Welcome to remove-malware.net

How to remove Tubeloyal.com hijacker

Malware Description:
Tubeloyal.com is another tricky variation of Loyaltube.com hijacker. Tubeloyal.com implements purely malicious tactics in order to mislead unsuspecting computer users into installing WinPC Defender rogue anti-spyware. Being pretty much the same thing as Loyaltube.com, Tubeloyal.com is hit after getting the computer infected with the corresponding Vundo Trojan that latently modifies browser settings and diverts the victim’s web-surfing to its fraudulent domain. This Trojan is dropped onto the compromised computer through security exploits without the user’s awareness and consent. When redirected to Tubeloyal.com, you may encounter a few variants of deceptive events. The most widespread one is making it look like Tubeloyal.com (precisely – its extended URL http://tubeloyal.com/tube/?id=…&title=adult+movie?) warns you about your inability to view some online media content because your video codec is out of date. By suggesting the download of the new version of Video ActiveX Object codec, Tubeloyal.com concurrently offers you to trigger the hidden installation of WinPC Defender rogue anti-spyware. You start WinPC Defender installation unknowingly by clicking on the Open option on the dialog box that emerges on Tubeloyal.com. Once installed, WinPC Defender will drastically deteriorate system performance, slow it down and affect the internet connection rate. Another instance of Tubeloyal.com in action is one more of its extensions – http://tubeloyal.com/scan/?id=.., which pretends to scan the compromised machine for viruses and fakes the detection of malware. This technique pursues the goal of pimping yet another dangerous rogue spyware remover called System Security. No matter which one of the above tactics you are undergoing on Tubeloyal.com, remove this hijacker and all malware it has installed ASAP. Otherwise, bid your farewell to normal PC use and internet surfing.

Malware Type: Browser Hijackers

Malware Author: Innovagest2000

Threat Level: Critical

Advice: Immediately remove and scan for additional malware

Tubeloyal.com Hijacker Free Scanner and Remover: Download Now

Tubeloyal.com Fake Codec Security Alert Screenshot:

How to remove Tubeloyal.com hijacker manually:
Manual removal of Tubeloyal.com hijacker and attendant malware is feasible if you have sufficient expertise in dealing with program files, system processes, .dll files and registry entries.

The associated files to be deleted are listed below:

• %UserProfile%\Desktop\Launch WinPC Defender.lnk
• %UserProfile%\Local Settings\Temp\delwdef2008.bat
• %UserProfile%\Local Settings\Temp\[Random Name].tmp
• %Program Files%\WinPC Defender\data.dat
• %Program Files%\WinPC Defender\FwHookDrv.sys
• %Program Files%\WinPC Defender\HOSTS.hst
• %Program Files%\WinPC Defender\Manual.url
• %Program Files%\WinPC Defender\options.xml
• %Program Files%\WinPC Defender\reserve.dat
• %Program Files%\WinPC Defender\rules
• %Program Files%\WinPC Defender\Rules.txt
• %Program Files%\WinPC Defender\siren.wav
• %Program Files%\WinPC Defender\Support.url
• %Program Files%\WinPC Defender\svo.scf
• %Program Files%\WinPC Defender\temp
• %Program Files%\WinPC Defender\Uninstall.exe
• %Program Files%\WinPC Defender\Uninstall_st_st_.exe
• %Program Files%\WinPC Defender\vfile
• %Program Files%\WinPC Defender\WDefDemo.exe
• %Program Files%\WinPC Defender\Web.url
• %WINDOWS%\ieocx.dll

The related registry entries to be removed are as follows:

• HKEY_CURRENT_USER\Software\WinPC Defender
• HKEY_CLASSES_ROOT\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
• HKEY_CLASSES_ROOT\IEocxApp.IEocx
• HKEY_CLASSES_ROOT\IEocxApp.IEocx.1
• HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
• HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
• HKEY_CLASSES_ROOT\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
• HKEY_CURRENT_USER\Control Panel\don’t load “scui.cpl”
• HKEY_CURRENT_USER\Control Panel\don’t load “wscui.cpl”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “sysav”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “Content”

Please, be aware that manual removal of Tubeloyal.com hijacker is a cumbersome procedure and does not ensure complete deletion of the malware, due to the fact that some files might be hidden or may automatically reanimate themselves afterwards. Moreover, manual interference of this kind may cause damage to the system. That’s why we strongly recommend automatic removal of Tubeloyal.com hijacker, which will save your time and enable avoiding any system malfunctions and guarantee the needed result.

Related Articles:

There are currently no similar articles.