don't log into Facebook, don't buy anything off Amazon, etc. If you have done these things, go and change your passwords and keep an eye on your bank account after you've successfully removed the malware.
(The filename for DefaultTab/MySearchResults is defaulttabBHO.dll)
6. You "might" have to make sure that hidden files/folders are able to be seen for this step. Click HERE for a great tutorial that I used just last week - and you don't have to download anything, which is a super plus. This is just a simple walk-thru tutorial from How-To-Geek on exposing hidden files. My piece of crap malware was located in this part of my system: C:\Users\'MyName'\AppData\Roaming\DefaultTab\DefaultTab. The "AppData" folder is hidden by default in Windows 7 Ultimate. If the malware isn't in this location on your system, it likely it piggy-backed a piece of freeware or something that you installed recently. Find that folder and look for any files that might indicate DefaultTab/MySearchResults and delete it/them.
7. Then what you want to do is enter your Control Panel and then go to Programs/Uninstall Program. Look for DefaultTab in the list and uninstall it. If you don't see that, you can look for MySearchResults. Best bet, however, is DefaultTab. This is the order in which I did things. I can't tell you if using the Uninstall Program feature first will yield the rest of this walk-thru useless or not. I'm happier covering as much ground as possible for removing malware completely from my system. If that means taking more steps, that's fine with me!
8. Run a program like CCleaner and have it clear out old browsing data, cookies and have it check your registry for things that are useless and clean that up, as well.
9. Go into each of your internet browsers and check your addons, apps, and your default page properties and make sure there is no sign of DefaultTab in any of them, and then change them back to what you liked.
10. Restart your system.
That was easy.
NOW - here are some tips that I frequently give friends and family for preventing (or easily detecting) this kind of thing from happening in the future:
1. One-click access to things on the net might be convenient, but oh it's so dangerous! Make sure that every time you shut off your internet browser/browsers that the program is set to dump all of your history and cookies. Don't leave it sitting on your system. Keep your passwords on PAPER in a place that is safe. Better yet, and if you can, remember all your passwords and make sure they are both alpha and numeric, and that you have at least three or four different passwords that you use for your internet activity. Yes, it's one or two more steps to accomplishing your goal on the net, but it's better to be inconvenienced for a minute than to be calling your bank asking about a 400$ purchase made to Walmart.com that you didn't authorize... (had this happen to a family member who liked to keep her stuff easy to access. See what I mean?)
2. Make your default browser page "about:blank" in all your browsers. Why? Because when stuff like this happens you'll see it for the red flag that it is and wont be likely to confuse it with legitimate resources.
3. Don't use search engines to surf the net. What I mean is, if you know a website's address, just put that into the address bar in the browser, not as a search term on Google, Bing, Yahoo!, etc. Stay as private as you possibly can on the internet!
4. In your browser's settings, make sure that the browser ASKS YOU EVERY TIME where you want something downloaded. Doing this you will get a window asking if you want to download the software, if you want to scan it with your antivirus program, and then it will let you choose where you want to download the software to. Give yourself as much control over this process as possible so if things do go wrong you are in a much better position to fix the problem.
