Hi Max,
Sorry to hear about the virus on your secondary machine. The eHow website is really a mess and has so many ads and page refreshes, your best bet is to find the instructions from another website that isn't designed so poorly. Here is one option that I found when I used Google to find webpages with info on removing Safe Search: http://botcrawl.com/how-to-remove-the-safesearch-virus/. This article recommends using a 3rd party malware scanner and I have had great success with Malwarebytes. After running the scan and removing the threats that are found, you should follow the additional steps to uninstall any related SafeSearch programs, browser add-ins/extensions/plugins and also reset your home page and search provider defaults in your web browsers. For your convenience, I will paste the instructions from the eHow webpage below but please keep in mind that GW Micro is not responsible for any negative effects that my result from making changes to your registry so please be careful if you attempt to complete the manual removal instructions listed in the article: How to Remove Safe Search By Tim Mammadov, eHow Contributor Share Print this article SafeSearch is a web browser hijacker. It redirects your online searches to advertised websites, displays pop-up windows and blocks anti-virus-related web pages. In addition, it significantly slows down your web browser and Internet connection. The spyware updates itself and runs on startup. Have a question? Get an answer from Online Tech Support now! Other People Are Reading How to Turn Off Safe Search How to Turn Strict Safe Search Off Instructions End System Processes 1 Press the "Ctrl," "Shift" and "Esc" keys at the same time to start the Task Manager. 2 Click the "Processes" tab in the Task Manager's window. Select "aanyvkcf.exe" from the list of processes and click "End Process" at the bottom of the window. 4 Repeat Step 3 for "safesearch.exe" and "rgzcdhtn.exe." 5 Close the Task Manager. Remove Registry Entries 6 Go to the "Start" menu, type "regedit" in the "Start Search" box and press "Enter" to start the Registry Editor. 7 Browse to and delete the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aanyvkcf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SafeSearch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rgzcdhtn HKEY_CURRENT_USER\Software\PrimeSoft HKEY_CURRENT_USER\Software\SafeSearch HKEY_CLASSES_ROOT\.QSCH HKEY_CLASSES_ROOT\QSCH File HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO HKEY_CLASSES_ROOT\SafeSearch.SafeSearchBHO.1 HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001} HKEY_CLASSES_ROOT\Interface\{28E6CCE2-3F2C-4B3D-9CB4-2FC8715A3ECE} HKEY_CLASSES_ROOT\Typelib\{82E9DE01-D860-40E4-B9C1-91F0E8272962} HKEY_CLASSES_ROOT\Typelib\{CB5006EE-F57D-4116-B7B6-48EB564FE0F0} HKEY_CLASSES_ROOT\mime\database\content type\application/x-QSCH HKEY_USERS\.default\Software\Netscape\Netscape Navigator\Trusted External Applications\%System%\aanyvkcf.exe=yes HKEY_USERS\.default\Software\Netscape\Netscape Navigator\Suffixes\Application/x-QSCH HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{00000000-0000-0000-0000-000000000001} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aanyv kcf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rgzcd htn 8 Close the Registry Editor. Unregister DLLs 9 Go to the "Start" menu, type "cmd" in the "Start Search" box and press "Enter" to unregister the DLL. 10 Type "regsvr32 /u safesearch.dll" in the command line window and press "Enter" to unregister the DLL. Type "regsvr32 /u _safesearch.dll" in the command line window and press "Enter" to unregister the DLL. 11 Close the command line window. Find and Delete Files 12 Go to the "Start" menu, type "aanyvkcf.exe" in the "Start Search" box and press "Enter." Delete all search results. 13 Repeat Step 1 for "safesearch.exe," "rgzcdhtn.exe," "safesearch.dll" and "_safesearch.dll." 14 Restart your computer. Tips & Warnings Back up the system registry before removing the registry entries. Delete only the listed registry entries to avoid damage to the operating system. Good luck! Marc Solomon GW Micro, Inc. Sales Manager and Trainer 725 Airport North Office Park Fort Wayne, IN 46825 Voice: 260 489-3671 Fax: 260 489-2608 Web: <http://www.gwmicro.com> www.gwmicro.com Follow us on Twitter: <http://www.twitter.com/gwmicro> www.twitter.com/gwmicro Like us on Facebook: <http://www.facebook.com/gwmicro> www.facebook.com/gwmicro Subject: Instructions for Removing SafeSearch From: "Max G. Swanson" <[email protected]> Date: Wed, 29 May 2013 20:54:41 -0500 Reply-To: [email protected] The above hijacker has installed itself on my seconedary machine, thank the gods not on this one. The site below was given as offering instructions on removal, but how can it be navigated? http://www.ehow.com/how_7424928_remove-safe-search.html Tried manipulating autoload and suspend, never getting beyond the announcement of 126 links. Any suggestions out there? -- Seniors of the world, unite! You have nothing to lose but your chained CPI! Regards, Max. If you reply to this message it will be delivered to the original sender only. If your reply would benefit others on the list and your message is related to GW Micro, then please consider sending your message to [email protected] so the entire list will receive it. GW-Info messages are archived at http://www.gwmicro.com/gwinfo. You can manage your list subscription at http://www.gwmicro.com/listserv.
