{"id":4231,"date":"2014-03-27T10:00:58","date_gmt":"2014-03-27T14:00:58","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=4231"},"modified":"2017-09-24T08:21:46","modified_gmt":"2017-09-24T12:21:46","slug":"getting-rid-of-shady-toolbars","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/getting-rid-of-shady-toolbars\/4231\/","title":{"rendered":"Getting Rid of Shady Toolbars"},"content":{"rendered":"<p>Perhaps it has happened to you. One day you open your Internet browser and instead of going to your usual homepage, you go to the landing page of a search engine you\u2019ve never heard of. Then you notice that the built-in search box in your toolbar is gone too, replaced \u2013 again \u2013 by one from the same landing page you were just on. What\u2019s worse is that you go through all of the typical uninstall procedures in your browser and on your system, restart and\u2026 it\u2019s still there.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/03\/06044156\/toolbar.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-4232\" alt=\"toolbar\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2014\/03\/06044156\/toolbar.jpg\" width=\"640\" height=\"480\"><\/a><\/p>\n<p>This is BitGuard, the generic name of one of a family of programs that include search toolbars like MixiDJ, Delta Search, SearchQU, Iminent and Rubar, among others. It is a complicated piece of malware often tied to free software downloads, and it is designed to generate income for a third party by hijacking your system.<\/p>\n<div class=\"pullquote\">It is a complicated piece of malware often tied to free software downloads, and it is designed to generate income for a third party by hijacking your system.<\/div>\n<p>It works like this, according to <a href=\"http:\/\/www.securelist.com\/en\/analysis\/204792329\/BitGuard_a_system_of_forced_searches\" target=\"_blank\" rel=\"noopener nofollow\">SecureList<\/a>. Users try to download some type of program like music, software or video files and \u2013 importantly \u2013 related drivers and installers from an affiliate program they are prompted to use. When the installer is downloaded, so is the toolbar \u2013 sometimes with the user\u2019s consent, sometimes not, depending on the specific program.<\/p>\n<p>From there, users are funneled into the new program\u2019s search function in the toolbar and new homepage, and are then redirected to that search engine\u2019s results page. Here\u2019s where the money comes in \u2013 advertisers pay these hosts to push their content to the top of the results fields, which is where most users click first. When users click through the advertisers\u2019 links to the advertisers\u2019 pages, the search toolbar owner gets paid.<\/p>\n<p>Google reportedly <a href=\"http:\/\/searchengineland.com\/googles-enforcement-of-new-policies-is-bad-news-for-many-toolbar-players-147385\" target=\"_blank\" rel=\"noopener nofollow\">stepped up efforts to curb such programs last year<\/a>, but it remains a problem.<\/p>\n<p>Users who encounter these programs should first attempt to uninstall the programs from their system. On a PC, you can do this by clicking on Start, going to the Control Panel, then clicking on Uninstall a Program \u2013 then scroll through the programs and uninstall the unwanted ad-on. This may not take care of the problem, so from there, uninstall it from your web browser. In Firefox, you would do this by clicking on either the main dropdown tab in the top left \u2013 or if you have the menu bar display, by clicking on Tools \u2013 then in both cases, select Add-ons and then remove the unwanted program. The uninstall steps are very similar for other web browsers.<\/p>\n<p>Unfortunately, for some toolbars these measures might not be effective, and in this case you\u2019d have to use Google search (oh, what irony!) to find toolbar-specific removal instructions. Be aware of sites that make you install additional software to remove the unwanted software (irony again). While it seems to be the easiest, one-click solution, many \u201cremoval and optimization\u201d programs are spammy or malicious by themselves.<\/p>\n<p>These unwanted add-ons can sneak through the cracks because users often give them permissions to install, not knowing what they are, rushing through the download processes only to find out later the harm they\u2019ve done to their systems. The biggest factor to keep in mind here is how vital it is to have a <a href=\"http:\/\/kas.pr\/free\" target=\"_blank\" rel=\"noopener\">robust antivirus program<\/a>, which can warn you about any riskware you are going to install. It\u2019s worth noting that many free antiviruses install search toolbars as well, so in this case we suggest using paid products.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Perhaps it has happened to you. One day you open your Internet browser and instead of going to your usual homepage, you go to the landing page of a search<\/p>\n","protected":false},"author":41,"featured_media":4233,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683],"tags":[572,571,36,97,131,570],"class_list":{"0":"post-4231","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-adware","10":"tag-bitguard","11":"tag-malware-2","12":"tag-security-2","13":"tag-tips","14":"tag-toolbar"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/getting-rid-of-shady-toolbars\/4231\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/getting-rid-of-shady-toolbars\/3158\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/getting-rid-of-shady-toolbars\/3055\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/getting-rid-of-shady-toolbars\/3469\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/getting-rid-of-shady-toolbars\/3467\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/getting-rid-of-shady-toolbars\/3030\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/getting-rid-of-shady-toolbars\/4231\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/getting-rid-of-shady-toolbars\/4231\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/tips\/","name":"tips"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4231"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4231\/revisions"}],"predecessor-version":[{"id":19095,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4231\/revisions\/19095"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/4233"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}