• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!


Browser Hijacking

Hi, my browser (Google chrome) has been hijacked by Tuvaro (www.search.net). I was trying to update the Java then I hit the jackpot! Tuvaro..Internet Explorer was hijacked as well. Somehow I managed to get rid of Tuvaro from IE but Google is still redirecting to search.net. I tried to clear the browser history and reset it. Also, I erase the search.net from the Chrome's settings. Unfortunately, it keeps coming back.I  Moreover, after I updated windows 8 to 8.1, this message pops up: "There was a problem starting C:\Progra1\Common-1\Sysem\SyMenudll. The specific module can not be found." I have no idea what does that mean. Do I have some kind of virus, adware etc or this happened because my browser was hijacked? What happened and how do I fix it? Unfortunately I don't have the technical knowledge to fix it. I really need a hand. If you have time to help me, I really appreciate. Thanks.



Re: Browser Hijacking

Hi gizem, and welcome. Try running a scan with MalwareBytes Free, to see what it finds.

Don't use the Pro version, as it has real time protection.

If MBytes quarantines anything don't do anything, just get back to us, and we'll see if we can advise you what to do.

Have you run a full scan with Norton ?


Re: Browser Hijacking

Thank you so much for getting back to me this quick. This is what I got from the Malwarebytes'scan:

Malwarebytes Anti-Malware

Database version: v2014.03.02.04

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
gizem :: COMPUTER [administrator]

3/2/2014 12:58:05 AM
MBAM-log-2014-03-02 (01-56-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334863
Time elapsed: 53 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected

I've just run a full scan with Norton, it didn't find anything. 


Re: Browser Hijacking

Hi, gizem. MBytes has found a a pup Crossrider.A,  which is not regarded as malicious by Norton.

They usually appear when bundled with other software.

In  MalwareBytes-----  Settings/Scanner Settings I have them set to Show in results list and check for removal.

You can choose just to quarantine, or remove. 

Other than that the scan appears clean.


Re: Browser Hijacking

Hello gizem

You could stop by one of the free malware removal sites and have them check out your computer. This way, you might find some piece of mind. If you want to visit one of them, here is the list of them. You will find the list in the given link .

Please go to one of these free Forums for help in removing your bad malware or rootkits.

(Thanks to Delph for providing the list of sites)

Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users. The new site is listed first in this link.


Please come back and let us know how you made out. Thanks.       

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU IE 11

Re: Browser Hijacking

Well what I would suggest is that you might just remove the unused extensions and reset the rowser setting to initiall ones. Now clear all cache and clutter and now it would not come for default page. Hope this works, worked for me .


Re: Browser Hijacking


First of all, I would like to thank you for your time, good advices and support.  I think my redirecting nightmare is over. There was a program called "search module" in the programs/control panel. In spite of my shaky hands, I dared to uninstall it yesterday. I might have totally uninstalled a necessary program but it was driving me crazy. Ever since I haven't been redirected to the search.net. I cross my fingers and hope that it was the problem. 

Unfortunately that "C:\progra1\common-1sytem\sys menu dll" still pops up. I have no idea what it does mean and why it pops up :(

I hope I won't be redirected to that awful site ever again and I promise I will be more careful.

Thank you so much.

Accepted Solution

Re: Browser Hijacking

Hi, gizem. Be carefull uninstalling dll files. You may uninstall a critical one.

If your browser is no longer being redirected, then you can consider the problem solved.


Re: Browser Hijacking

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU IE 11
Kudos1 Stats

Re: Browser Hijacking

livetech wrote:

I had to do a Tuvaro Search Removal on my computer and had a hard time trying to remove it. I unistalled it and  ran Norton, Malwarebytes, Spybot, RogueKiller, JRT and AdwCleaner after all of that I had to reset all my browsers, IE, Chrome, Firefox and Safari. Finally I had to right click on all the browser shortcus choose properties and removed the Turavo web address from the target.

Clever attempt at Tech Support SPAM posting


Replies are locked for this thread.