Having regrettably accepted the invitation to grub around in the google cesspit looking for help with DRM issues, I inadvertently 'acquired' the hola.com browser search redirect.

None of the Googled suggestions for removal worked - it was not shown as an 'add-on' in FF or IE. nor as a search engine. If anyone else is plagued by it (it opens new tabs at 'hola search') and there is suspicion that it may not be 'above board', this is how I eliminated it.

No obvious sign in the registry, av scans or mbam scan, but hijack this pulled it out as a browser search R0 key. Deleted.

Tab back on reboot.

Looked in about:config in FF and there is was - as a 'new tab' url. Once deleted I appear to be clear.

Interesting, thanks BOAC.

Incidentally I noticed yesterday when I was forced to upgrade flash to watch a video, that it automatically installed google chrome and tool bar without even asking if it could and even made it default browser. :ugh::ugh::ugh:

Just done a Flash upgrade,gg and that did not happen (Win7) Perhaps you missed the ever so tiny 'decline' box? They are getting smaller and better camouflaged.:mad: Mind you, I did not see one on that upgrade, just accept/install:confused:

It was rather odd in fact BOAC, I had already upgraded it earlier in FireFox and as you say it was fine, I then had to upgrade it in I.E as the site doesn't run in FF and it was then I got the additions.

I cannot cast any light on that, since neither my XP nor Win7 IE's have Flash installed so I cannot 'upgrade', and if I try to install 11 it has a very obvious 'Here comes Chrome' button.

Grr! Just rebooted into Win7 from XP to find FF now has 'Delta Search' lodged in the about:config and on new tabs. Where the *** do these things keep coming from?

Significant reg cleaning, mbam running, home page resetting, prog folder deleting.............. gone (for the time being).

I distinctly recall unticking all the 'install Delta this and that' boxes. I guess the barstewards are now de-activating the 'don't install' code and just leaving the 'untick' code in place?

How many times do we have to repeat this?

Into safe mode
Clear all temp and temp internet files from all profiles
reset the browsers to their defaults
uninstall all browser toolbars listed in add/rem programs
run RKILL
run Hitman Pro
if 32-bit run through SmitFraudfix
run Combofix
run Spybot S&D
run Malwarebytes
finally update your AV software and do a FULL scan

In XP I'd also run Dial-a-Fix over it, and if I had the files to hand I'd reset the shell executable settings

Good point, Milo.
Should your advice be a sticky?

Don't forget, AO, the advice (which is thorough) depends on the victim having access to all those programmes, updated, when he/she is probably not able to access the internet. A lot of 'shufling' of mem sticks/CDs, so the sticky needs to advise downloading AAL those progs in advance

Like gg, I am more interested in how these things are getting 'in' in the first place when they are specifically not invited, and it looks as if the option to 'not install' is in fact a facade in some cases.

In many cases they "get in" simply by you accessing a poisoned web site. And the further you go digging in the mire, the higher the chances. Looking for DRM cracks is a good way of getting hacked, as by definition the web sites you are browsing are on the wrong side of morality. If you add to that the probability that the adverts on the pages (because they'll be advert sponsored) are probably hacked, and you've little chance. Many of these infections come from scripts which run on the webpage or advert, and require no input from you to run. Simply go to the web page, get infected.

Thats why when I'm delving into the undernet, I ONLY ever use Firefox as a browser, I have No-Script, Ad-Block plus, Ghostery installed as plugins, the browser is set to remove all temp internet files, the machine is set to delete all temp and temp internet files and the AV software (Avast) has had its settings ramped up to automatically delete ANYTHING thats the slightest bit iffy. Even then I usually only use one specific machine.

Bottom line is, browse unsafely, you WILL get hacked

Milo - you have missed the point I fear. The 'invasions' we are talking about were specifically 'declined' during any installs. Like you, drive-by shootings on my machine are difficult to implement. The 'Delta' install was specifically selected as 'no'. gg claims not to even have been given the choice. That is the point I am trying to make.

By the way, was someone looking for DRM cracks??
"Having regrettably accepted the invitation to grub around in the google cesspit looking for help with DRM issues," - not 'cracks'. Beware of judging people based on what looks like your experience.

and my point is that if you go to high risk sites you will get infected one way or another. These infections install with no user input - they just happen. While you were busy deciding to untick something, a script was running elsewhere on the page installing it anyway. Thats why you need the No-Script plugin....
And whether you were looking for cracks or not, delving into the murky areas of DRM 'information' is going to send you to some dodgy sites with a high risk factor

"Thats why you need the No-Script plugin" ....hate to disillusion you but.........

and my point is that if you go to high risk sites you will get infected one way or another

So milo, you class Adobe as a high risk site, that's interesting.

"So milo, you class Adobe as a high risk site, that's interesting."

I made no such comment, and nor would I regard their website as especially risky.
However I would reqard their Flash/Shockwave/Reader programs as potential liabilities. All have a number of unpatched flaws, which make them attractive targets for malware writers.
However, the Adobe players are probably more secure than the alternatives from other companies

Hey
If I may offer another suggestion for removal, from Bad Experience ;-)

Open Google Chrome, Click on the 3 bar icon and go to Settings, then in the "On Startup" section click on Set Pages in there put your mouse on the Holasearch line and click on the X symbol on the side to remove it , then you can add your favorite Homepage as you'd like.
In the same Setting page go to Appearance section click Change,
If you don't see the Change Button then mark the "Show Home Button" option, and then click on change
Remove the Holasearch address or choose the add a new page option to add a new page by entering its URL and hit OK to complete the modification.
Then last thing go to Manage Search Engines
And choose a different Search Engine and make it your default and then remove the Hola search by putting the mouse on it and clicking the X Symbol

when done go to the extension menu and look for any Holasearch extension, or BrowserProtect or BrowserManager and remove it

On explorer what i did was to go to Manage add-on's menu from there to make sure you don't have in the toolbars & extensions menu any Hola or BrowserProtect feature if so remove it by clicking on the Disable button,
Then in the same window go to Search Providers and make sure you don't have Hola as a search provider, if so remove it
last thing . go to options window and make sure that in the general tab that Hola is not set as your home page if so change it , apply and ok
close your browser and reopen it

that's it
hope it's easy than it seems

But Adobe put 2 programs on my computer that I neither wanted or asked for, that makes it a rouge site as far as I'm concerned.

I have found that if you allow the pages to fully load when installing Adobe products you will see the tick box for the extra software. If you click on install now as you see the icon, then it will see that you have not unticked the (not yet loaded) tick box.

"So milo, you class Adobe as a high risk site, that's interesting."
Wrong thread and OS, but lots of issues with Adobe on Macs.

Adobe does install extra programs, but while the programs may be unwanted
1) they are benign
2) the option not to install is clearly available if you choose to actually read the setup instructions / options. The only people who get caught are happy clickers who don't bother to read what the instructions say. I put that down to user stupidity.
The Adobe add-ons are not scamware / malware, unlike the toolbars and search redirects which were the initial topic in this thread.

The Adobe add-ons are not scamware / malware, unlike the toolbars and search redirects which were the initial topic in this thread.

Indeed they aren't. But I regularly get called to sort computers for folks older than me, because their computers "aren't working". Part of the problem is usually a batch of this "pushware".

I'd like a requirement that they have to be "tick to receive", not "untick not to receive". It would save me a lot of cups of tea and admiring of dogs, cats, and gardens.

Keef

I thought you chaplains were supposed to welcome chances to get into peoples houses and convert them to the Christian way.......there you go, how about rebranding yourself the "Computer Evangelist"? (In case you don't know, M$ call their lead technical salespeople "product evangelists"!)

More seriously, yes you're right - it should be "opt in'

Or you could just play nice, post the instructions here and don't be such :mad:. Also, copying the look and feel of the Google search page is pretty naff.

For starters:

Firefox:

Open Mozilla Firefox. Go to Tools >> Add-ons.
Select Extensions. Uninstall the following extension: Hola To remove Hola Toolbar.
Click the small magnifier icon at the right top corner. Select Manage Search Engines... from the list.
Select Search the web (Hola) and click Remove button. Click OK to save the changes.
Go to Tools >> Options. Under the General tab reset the startup homepage.
Chrome:

Open Chrome and click on the Google Chrome Menu icon (the three lines on the right hand side of the screen). Then click on Settings.
Under On startup, choose the option Open a specific page or set of pages. Then click on Set Pages and delete Hola's page from the list by clicking the small "x" icon beside it. Then click ok.
Back on the settings screen under Search click on Manage search engines. If you see Hola Search as a default search, click on a different option and then click Make Default. Then click on done.
Once again back on the settings page, click on Extensions on the upper left side of the screen. Remove any Hola extension that you do not want from the list by clicking on the small trash can icon.
IE:

Select Control Panel from the Start Menu. From the control panel select Uninstall a Program. Find Hola toolbar on IE in the list, select it and click on the Uninstall button near the top of that window.
Open Internet Explorer. Click on the Menu Icon (the small gear) and select Manage Add-ons.
From Manage Add-ons menu, Select Toolbars and Extensions. Uninstall everything related to Hola from the list that you do not want by clicking on the program name and then clicking on the Disable button on the bottom right of the screen.
Next, Select Search Providers from the left hand side of the Manage Ad-ons screen. First of all, choose a search engine and make it your default search provider (set as default). Then select Search the web (Hola) and click Remove button to uninstall it (lower right corner of the window). Finally, click close.

I just uninstalled it through the Control Panel (WIN7) and that worked OK.

Got it downloading VLC, even though I was watching out for 'extras'.

Eventually had to go directly to the VLC website to get a clean copy of the installer.

Bushfiva

Because, put simply, uninstalling the program usually does not remove all of it. You still need to sanitise the machine

Got it downloading VLC, even though I was watching out for 'extras'.
Eventually had to go directly to the VLC website to get a clean copy of the installer.

No tea and sympathy here. What on earth were you doing installing something from an unofficial source ?

Milo, I was expecting a company that which hides its location, has a boilerplate EULA but states no jurisdiction, and specifically disclaims responsibility for what its "affiliates" do might step up and point to a utility which removes all traces of the junk from the system. Of course, I'm not expecting too hard.

Bushfiva

sorry - I misinterpreted what you were trying to say, didn't realise there was sarcasm intended

Still getting this, but only on some sites.

No reference to it anywhere on my machine so I suspect that it is just embedded in these pages.