Wednesday, June 18, 2014

Ask-TB.com Hijacks, I Want Homepage Back But How?



remove Ask-tb.com

OUTLINE

  • What is Ask-tb.com and its purpose?
  • Conclusion on Ask-tb.com’s troubles
  • Any harms from Ask-tb.com?
  • Follow thread to remove Ask-tb.com
  • Reference
  • Other related posts


Why Homepage Suddenly Changes to Ask-tb.com?


Most people don’t ask for Ask-tb.com but they have their homepage changed to Ask-tb.com somehow. So what is it and why it does so? Ask-tb.com is categorized as browser hijacker and has been widely called as PUP due to the fact that there’s no vicious attribute code found in its package. In other word, Ask-tb.com is not technically a virus.

By hijacking homepage, Ask-tb.com manages to intercept traffic and thus help with page rank. By displaying advertisements and sponsored links in search results, the PUP is able to get profitable income as it is promoting certain sites or products and boosting advertising revenue.

Since browser hijacker is capable of gathering huge traffic within short period of time, Ask-tb.com and the others have been widely employed in blackhat SEO. There’s a big chance to be hijacked in the event that:
  1. You click on random ads.
  2. You download and install some toolbar/plug-in/extension.
  3. You install freeware/shareware without ruling out some unwanted applications.


Ask-TB.com Hijacking Scene

  1. Both PC performance and page-loading speed will be slowed down
  2. Additional web applications like Ask toolbar might install without permission.
  3. Random ads could occur to ruin surfing experience.


Potential Dangers from Ask-tb.com


As one can see that Ask-tb.com extension has the capability of:
  1. modifying the default or custom settings of home page, search settings and the like.
  2. modifying browser’s load time threshold.
  3. placing a lock file to prevent competing software from changing its settings.
  4. disabling the browser’s Content Security Policy in order to allow for cross site scripting.
One should be informed that all the web pages are inevitably involving JS technique which is the very one that helps us to remember log-in credentials so as to save energy and time when logging into the same website. With the technique, Ask-tb.com will be able to know users’ online whereabouts so as to help make the online marketing strategy.

Nowadays, cyber criminals use JS technique to help record confidential information typed online. Attacking Ask-tb.com will be much beneficial as the browser hijacker owns wide coverage and adopts JS technique. PUP like Ask-tb.com is the major target by virus and it can be easily capitalized by infections under the temptation of money.



Follow Thread to Help Remove Ask-tb.com Browser Hijacker


A. Reset browsers.


Internet Explorer: Tools menu > Internet Options > Advanced tab > Restore Defaults button > OK.



Mozilla Firefox:  Firefox button > Help > Troubleshooting information > ‘Reset Firefox’ button.


Google Chrome:‘Customize and Control Google Chrome’ menu > ‘Options’ > ‘Under the Hood’ > ‘Reset to Defaults’ button.

 
Opera: Show hidden files and folders (see Step C) > navigate to "C:\Users\user_name\AppData\Roaming\Opera\Opera\" > remove Operapref.ini.


Safari: Safari menu > ‘Reset Safari’ > tick all given options > ‘Reset’ button.




B. Access Task Manager to remove the items with the path directing to Ask-tb.com.

Windows
Ctrl+Alt+Del/Ctrl+Shift+Esc > access Task Manager > View > select columns > tick "PID" and "Path name" > go to open up System Information > end the process with path name directing to Ask-tb.com's path or the path that doesn't belong to system.

select Colunms to tick PID and Path Name to find out the services and processes related to
Ask-tb.com
 

Mac OS X
Applications > Utilities > Activity Monitor > click open the suspected processes > "Open ports and files" > end the process with path name directing to Ask-tb.com's path.

search for and open up Activity Monitor on Mac to stop the ads by Ask-tb.com from popping up




C. Show hidden files and folders to remove Temp file and the ones related to Ask-tb.com.





Windows 7/XP/Vista
‘Control Panel’ > 'user accounts and family safety' > 'Folder Options’ > View tab > tick ‘Show hidden files and folders' and non-tick 'Hide protected operating system files (Recommended)’ > ‘OK’.

Windows 8
Start screen > Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ options > OK button.

a.when done, remove the given items:
C:\Users\[user name]\AppData\Local\Temp\
C:\WINDOWS\Temp
C:\Documents and Settings\[user name]\Local Settings\Temp
C:\Documents and Settings\[user name]\Local Settings\Temporary Internet File

b. navigate to the following directories and remove the items generated on and after the date when Ask-tb.com was firstly detected:
C:\Windows
%SystemDriver%\
C:\Program Files\
C:\windows\system32\
C:\users\user\appdata\local\
C:\Users\[your username]\Documents\
c:\users\[username]\appdata\locallow\



Mac OS X
Finder > Utilities folder > Terminal > copy and paste "defaults write com.apple.Finder AppleShowAllFiles YES" > return key > copy and paste the "killall Finder" > return key.

a. remove temp files and folders:

Finder > Utilities folder > terminal:
  1. type
    cd ~/Library/Logs
    sudo rm -rf ~/Library/Logs/*
    and press Return button.
  2.  
  3. type
    rm -rf ~/Library/Safari/Downloads.plist
    cd ~/Library/Caches
    sudo rm -rf ~/Library/Caches/*
    and press Return button.

b. access the following locations to remove the items generated on and after the date when Ask-tb.com was firstly detected:
Library/Internet Plug-Ins/ 
Home folder/Library/Internet Plug-Ins/ 
Applications
Dock
Display




D. Modify Hosts file.


Windows
Win+R key combination > type CMD > hit Enter key > type "ping Ask-tb.com" > Enter key > note down the IP address > navigate to C:\WINDOWS\system32\drivers\etc > click open Hosts file > paste the IP address to the last line > save file.



Mac OS X
Finder launchpad icon > Utilities > Terminal > type "ping Ask-tb.com" > Enter/Return key > note down the IP address > shift+command+g key combination > type “etc” (/private/etc/hosts) > Enter/Return key > click open Hosts file > paste the IP address to the last line > save it to modify host file.



If you deemed that Ask-tb.com is an annoying application and does bring troubles to your daily life, just remove it with the manual removal thread. It is also highly recommended to update security knowledge often so as to learn the way to tackle down problems caused by non-virus items. Be noted that the above is removal thread instead of the exact step applicable to certain OS, BIOS. It is impossible to show the exact step or items to remove as various OS, structure are available out there. Besides, one should get rid of the items that install through Ask-tb.com altogether so that the browser hijacker won’t return until you make mistake online.
get expert help in removing Ask-TB.com
 


Reference
http://blog.vilmatech.com/remove-ask-tb-com-redirect-browser-hijack-virus-manual-guide/


Other Related Posts

Remove V9 Portal Site (en.v9.com) without Reimage

Speedial.com/Speedial.org Removal – Hijacking Problems

MixiDj.Delta-search.com Harnesses Computer, How to Remove

Tuvaro Search Redirect (Tuvaro.com), How to Restore Home Page?

How to Remove Istart.webssearches.com Browser Hijacker from Windows and Mac OS X?






No comments: