Under-Cover.info virus (Removal Instructions) - updated Apr 2019
Under-Cover.info virus Removal Guide
What is Under-Cover.info virus?
Under-Cover.info is a browser hijacker that modifies web browser settings in order to show users fake search results
Under-Cover.info is a potentially unwanted program that is usually injected after the installation of free software
Under-Cover.info is a browser-hijacking application developed by Kinner Lake Limited – a Gibraltar-based company. The unwanted programs usually enter machines without users noticing, as software bundles typically try to hide optional installs under Advanced settings, and most people simply skip this step by choosing the Recommended mode. Once inside the machine, Under-Cover.info virus starts performing a variety of changes, including the ones that modify users' homepage and a new tab, along with the search engine. From that point, users are forced to browse via the hijacked engine,[1] which typically shows them fake search results that include a colossal amount of sponsored links, deal with redirects to questionable websites, and suffer from the slow operation of the browser.
SUMMARY | |
Name | Under-Cover.info |
Type | Browser hijacker, Potentially unwanted program |
Related apps | Under Cover Search, Flowsurf |
Developer | Kinner Lake Limited |
Distribution | Software bundling, third-party websites |
Symptoms | Homepage set to hxxp://under-cover.info/?home=1&a=notset&u=notset&t=8, excessive amount of sponsored links in search results, pop-up ads on various sites, redirects to affiliated or dangerous websites |
Risk factors | Money loss, malware infection, data leak |
Removal | Delete the browser hijacker with security software or use our guide for manual termination |
Optimization | To recover from the infection, scan your device with FortectIntego |
While browser hijackers are not considered to be severe computer infections, their presence might compromise computer security and users' online safety. In this article, we will explain peculiarities of this type of threat, and will also describe how to remove Under-Cover.info from Google Chrome, Mozilla Firefox, Safari, Opera, or another browser.
The primary goal of Under Cover Search developers is to generate traffic to sponsored websites, which would consequently increase the profits for both parties. For that, PUP authors need to make sure that Under-Cover.info hijacker reaches as many users as possible – hence the shady distribution technique.
Once the changes to the installed browsers are made, Under-Cover.info starts its shady activities by displaying sponsored content, placing a layer of ads on most sites, exposing to altered search results, and also tracking users' web browsing activities. This is done with the help of tracking technologies, such as Beacons[2] or Cookies. This information-gathering allows Under-Cover.info developers to gather the following information:[3]
- technical information transmitted by your device such as type of operating system, device type, default browser;
- your aggregated use of the Software, basically we know if you installed the software;
- usage statistics;
- language and the time stamp;
- approximate geographical location.
This data is collected in order to generate personalized ads, but these are always coming from the affiliates. Therefore, Under-Cover.info hijack can manipulate what sites users visit, influence their interests and make them buy products or services that they otherwise would not.
Therefore, while the browser hijacking changes might seem relatively minor, it might result in the installation of potentially dangerous apps, exposure to online scams, and even malware infection. Thus, if you noticed that your homepage has changed, check your system with security software or perform manual Under-Cover.info removal as explained below. After you kill the PUP, make sure you use FortectIntego or similar repair software to bring your device to a pristine condition.
Under-Cover.info is a browser hijacker that modifies web browser settings without permission in order to perform the revenue-generating activities
Make use of Advanced installation settings to avoid PUPs
If you do not want to let potentially unwanted programs hijack your computer, you should pay more attention to the software installation process. Contrary to many people’s beliefs, Default or Recommended installation settings are not the ones that should be trusted during the procedure.
In fact, Custom or Advanced settings will allow you to determine which applications are secretly offered to you. Therefore, opt for these settings because they enable you to reject unwanted items added to the desired software. Be aware that most of the free apps will include some sort of “offer” or “deal,” and it might be hidden in various ways, including grayed out buttons, pre-ticked boxes, misleading placement of the toggle, etc.
There are two ways to terminate Under-Cover.info from your computer
As we already mentioned, the presence of a browser hijacker will not bring you any benefit but instead will manipulate the search results and expose you to potentially dangerous content. For that reason, it is best to take care of Under-Cover.info removal before you compromise your computer safety.
You can remove Under-Cover.info virus manually or automatically. The latter option is best for those who are less tech-savvy, however. It will allow you to terminate the unwanted application in just a few minutes. Simply download and install a security program that focuses on potentially unwanted program removal and then perform a full system scan. Alternatively, you can also use our instructions below to delete the PUP manually.
You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
Getting rid of Under-Cover.info virus. Follow these steps
Uninstall from Windows
There are several programs that might be related to appearance of Under-Cover.info site and browser redirect problem. Therefore, you should look for Under Cover, Flowsurf, and other programs published by Kinner Lake Limited. Remove all of them, and then thoroughly check every web browser for suspicious components and revert modified settings. The tutorial we provide should help you to complete this task.
Instructions for Windows 10/8 machines:
- Enter Control Panel into Windows search box and hit Enter or click on the search result.
- Under Programs, select Uninstall a program.
- From the list, find the entry of the suspicious program.
- Right-click on the application and select Uninstall.
- If User Account Control shows up, click Yes.
- Wait till uninstallation process is complete and click OK.
If you are Windows 7/XP user, proceed with the following instructions:
- Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
- In Control Panel, select Programs > Uninstall a program.
- Pick the unwanted application by clicking on it once.
- At the top, click Uninstall/Change.
- In the confirmation prompt, pick Yes.
- Click OK once the removal process is finished.
Delete from macOS
Remove items from Applications folder:
- From the menu bar, select Go > Applications.
- In the Applications folder, look for all related entries.
- Click on the app and drag it to Trash (or right-click and pick Move to Trash)
To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
Remove from Microsoft Edge
Delete unwanted extensions from MS Edge:
- Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
- From the list, pick the extension and click on the Gear icon.
- Click on Uninstall at the bottom.
Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
- Under Clear browsing data, pick Choose what to clear.
- Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.
Restore new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Disable if you found any suspicious domain.
Reset MS Edge if the above steps did not work:
- Press on Ctrl + Shift + Esc to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.
If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.
- Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
- Press Ctrl + A on your keyboard to select all folders.
- Right-click on them and pick Delete
- Now right-click on the Start button and pick Windows PowerShell (Admin).
- When the new window opens, copy and paste the following command, and then press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose
Instructions for Chromium-based Edge
Delete extensions from MS Edge (Chromium):
- Open Edge and click select Settings > Extensions.
- Delete unwanted extensions by clicking Remove.
Clear cache and site data:
- Click on Menu and go to Settings.
- Select Privacy, search and services.
- Under Clear browsing data, pick Choose what to clear.
- Under Time range, pick All time.
- Select Clear now.
Reset Chromium-based MS Edge:
- Click on Menu and select Settings.
- On the left side, pick Reset settings.
- Select Restore settings to their default values.
- Confirm with Reset.
Remove from Mozilla Firefox (FF)
Do not forger to reset Mozilla Firefox to make sure that all the setting changes performed by the hijacker are reverted:
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
Remove from Google Chrome
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Delete from Safari
Remove unwanted extensions from Safari:
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Clear cookies and other website data from Safari:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Reset Safari if the above-mentioned steps did not help you:
- Click Safari > Preferences…
- Go to Advanced tab.
- Tick the Show Develop menu in menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of Under-Cover.info registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.
How to prevent from getting browser hijacker
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.
- ^ Jacob Roach. What is Browser Hijacking? Sneakier Than You Think. Cloudwards. Independent cloud storage and web services reviews, news and comparison tables.
- ^ What are beacons and how do they work. Intellectsoft. Software Development Company.
- ^ Privacy Policy. Under-cover. Official site.