March 27, 2014

Getting Rid of Shady Toolbars

News Threats

Perhaps it has happened to you. One day you open your Internet browser and instead of going to your usual homepage, you go to the landing page of a search engine you’ve never heard of. Then you notice that the built-in search box in your toolbar is gone too, replaced – again – by one from the same landing page you were just on. What’s worse is that you go through all of the typical uninstall procedures in your browser and on your system, restart and… it’s still there.


This is BitGuard, the generic name of one of a family of programs that include search toolbars like MixiDJ, Delta Search, SearchQU, Iminent and Rubar, among others. It is a complicated piece of malware often tied to free software downloads, and it is designed to generate income for a third party by hijacking your system.

It is a complicated piece of malware often tied to free software downloads, and it is designed to generate income for a third party by hijacking your system.

It works like this, according to SecureList. Users try to download some type of program like music, software or video files and – importantly – related drivers and installers from an affiliate program they are prompted to use. When the installer is downloaded, so is the toolbar – sometimes with the user’s consent, sometimes not, depending on the specific program.

From there, users are funneled into the new program’s search function in the toolbar and new homepage, and are then redirected to that search engine’s results page. Here’s where the money comes in – advertisers pay these hosts to push their content to the top of the results fields, which is where most users click first. When users click through the advertisers’ links to the advertisers’ pages, the search toolbar owner gets paid.

Google reportedly stepped up efforts to curb such programs last year, but it remains a problem.

Users who encounter these programs should first attempt to uninstall the programs from their system. On a PC, you can do this by clicking on Start, going to the Control Panel, then clicking on Uninstall a Program – then scroll through the programs and uninstall the unwanted ad-on. This may not take care of the problem, so from there, uninstall it from your web browser. In Firefox, you would do this by clicking on either the main dropdown tab in the top left – or if you have the menu bar display, by clicking on Tools – then in both cases, select Add-ons and then remove the unwanted program. The uninstall steps are very similar for other web browsers.

Unfortunately, for some toolbars these measures might not be effective, and in this case you’d have to use Google search (oh, what irony!) to find toolbar-specific removal instructions. Be aware of sites that make you install additional software to remove the unwanted software (irony again). While it seems to be the easiest, one-click solution, many “removal and optimization” programs are spammy or malicious by themselves.

These unwanted add-ons can sneak through the cracks because users often give them permissions to install, not knowing what they are, rushing through the download processes only to find out later the harm they’ve done to their systems. The biggest factor to keep in mind here is how vital it is to have a robust antivirus program, which can warn you about any riskware you are going to install. It’s worth noting that many free antiviruses install search toolbars as well, so in this case we suggest using paid products.