Under-Cover.info virus. How to remove? (Uninstall guide)
Under-Cover.info is a browser hijacker that modifies web browser settings in order to show users fake search results
Under-Cover.info is a potentially unwanted program that is usually injected after the installation of free software
Questions about Under-Cover.info virus
Under-Cover.info is a browser-hijacking application developed by Kinner Lake Limited – a Gibraltar-based company. The unwanted programs usually enter machines without users noticing, as software bundles typically try to hide optional installs under Advanced settings, and most people simply skip this step by choosing the Recommended mode. Once inside the machine, Under-Cover.info virus starts performing a variety of changes, including the ones that modify users' homepage and a new tab, along with the search engine. From that point, users are forced to browse via the hijacked engine,[1] which typically shows them fake search results that include a colossal amount of sponsored links, deal with redirects to questionable websites, and suffer from the slow operation of the browser.
| SUMMARY | |
| Name | Under-Cover.info |
| Type | Browser hijacker, Potentially unwanted program |
| Related apps | Under Cover Search, Flowsurf |
| Developer | Kinner Lake Limited |
| Distribution | Software bundling, third-party websites |
| Symptoms | Homepage set to hxxp://under-cover.info/?home=1&a=notset&u=notset&t=8, excessive amount of sponsored links in search results, pop-up ads on various sites, redirects to affiliated or dangerous websites |
| Risk factors | Money loss, malware infection, data leak |
| Removal | Delete the browser hijacker with security software or use our guide for manual termination |
| Optimization | To recover from the infection, scan your device with Reimage |
While browser hijackers are not considered to be severe computer infections, their presence might compromise computer security and users' online safety. In this article, we will explain peculiarities of this type of threat, and will also describe how to remove Under-Cover.info from Google Chrome, Mozilla Firefox, Safari, Opera, or another browser.
The primary goal of Under Cover Search developers is to generate traffic to sponsored websites, which would consequently increase the profits for both parties. For that, PUP authors need to make sure that Under-Cover.info hijacker reaches as many users as possible – hence the shady distribution technique.
Once the changes to the installed browsers are made, Under-Cover.info starts its shady activities by displaying sponsored content, placing a layer of ads on most sites, exposing to altered search results, and also tracking users' web browsing activities. This is done with the help of tracking technologies, such as Beacons[2] or Cookies. This information-gathering allows Under-Cover.info developers to gather the following information:[3]
- technical information transmitted by your device such as type of operating system, device type, default browser;
- your aggregated use of the Software, basically we know if you installed the software;
- usage statistics;
- language and the time stamp;
- approximate geographical location.
This data is collected in order to generate personalized ads, but these are always coming from the affiliates. Therefore, Under-Cover.info hijack can manipulate what sites users visit, influence their interests and make them buy products or services that they otherwise would not.
Therefore, while the browser hijacking changes might seem relatively minor, it might result in the installation of potentially dangerous apps, exposure to online scams, and even malware infection. Thus, if you noticed that your homepage has changed, check your system with security software or perform manual Under-Cover.info removal as explained below. After you kill the PUP, make sure you use Reimage or similar repair software to bring your device to a pristine condition.
Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
Right click on each of suspicious entries and select 'Uninstall'
Right click on browsers' icon and select 'Properties'
Select 'Shortcut' tab and delete 'http://isearch.babylon.com...' or other suspicious URL
Cick 'Go' and select 'Applications'
Click on every malicious entry and select 'Move to Trash'
Click on menu icon and select 'Manage add-ons'
Right click on each of malicious entries and select 'Disable'
Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again
Go to Settings and select 'Choose what to clear'
Select 'Clear' button
Open the start menu and select 'Task Manager'
Right-click 'Microsoft Edge' and select 'Go to details'
Select 'More details' if 'Go to details' option fails to show up
Find Microsoft Edge entries and select 'End Task'
Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
Find Windows PowerShell, right-click it and select 'Run as administrator'
Copy and paste a required command and press 'Enter'
Click on menu icon and select 'Add-ons'
Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
Click on menu icon and then on '?'. Select 'Troubleshooting Information'
Click on 'Reset Firefox' button for a couple of times
Click on menu icon. Select 'Tools' and 'Extensions'
Look for malicious entries and delete each of them by clicking on the Trash bin icon
After clicking on menu and 'Settings', select 'Set pages'
Click 'X' to remove malicious URLs
When in 'Settings', select 'Manage search engines...'
Click 'X' to remove malicious URLs
When in 'Settings', scroll down to 'Reset browser settings' button and click on it
Click on 'Reset' button to complete your removal
Click on 'Safari' and select 'Preferences'
Go to 'Extensions' and uninstall malicious add-ons
When in 'General', delete malicious URL and enter your desired domain name
Click on 'Safari' and select 'Reset Safari...'
Select all options and click on 'Reset' button
Make use of Advanced installation settings to avoid PUPs
If you do not want to let potentially unwanted programs hijack your computer, you should pay more attention to the software installation process. Contrary to many people’s beliefs, Default or Recommended installation settings are not the ones that should be trusted during the procedure.
In fact, Custom or Advanced settings will allow you to determine which applications are secretly offered to you. Therefore, opt for these settings because they enable you to reject unwanted items added to the desired software. Be aware that most of the free apps will include some sort of “offer” or “deal,” and it might be hidden in various ways, including grayed out buttons, pre-ticked boxes, misleading placement of the toggle, etc.
There are two ways to terminate Under-Cover.info from your computer
As we already mentioned, the presence of a browser hijacker will not bring you any benefit but instead will manipulate the search results and expose you to potentially dangerous content. For that reason, it is best to take care of Under-Cover.info removal before you compromise your computer safety.
You can remove Under-Cover.info virus manually or automatically. The latter option is best for those who are less tech-savvy, however. It will allow you to terminate the unwanted application in just a few minutes. Simply download and install a security program that focuses on potentially unwanted program removal and then perform a full system scan. Alternatively, you can also use our instructions below to delete the PUP manually.
You can remove virus damage automatically with a help of one of these programs: Reimage, Malwarebytes MalwarebytesCombo Cleaner, Plumbytes Anti-MalwareMalwarebytes Malwarebytes. We recommend these applications because they detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
To remove Under-Cover.info virus, follow these steps:
Uninstall Under-Cover.info from Windows systems
There are several programs that might be related to appearance of Under-Cover.info site and browser redirect problem. Therefore, you should look for Under Cover, Flowsurf, and other programs published by Kinner Lake Limited. Remove all of them, and then thoroughly check every web browser for suspicious components and revert modified settings. The tutorial we provide should help you to complete this task.
-
Click Start → Control Panel → Programs and Features (if you are Windows XP user, click on Add/Remove Programs).
-
If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program.
- Uninstall Under-Cover.info and related programs
Here, look for Under-Cover.info or any other recently installed suspicious programs. -
Uninstall them and click OK to save these changes.
- Remove Under-Cover.info from Windows shortcuts
Right click on the shortcut of Mozilla Firefox and select Properties. -
Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus.
Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafariEliminate Under-Cover.info from Mac OS X system
-
If you are using OS X, click Go button at the top left of the screen and select Applications.
-
Wait until you see Applications folder and look for Under-Cover.info or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash.
Get rid of Under-Cover.info from Internet Explorer (IE)
-
Remove dangerous add-ons
Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. -
You will see a Manage Add-ons window. Here, look for Under-Cover.info and other suspicious plugins. Disable these entries by clicking Disable:
-
Change your homepage if it was altered by virus:
Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab. -
Here, remove malicious URL and enter preferable domain name. Click Apply to save changes.
-
Reset Internet Explorer
Click on the gear icon (menu) again and select Internet options. Go to Advanced tab. - Here, select Reset.
-
When in the new window, check Delete personal settings and select Reset again to complete Under-Cover.info removal.
Remove Under-Cover.info virus from Microsoft Edge
Reset Microsoft Edge settings (Method 1):
- Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
- Click Settings to open more options.
-
Once Settings window shows up, click Choose what to clear button under Clear browsing data option.
-
Here, select all what you want to remove and click Clear.
-
Now you should right-click on the Start button (Windows logo). Here, select Task Manager.
- When in Processes tab, search for Microsoft Edge.
-
Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps.
-
When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries.
Resetting Microsoft Edge browser (Method 2):
If Method 1 failed to help you, you need to use an advanced Edge reset method.
- Note: you need to backup your data before using this method.
- Find this folder on your computer:
C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe. -
Select every entry which is saved on it and right click with your mouse. Then Delete option.
- Click the Start button (Windows logo) and type in window power in Search my stuff line.
-
Right-click the Windows PowerShell entry and choose Run as administrator.
- Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
Once these steps are finished, Under-Cover.info should be removed from your Microsoft Edge browser.
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafariErase Under-Cover.info from Mozilla Firefox (FF)
Do not forger to reset Mozilla Firefox to make sure that all the setting changes performed by the hijacker are reverted:
-
Remove dangerous extensions
Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons → Extensions. -
Here, select Under-Cover.info and other questionable plugins. Click Remove to delete these entries.
-
Change your homepage if it was altered by virus:
Click on the menu (top right corner), choose Options → General. - Here, delete malicious URL and enter preferable website or click Restore to default.
-
Click OK to save these changes.
-
Reset Mozilla Firefox
Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. -
Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete Under-Cover.info removal.
Delete Under-Cover.info from Google Chrome
-
Delete malicious plugins
Open Google Chrome, click on the menu icon (top right corner) and select Tools → Extensions. -
Here, select Under-Cover.info and other malicious plugins and select trash icon to delete these entries.
-
Change your homepage and default search engine if it was altered by your virus
Click on menu icon and choose Settings. -
Here, look for the Open a specific page or set of pages under On startup option and click on Set pages.
- Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage.
-
Click on menu icon again and choose Settings → Manage Search engines under the Search section.
-
When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name.
-
Reset Google Chrome
Click on menu icon on the top right of your Google Chrome and select Settings. -
Scroll down to the end of the page and click on Reset browser settings.
-
Click Reset to confirm this action and complete Under-Cover.info removal.
Uninstall Under-Cover.info from Safari
- Remove dangerous extensions
Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. -
Here, select Extensions and look for Under-Cover.info or other suspicious entries. Click on the Uninstall button to get rid each of them.
-
Change your homepage if it was altered by virus:
Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General. -
Here, look at the Homepage field. If it was altered by Under-Cover.info, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page.
-
Reset Safari
Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... -
Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete Under-Cover.info removal process.
About the author
If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.
References
- ^ Jacob Roach. What is Browser Hijacking? Sneakier Than You Think. Cloudwards. Independent cloud storage and web services reviews, news and comparison tables.
- ^ What are beacons and how do they work. Intellectsoft. Software Development Company.
- ^ Privacy Policy. Under-cover. Official site.