Just recently my computer became infected when the malware 'Snap.do' add on was added to the IE10 and Google Chrome browsers on my computer. I have Norton running in the background but somehow it managed to bypass it and install I believe it also added a number of unwanted programmes such as playbryte and default.search.
I have tried the following to clean the computer of infected files and settings;
- full scans using MalwareBytes and Avast, a small number of files were detected and deleted, they have been run a number of times now and don't find any more infected files.
- used 'Avast browser clean up' to delete the Snap.do add on from the browsers
- uninstalled the programmes using Windows uninstaller, all removed, but it wouldn't uninstall 'Snap.do'
- checked to see the hosts file doesn't have any extra lines redirecting to other sites, which it doesn't
- checked the tcp address settings to see if there are any extra ip address settings, which there aren't
One of things happening was I was being redirected to Bing, and before that to a Snap.do site. This has stopped happening but I noticed the IE10 'Internet Options', 'General', 'Home Page', 'Default' setting was 'http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA'. For better or worse I went through my registry settings and changed every property that had that value in Google or IE10 to 'about:blank'.
I am not being re-directed anymore but I am also not sure if my computer is still at risk. Firstly Windows doesn't appear to be able to uninstall the application 'Snap.do' and secondly I am not sure what 'TEUA' is. There a few property settings in the registry that have TEUA as part of the registry value.
Am I being a little paranoid or is there more to be done?
Any help will be much appreciated.