Severity scale:  
  (9/100)

Wethma.com virus. How to remove? (Uninstall guide)

removal by Lucia Danes - - | Type: Browser hijacker
12

Search redirects to Wethma.com warn about hijacked web browser

Example of Wethma.com redirects

Wethma.com is a suspicious website that might show up on the browser after browser hijacker’s[1] attack. Once you enter search queries to browser’s address bar and hit enter, the virus redirects to this domain and displays a pop-up:

wethma.com says:
You are ready to go…

If you click OK or wait for a couple of minutes, Wethma.com virus will redirect you to Yahoo search. Indeed, this search provider is absolutely legit. However, such redirect tendencies should not be tolerated. It seems that this potentially unwanted program (PUP)[2] might initiate to promotional websites and display ads too.

During the redirect, user’s might find one of these messages in the browser’s status bar:

  • Connecting to http://wethma.com/,
  • Waiting for http://wethma.com/,
  • Transferring from http://wethma.com.

Such Wethma.com redirect tendencies negatively affects browsing experience. Users cannot use their preferred search engine, information looking process becomes longer, and most importantly, they might end up on a potentially dangerous website.

The reason behind this weird browser’s activity is a particular browser extension. Most likely it was installed in software package without user’s realization. Since then it may have altered browser’s settings and Windows Registry to control user’s behavior. One of these changes might be browser’s homepage and default search engine replaced with http://wethma.com/?keyword= domain.

To revert previous browser’s settings, you have to remove Wethma.com PUP from the computer. For that, you can use anti-malware/anti-spyware software, such as Reimage. All you have to do is to run a full system scan with an updated tool.

Additionally, Wethma.com removal might be performed manually. You can find necessary instructions at the end of the article. However, you should not postpone this procedure because the hijacker might also collect browsing-related information about you and use it for advertising purposes.

The suspicious browser extension is promoted in software bundles

The browser extension which is responsible for these strange redirects often enters the system bundled with freeware or shareware. The PUP might be added as an extra component and presented as some useful application. However, users might install it accidentally if they rely on quick or recommended installation settings.

To avoid Wethma.com hijack and similar PUPs, you always have to make sure that any “optional downloads” are not left pre-selected. It’s the only way to evade unwanted changes on browser and computer.

Possible ways to get rid of Wethma.com

You can easily stop redirects to this shady site by following manual Wethma.com removal guidelines below. They will show you how to spot this browser extension and uninstall it together with other related components. Make sure that you do not leave any of them.

However, the easier way to remove Wethma.com and hijacker-related entries is to use anti-malware. Scanning the system with an updated tool will eliminate suspicious entries within several minutes. Experts from No Virus[3] also reminds to reset each of the installed web browsers to wipe out this cyber threat entirely.

You can remove Wethma.com automatically with a help of one of these programs: Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Malwarebytes Anti Malware. We recommend these applications because they can easily delete potentially unwanted programs and viruses with all their files and registry entries that are related to them.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Wethma.com virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Wethma.com virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

Manual Wethma.com virus Removal Guide:

WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove Wethma.com from Windows systems

These instructions will guide you through during hijacker's removal. Once you eliminate all unknown entries from the computer, check each of the browsers that are installed on your PC. It doesn't matter if you use them or not, they all have to be reset.

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs).Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall Wethma.com and related programs
    Here, look for Wethma.com or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove Wethma.com from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete 'http://isearch.babylon.com...' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove Wethma.com from Mac OS X system

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for Wethma.com or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash.Click on every malicious entry and select 'Move to Trash'
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove Wethma.com from Internet Explorer (IE)

Below you can find manual hijacker's removal guidelines from Internet Explorer:

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for Wethma.com and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete Wethma.com removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove Wethma.com virus from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, Wethma.com should be removed from your Microsoft Edge browser.

WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove Wethma.com from Mozilla Firefox (FF)

Monitor Firefox's extensions and uninstall those who might be responsible for redirects to Wethma.com.

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select Wethma.com and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete Wethma.com removal. Click on 'Reset Firefox' button for a couple of times
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove Wethma.com from Google Chrome

Wethma.com virus might be brought by some Chrome extension. Remove it and reset the browser.

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select Wethma.com and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete Wethma.com removal. Click on 'Reset' button to complete your removal
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove Wethma.com from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for Wethma.com or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by Wethma.com, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete Wethma.com removal process. Select all options and click on 'Reset' button
After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of Wethma.com registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware.

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References