Help with removing Google Redirect 'qbyrd' malware with norton?

Norton Security | Norton Internet Security
1

I downloaded ilivid software, which apparently also has a hidden malware called 'qbyrd' that randomly redirects my google searches to a 'fake' search engine site. I am also not able to view certain youtube videos.

How do I get rid of this? I already scanned my computer with the norton scans. Did not work.

2

I believe iLivid is a software download manager that somehow arrived on my laptop a few weeks back possibly along with a trial download of "Uniblue Registry Checker" software - perhaps I wasn't paying attention and accepted the "standard" download option.  Like you my Norton 360 didn't block, object or comment.  I uninstalled Uniblue successfully using REVO Uninstaller but remember having to do a lot of internet searches to finally sort out exactly what iLivid was and get some ideas on how to remove it.  I ended up using Windows XP RUN command "regedit" to remove all traces but this is has distinct risks.  Hope this at least points you in the right direction.  Yours aye, Blacklab.

3

Have you looked in Add/remove programs (Programs & Features) for either or both and if they exsist tired to remove them?

4

Hi,

  Welcome the Norton Community.

what Browser you are using to browse the internet?

5

Is this REVO uninstaller safe to use with norton already installed? How do I use the windows XP run command? What are these distinct risks?

6

I am using internet explorer.

7

Press windows key on your keyboard and the letter r  at the same time-> you will get the run command then type 'appwiz.cpl' to get the add/remove to appear

 

qbyrd=It looks like a search engine. You can change your homepage in  : windows + r -> type ' inetcpl.cpl ' 

to your desired website

8

I did download Ilivid and install, what a lot of files and folders for what it is.  I grabbed the main ilivid.exe and virustotal scanned it.

 

http://www.virustotal.com/file-scan/report.html?id=0697d22b4ad3afe85924dfad1ab9339b392b355735482b76ff00acf26e781b71-1320297807

 

Quads

 

 

9

Hi Sardanpasta, Only saw your questions thismorning and I have now found my notes on how I got iLivid and how I got rid of it..  My iLivid came uninvited with my requested download of Speedfan software (amongst other things Speedfan allows you to read the SMART monitor software inside most Hard Disc Drives if you are interested!).  ILivid changed my Internet Explorer 8 home page from Google to "some rubbish search engine" and dumped a shortcut to "ftalk.com...the best Facebook Chat Messenger" onto my desktop too!  I found iLivid listed correctly in the XP Control Panel Add/Remove programs list and did a successful standard uninstall but because I like to run a clean ship I used REVO Uninstaller........See answers to your questions below:-

Qu 1.   REVO Uninstaller is a well respected piece of freeware that is recognised as safe by Norton 360 and works to enhance the standard Windows Add/Remove Programs function and more fully remove unwanted software from your system.  You can download REVO from many internet sites including http://ninite.com where you will find it listed as REVO under the "Utilities"  programs section.  However I would strongly suggest you find a tech aware friend to give you a hand the first time you use it.

Qu 2 & 3.   The Windows XP Run command is located bottom right in the XP Start menu.  Opening the Run dialog box allows you to enter many commands directly....the command "regedit" I mentioned opens the Windows Registry Editor which then gives you access to the ALL the fundemental software files running you system including any software programs you have added.  Using "regedit" has "distinct risks" because you can disable your whole system with a few inadvertent mouse clicks!  If you have never used "regedit" before I would either ignore or find that techy friend again to hold your hand!  I used "regedit" to search out the last few bits of iLivid but these registry files would have had no future effect on my computer's operation and would have remained inert as "orphan files" occupying a tiny ammount of space - your registry will be full of similar relics if you have used your machine for a few years and XP's smooth running should not be affected.

Hopefully you have simply used Add/Remove programs to removed the iLivid software and restored your usual IE8 home page using the "house" symbol top right of your IE8 page by now!  Yours aye, Blacklab

10

I would think though annoying, it's not malicious compared to Trojans Worms, Rootkits etc. The only thing I could think it could be detected as is a PUP,   

 

One thing, for Google Chome and the search in the Address Bar you have to remove or just reset the default search engine (google for me)

 

Search Bar.jpg

 

 

 

Quads