A relatively new adware threat targeting computers on a large scale is being thoroughly dissected in this tutorial. It’s called Astromenda after the denomination of the respective web browser extension which gets dropped on a system. Aside from the means applied for the spreading of this pest, the article also covers a workaround to remove it from an infected PC efficiently.
The absence of user consent for setup and further modifications on a computer system, as well as out-of-the-ordinary intrusiveness are the intrinsic things that make programs like Astromenda malicious. In fact, antivirus tools are flagging this particular object as adware, Trojan or PUP (potentially unwanted program). This is certainly not by chance. The payload for this application never goes explicit on the setup stage. Instead, it gets obscurely integrated in the installers for other software such as free media tools, phony updates, browser toolbars and the like. Getting infected with WSE_Astromenda, therefore, is a matter of failing to notice some inconspicuous opt-out or sticking to the default setup on the installation wizard for those dubious applications.
Not knowing that the adware is making its way into a PC will only last until it begins playing havoc with the web browsers. Its cross-browser feature makes it compatible with Internet Explorer, Firefox and Chrome, which means none of these are resistant to this infection. The malware adds a new browser extension, Astromenda, which does not require user approval to be installed. Altering the custom Internet surfing settings is also an activity that this virus implements without asking. It changes the start page, making it point to http://astromenda.com. New tab settings get twisted in a similar fashion. The web search preferences also undergo an unauthorized transformation into the above-mentioned domain. Resulting from this, a large portion of web traffic from the compromised OS will get routed to the http://astromenda.com landing page.
These recurring redirects have a concrete reason behind them – the advertising. As you enter a random search in there, it gets you to a results page with up to fifteen sponsored links. Naturally, this is how a lot of money can be earned by the people who run the Astromenda Search campaign. That being said, you definitely do not want an app like this one operating on your computer. The bottom line is to get rid of this annoying entity and thus restore status quo in terms of the browsing preferences.
Use automatic solution to remove Astromenda Search virus
The issue of WSE_Astromenda adware hijacking a web browser can be effectively resolved if you use trusted security software. Along with the apparent ease of such removal, other benefits include thoroughness of virus detection and elimination from all system locations it might have affected. Please follow these steps:
1. Download and install Astromenda removal tool. Run the application and select Start Computer Scan option in order to have your computer checked for adware, viruses, Trojans, and other malicious objects.
2. When the scan is complete, it will return a list with results on what infections have been found. Go ahead and click Fix Threats to completely get rid of the detected items. The virus should now be gone from your PC.
Uninstall malicious program via Control Panel
• Go to Control Panel on the infected computer. On Windows XP / Windows 8, proceed to Add or Remove Programs.
On Windows Vista / Windows 7, select Uninstall a program
• Review the list of installed software and search for Astromenda. Once the culprit entry is found, select it and click Change/Remove or Uninstall/Change.
Manual removal of Astromenda virus from the affected browsers
This section will cover step-by-step instructions for deleting the specific objects (add-ons, search providers), restoring the correct defaults and modifying shortcut settings for the major web browsers: Internet Explorer, Mozilla Firefox, and Google Chrome.
Astromenda Search removal from Internet Explorer
• Click on the Gear icon / Tools in IE and select Manage add-ons
• On the list of Add-on types, select Toolbars and Extensions. Right-click on the Astromenda entry and select Disable from the context menu
• On the same interface, select Search Providers under Add-on Types. Right-click on the Astromenda
item and choose the Remove option. In addition, select a different search engine you would like to use
• IE homepage can be restored in the following way: click on the Gear icon / Tools and select Internet Options.
Go to General tab and enter the preferred home URL
Astromenda Search removal from Firefox
• Type about:config in the URL area and press Enter
• Click "I’ll be careful, I promise!" on the warning that gets displayed to confirm the configuration change intensions
• Type astromenda or astromenda.com in the Search field
• All Firefox preferences related to this adware will be returned as a list. Right-click every single entry and select Reset for those
• Now proceed to Tools and pick Add-ons in the drop-down list
• Go to Extensions and hit the Remove button for Astromenda New Tab as shown
Astromenda Search removal from Google Chrome
• Click on the Chrome menu icon in the top right-hand part of the window, and select Settings
• On the screen that opened, look for the section called On startup and click on the radio button for Open a specific page or set of pages.
Then click on the Set pages option
• Locate the Astromenda Search entry and click the X button as shown on the image below
• Now go to the Appearance section under Settings. Put a check mark next to Show Home button
and click on the Change option
• Select Use the New Tab page and save the changes
• Proceed now to the Search field under Settings. Select Manage search engines.
Remove Astromenda from the list and choose a different search service to use further on by default
• Return to the Chrome menu and select Tools. Click on the Extensions menu in the left-hand
part of the page. Locate Astromenda New Tab and click on the respective trash bin icon to eliminate the bad add-on
Make sure the Astromenda Search virus has vanished
When it comes to persistent threats, double-checking never hurts. Therefore it’s highly recommended to complete Astromenda cleanup process with a final scan that will once again look for any potential bits and pieces of the infection