Endpoint Protection

Is there a utility that I can use to search out and remove a specific threat i.e. 'searchqu/406'. When I open up the Firefox browser on my Windows 7 PC the home page is 'searchqu/406', and no matter what I do to restore the home page or find/remove this thing it keeps on coming back.

Thanks

If you have got searchqu as companion of bandoo, you could try the following instructions (don't know if they help, though):

http://deletemalware.blogspot.com/2011/09/remove-bandoo-uninstall-guide.html

Hi ,

Try this tool for removing ,

http://security.symantec.com/nbrt/npe.aspx?lcid=1033

This issue comes as payload of software by bandoo. open application control and uninstall any entries named with "searchqu" or "bandoo". Unfortunately, this software sometimes installs some more potential unwanted programs in the back and is a magnet for malware-classified payload.

Have your PC scanned with actual definitions to get rid of any unwanted "passengers".

Does your machine anything else you can´t explain?

Regards,

Marius

Hello,

In your case, what if you Create a new User on the machine in Question, do you still face the same issue with the new User??

Sometimes, such Threats are User Based Threats.

Let us know if you face this issue with another user??

You are carrying Symantec Antivirus 10.2 on your Windows 7 machines.

Why not install Symantec Endpoint Protection 12.1 for better Protection.

The Intrusion Prevention policy includes browser intrusion prevention, which uses IPS signatures to detect attacks that are directed at browser vulnerabilities.

Check this Article: http://www.symantec.com/docs/TECH163413

Hope that helps!!

searchqu runs from within prefs.js, or, for IE, HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar.

Wouldn´t be user-dependant...

Hello John,

if it is an application worth to trust, there are some questions about SearchQu, then:

• why ist searchqu installed stealthly in the background?
• why does searchqu change users properties without prompting?
• why is it impossible to completely remove searchqu from within application wizard? (you have to use other tools to CLEAN it out of your browsers configuration, system registry an file system)
• why else would it be classified as malware? (f.e.: http://www.systemlookup.com/CLSID/72565-SearchquDx_dll_searchqudtx_dll.html

Would be nice to get some answers!

Regards,

Marius

@Marius,

I’m glad you ask those questions, and I would be happy to answer

As I wrote before, while a user is downloading one of our free applications it offers two basic installs, typical installation, which lists the add-on features such as searchqu default search, and Custom installation, which allows you to select the add-ons that you wish to install, in any time you can restore your previous default search back.

Searchqu does not collect or save any personal information about users. The only thing Searchqu saves is aggregated data, which is not personal data, e.g. the number of visits to pages and number of clicks on different sections, and therefore searchqu certainly can’t be classified by the definition of a malware, only a browser setting :)

I hope we helped  and answered your questions :)

  The Searchqu support team.

Whilst your response is of some interest, to a certain extent I must side with Marius on this one I'm afraid. I have just spent hours removing searchqu etc from my system following a very definite decline in the overall performance of my computer, numerous inexplicable glitches, incredibly slow download and browsing speeds, and a host of other hassles concomitant with the appearance of the searchqu toolbar. Overall this has been a real hassle, and has ruined a days work trying to complete an important presentation for a teacher training interview. Indeed, whilst it appears so easy to uninstall this in your outline, the reality is quite the reverse. I did what you stated, and still the blighter came back. Disable this, uninstall that, change settings, check this and that menu to find where it is, re-download toolbars - the list could go on and on. It is safe to say that I'm most certainly not amused, and will avoid anything associated with these applications like the bloomin' plague, despite your soothing assurances and emoticon/smiley.

Truth to tell, it is possible to uncheck Searchqu during installation - but only if "custom install" is used.

Many users are doing a "typically installation" due to lack of IT skills and then they have software/add ons like SearcQu running on their machines!

In almost ANY security forum out in the web, SearchQu is classified as follows:

Searchqu is a parasitic Browser Hijacker
Searchqu may show numerous annoying advertisements
Searchqu logs your internet browsing history
Searchqu will replace (hijack) your browser homepage
Searchqu may spread additional spyware
Searchqu violates your privacy and compromises your security

(source, f.e.: http://www.2-viruses.com/remove-searchqu)

and will be removed during the cure!

The web is FULL of topics started by users crying for support to remove SQ...

Just ask Mr Google! http://www.google.de/search?q=searchqu+remove

Searchqu is a browser hijacker.  It was put onto our computers without our knowledge or consent.  It steals search traffic and routes it to one of its "clients".  These are unscrupulous businesses that employ this malware to generate sales  If you are directed to such a merchant, remember this.  You were steered there under false pretenses, i.e. you thought you were performing a Google search.  In my opinion, anyone who patronizes such a corrupt business is begging to get ripped off.  If the Bandoo bandits refer you to a local business, go to their shop.  Politely inquire if they are Bandoo clients.  If they admit it, tell them you will never shop there, nor will any of your friends.  Tell them that as a Bandoo co-conspiritor, they can be held liable  in a suit to recover your damages such as computer repair costs, lost time and productivity, and emotional upset. Federal courts and some state courts might add heavy punitive damages. Hold a peaceful demonstration on public property (such as a sidewalk) outside the shop.  Tell the public that they are perpetrating the spread of malware to line their pockets.  Get a copy of Saul Alinski's Rules for Radicals, and attack the business using the methods described in the chapter entitled "Tactics."  Warn all of your friends that if they ever send you one of the infantile "emoticons" Bandoo sells, their future e-mails will go to your spam file. If you want to rid your town of whores, start arresting the Johns.  If enough of the Bandoo clients realize that they might be included as defendants in a RICO suit, Bandoo might have to go out of business.  Oh, and as for the Bandoo help desk, I don't trust them.  Any outfit that is so corrupt might include a keylogger or two in the so-called fix.  Okay, I'm paranoid, but paranoid people can have real enemies.  Stu

If you read my recent post, you will note that I will treat any person or organization who sends me an emoticon as a spammer.  That's beause that several experts on the subject have opined that these can carry the searchqu disease to your computer. I don't know if that's correct.  Either way, though, Bandoo makes money on them, and Bandoo must be destroyed. 

This thread is getting a little off track.

Has this problem been resolved?

I.E. SearchQU / Bandoo removed from the computer?

I think your corporate counsel should read and research the Racketeer Influenced Corrupt Organizations Act, also known as the RICO Act or simply RICO.  It targets around thirty-six specific criminal acts,  These include trafficing in sex slaves, transporting massive quantities of illicit drugs, and other rare activities.  The one I think might get you into trouble is large scale trademark and copyright fraud.  When one initiates a Google search, the Google trademark remains on the screen after the hijacking, lulling the user into thinking he's using the Google search engine, which he isn't.  I'm a retired attorney familiar with RICO cases.  I know of no case law directly on topic, and haven't researched the point.  But I believe that your activities may fall  within the "penumbra" of the legislation.  The Act provides a number of avenues of redress.  The Feds can bring criminal actions carrying severe punisment, including fines and imprisonment.  However, the public at large has standing to file civil actions.  What's more, all participants in the illegal acticity are considered part of the "corrupt organization" and have joint and several civil liability.  In other words, one defendant can be forced to pay damages to every person damaged by the activity.  He needn't be a capo or a kingpin.  Just one of the "clients" who pays for the activity and recieves benefits is a possiblke target.  For example, every store that sells bogus NFL sewashirts and jerseys is subject to RICO.  I have no idea where the Bandoo HQ is located.  Probably in a cave in the high valleys of the Hindu Kush.  Hard to get jurisdiction.  No matter.  Every "client" in the US could be rounded up into a massive defendant class, and be subject to an even more massive class action lawsuit.  Attorneys take note.  This could be bigger than Tobacco, Asbestos, and Breast Implants combined.  Think of fees in the billions.  Think the Mother Lodestar!   As I stated, I'm retired, no longer practice law, and this isn't a legal opinion.  Just a legal question that attorneys might find worthy of looking into.  And, as always, remember: Bandoo must be destroyed.  Oh, and to the Search Support Team:  it might be a good idea for you to start bring a toothbrush to work every day.

If that was directed to me, I disagree.  If Bandoo realizes that it is at risk, the corporate management might cease and desist from the activity, and provide a real, reliable fix to reputable fix providers, such as Norton and Webroot.  I would trust a removal widget from them, and the problem would go away.  In any case, end of thread.

Hi, 

@Namvetstu- regarding your request for specific information on our software partners, you can contact them directly via their designated helpdesks. I am sorry that we cannot be more helpful about this matter. Our purpose here is only to ensure that the users in this forum, who are seeking technical assistance with the Searchqu toolbar, are assisted professionally and swiftly.

Thank you,

The Searchqu support team