Severity scale:  

Remove (Free Instructions) - Virus Removal Guide

removal by Lucia Danes - - | Type: Adware is a malicious adware infection that modifies Windows registry in order to gain persistence is a domain name that virus-infected users find as soon as they load up Google Chrome, Mozilla Firefox, Safari, Internet Explorer or another web browser. The modification of the web browser is not only performed by altering their settings but also by changing Windows registry[1] – a database that the OS uses to store all the settings in.

While is more of an adware infection, its unusual behavior of system file modification closely reminds that of malware. Therefore, while resetting all the web browsers is one of the steps to recovery, this action will not be enough to remove virus altogether, and the infected users will have to use additional, more advanced, methods. infection might result in further system compromise, as you might be redirected to a hacked or malicious site that can exploit software vulnerabilities[2] on your device and install malware automatically. Besides, the never-ending ads will not allow you to view your favorite websites without continually being interrupted.

Type Adware
Infection means Software bundling, ads, third-party sites, etc. 
Related process cmd.exe
Registry modification  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run 
Affected browsers  Google Chrome, Internet Explorer, Opera, Mozilla Firefox, Safari, UC browsers, etc.
Associated risks  Malware infection, installation of other PUPs, money loss 
Termination To remove the virus, scan your computer with anti-malware software or check our manual guide below
Recovery To fix Windows registry and other affected system files, use Reimage Reimage Cleaner Intego

The main site reminds of a fan-made page about a popular First Person Shooter Counter-Strike: Global Offensive and is presented in the Russian language (that is why users named it “Gangnam game virus“). Therefore, it might be that the virus was aimed at Russian users, although Korean users also claimed to be suffering from the unexpected appearance. Nevertheless, the content of the site may vary overall. adware might have slipped into your machine when you downloaded and installed freeware or shareware from third-party sites. This is common potentially unwanted program distribution tactic and is often used by developers to monetize. Unfortunately, users end up with potentially harmful applications that interrupt their web browser settings with pop-ups, banners, offers, deals, and redirect them to dangerous websites.

While in general, it is a very typical adware behavior, goes a step further and acts like malware by creating a new cmd.exe command that is launched as soon as Windows is booted. This ensures that the malicious process runs all the time. To launch it, virus modifies the registry key located in the following location:


Even though the changes made by adware might be reverted manually, it is highly discouraged by security experts.[3] Registry is one of the vital Windows OS parts, and deleting important entries or modifying wrong keys might result in program malfunction and crashes. In the worst-case scenario, the reinstallation of the entire Windows OS might be required. pop-ups is a malicious website that virus-infected users may find as their homepage on all web browsers

To avoid that, we highly recommend scanning the PC with Reimage Reimage Cleaner Intego, as it can fix registry automatically. Besides, it can also fix all the virus damage. Nevertheless, you will have to reset the installed browsers regardless to make sure that the infection does not return.

To perform a full removal, you can use anti-malware software that focuses on potentially unwanted programs or check out a manual termination guide below. However, as we explained, registry modification might not allow you to get rid of entirely.

Watch out when installing new software – PUPs are hidden inside the freeware installers

While most of the programs that are bundled with freeware and shareware are harmless, some of them might induce unwanted changes to your browser and display intrusive ads you never asked for. In worst cases, users might infect their machines with malware that can proliferate other viruses, causing even more severe damage to the PC and compromising users' online safety.

Bundled software might be useful in some cases and allow users to try out applications for free. However, users should also be aware that malicious apps can also be included, so installing new programs carefully is vital for computer safety. Here are some tips on the matter:

  • Select reputable sources for your downloads and avoid torrent or similar shady websites (note: even well-known freeware sites bundle software, so you should always be careful);
  • Check if the app provides access to such documents like Privacy Policy and Terms of Service;
  • Beware of the fine print, pre-selected boxes and misleading button placements;
  • Select Advanced/Custom installation settings to discover what apps are actually being installed and remove the unwanted ones;
  • Install reputable security software and keep it up to date.

Revert all the system modifications initiated by and get rid of the virus

As we previously mentioned, removal might not be as straight forward as it would be with common adware infections. In most of the cases, detecting the potentially unwanted programs and removing them from the list by clicking “Uninstall” and resetting browsers would work. Unfortunately, virus is much more persistent due to the modifications made to the Windows registry. CS:GO
While the main site might display information about a popular video game Counter-Strike: Global Offensive, it has nothing to do with the game developers

We would recommend checking the list of the installed programs as explained below and removing anything that seems suspicious or not recognizable. After that, you should install reputable anti-malware software and scan your device for the traces of adware and malware. Finally, you should also reset each of the installed browsers as explained below to remove malware from your PC completely.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove, follow these steps:

Erase from Windows systems

You should check the list of the installed programs via the Control Panel and uninstall all the suspicious entries as follows:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall and related programs
    Here, look for or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'

Delete from Mac OS X system

If Mac users are experiencing hijack, they should proceed with the following instructions:

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'

Get rid of from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again

Eliminate from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, should be removed from your Microsoft Edge browser.

Uninstall from Mozilla Firefox (FF)

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  4. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete removal. Click on 'Reset Firefox' button for a couple of times

Remove from Google Chrome

Keep in mind that a prompt Google Chrome reset will complete the termination of all potentially unwanted programs that might have been installed on your device without your notice:

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  4. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  5. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  6. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  7. Click Reset to confirm this action and complete removal. Click on 'Reset' button to complete your removal

Erase from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  4. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete removal process. Select all options and click on 'Reset' button

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions


Your opinion regarding