(Free Instructions) - Virus Removal Guide Removal Guide

What is is a malicious adware infection that modifies Windows registry in order to gain persistence is a an aggressive adware application that engages in system file modification in order to stay on the host machine as long as possible is a domain name that virus-infected users find as soon as they load up Google Chrome, Mozilla Firefox, Safari, Internet Explorer or another web browser. The modification of the web browser is not only performed by altering their settings but also by changing Windows registry[1] – a database that the OS uses to store all the settings in.

While is more of an adware infection, its unusual behavior of system file modification closely reminds that of malware. Therefore, while resetting all the web browsers is one of the steps to recovery, this action will not be enough to remove virus altogether, and the infected users will have to use additional, more advanced, methods. infection might result in further system compromise, as you might be redirected to a hacked or malicious site that can exploit software vulnerabilities[2] on your device and install malware automatically. Besides, the never-ending ads will not allow you to view your favorite websites without continually being interrupted.

Type Adware
Infection means Software bundling, ads, third-party sites, etc.
Related process cmd.exe
Registry modification HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Affected browsers Google Chrome, Internet Explorer, Opera, Mozilla Firefox, Safari, UC browsers, etc.
Associated risks Malware infection, installation of other PUPs, money loss
Termination To remove the virus, scan your computer with anti-malware software or check our manual guide below
Recovery To fix Windows registry and other affected system files, use FortectIntego

The main site reminds of a fan-made page about a popular First Person Shooter Counter-Strike: Global Offensive and is presented in the Russian language (that is why users named it “Gangnam game virus“). Therefore, it might be that the virus was aimed at Russian users, although Korean users also claimed to be suffering from the unexpected appearance. Nevertheless, the content of the site may vary overall. adware might have slipped into your machine when you downloaded and installed freeware or shareware from third-party sites. This is common potentially unwanted program distribution tactic and is often used by developers to monetize. Unfortunately, users end up with potentially harmful applications that interrupt their web browser settings with pop-ups, banners, offers, deals, and redirect them to dangerous websites.

While in general, it is a very typical adware behavior, goes a step further and acts like malware by creating a new cmd.exe command that is launched as soon as Windows is booted. This ensures that the malicious process runs all the time. To launch it, virus modifies the registry key located in the following location:


Even though the changes made by adware might be reverted manually, it is highly discouraged by security experts.[3] Registry is one of the vital Windows OS parts, and deleting important entries or modifying wrong keys might result in program malfunction and crashes. In the worst-case scenario, the reinstallation of the entire Windows OS might be required. is a malicious website that virus-infected users may find as their homepage on all web browsers

To avoid that, we highly recommend scanning the PC with FortectIntego, as it can fix registry automatically. Besides, it can also fix all the virus damage. Nevertheless, you will have to reset the installed browsers regardless to make sure that the infection does not return.

To perform a full removal, you can use anti-malware software that focuses on potentially unwanted programs or check out a manual termination guide below. However, as we explained, registry modification might not allow you to get rid of entirely.

Watch out when installing new software – PUPs are hidden inside the freeware installers

While most of the programs that are bundled with freeware and shareware are harmless, some of them might induce unwanted changes to your browser and display intrusive ads you never asked for. In worst cases, users might infect their machines with malware that can proliferate other viruses, causing even more severe damage to the PC and compromising users' online safety.

Bundled software might be useful in some cases and allow users to try out applications for free. However, users should also be aware that malicious apps can also be included, so installing new programs carefully is vital for computer safety. Here are some tips on the matter:

  • Select reputable sources for your downloads and avoid torrent or similar shady websites (note: even well-known freeware sites bundle software, so you should always be careful);
  • Check if the app provides access to such documents like Privacy Policy and Terms of Service;
  • Beware of the fine print, pre-selected boxes and misleading button placements;
  • Select Advanced/Custom installation settings to discover what apps are actually being installed and remove the unwanted ones;
  • Install reputable security software and keep it up to date.

Revert all the system modifications initiated by and get rid of the virus

As we previously mentioned, removal might not be as straight forward as it would be with common adware infections. In most of the cases, detecting the potentially unwanted programs and removing them from the list by clicking “Uninstall” and resetting browsers would work. Unfortunately, virus is much more persistent due to the modifications made to the Windows registry. CS:GOWhile the main site might display information about a popular video game Counter-Strike: Global Offensive, it has nothing to do with the game developers

We would recommend checking the list of the installed programs as explained below and removing anything that seems suspicious or not recognizable. After that, you should install reputable anti-malware software and scan your device for the traces of adware and malware. Finally, you should also reset each of the installed browsers as explained below to remove malware from your PC completely.

You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Follow these steps

Uninstall from Windows

You should check the list of the installed programs via the Control Panel and uninstall all the suspicious entries as follows:

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program. Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK. Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program. Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Delete from macOS

If Mac users are experiencing hijack, they should proceed with the following instructions:

Remove items from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for all related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash) Uninstall from Mac 1

To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files. Uninstall from Mac 2

Remove from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom. Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear. Clear Edge browsing data

Restore new tab and homepage settings:

  1. Click the menu icon and choose Settings.
  2. Then find On startup section.
  3. Click Disable if you found any suspicious domain.

Reset MS Edge if the above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running. Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick Delete Advanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose Advanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove. Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy, search and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now. Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset. Reset Chromium Edge

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

Keep in mind that a prompt Google Chrome reset will complete the termination of all potentially unwanted programs that might have been installed on your device without your notice:

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting adware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions