02-06-2012 07:00 PM - last edited on 02-06-2012 07:04 PM by Tim_Lopez
Somehow I noticed that my Google Chrome main browser bar looked a little different and then saw that there was a small name in it, "funmoods." When I clicked on this it took me to a website in Israel, a pretty obvious hijack. It attempted to make itself the default browser so I deleted it in the tools menu in Google Chrome. Norton didn't notice any of this activity or upon scanning for viruses.
I downloaded power eraser and it found a single file: RIKVM_1628BCEA.sys, in my system 32 file and noted that it was "Bad." I selected that it be removed and rechecked again. It still shows up even though Norton says its been fixed?!
I copied some of the log file from the power eraser scan and here it is:
-<BROWSERS_INSTALLED Default="IEXPLORE.EXE">-<Browser ID="01"><Name>Google Chrome</Name><Path>"C:\Users\Ben\AppData\Local\Goo
Any help removing this spyware would be VERY much appreciated as Norton doesn't see it and or is not able to remove it.
The web address for funmoods is: [Removed]
Solved! Go to Solution.
02-06-2012 10:22 PM
You might find your answer in this thread - http://community.norton.com/t5/Tech-Outpost/funmoo
I hope this helps.
W W W = Wild Wild West. Be careful out there!
02-06-2012 11:15 PM
Well after 3 runs with Power Eraser, going into Chrome "options," then "manage search engines," I discovered that funmoods had established itself as default. I deleted it and also changed my proxy settings which had been hijacked as well, then I ran power eraser one more time. This seems to have fixed the problem as this spyware hasn't shown its face and power eraser says it has been removed...let's hope that this stays away.
Thanks for your advice!