Wednesday, February 20, 2013

Know How: Isearch.fantastigames Redirect Removal (Explicit Steps to Follow up)

Reports from victims:
‘I have attached the logs but cannot find the Antimalware log. Help!’
‘I have been having an issue when I left click my mouse once. Also sometimes, it doesn't click at all. This has been going on for around 5 days now.’ ( is obviously a browser malware that forces PC users to apply its search bar. Here’s the screenshot:

Regardless of the arbitrary and dauntless action, how is it possible that some anti-virus programs cannot detect something guilty? The trick is lying on the perfect co-operation between vicious registry value and add-ons, which results in:

  1. reduplicative processes running in the same groove, leading to a lagging PC performance;
  2. generation of numbers of files;
  3. Homepage replacement by Isearch.fantastigames;
  4. automatic start up at each Windows starts;
  5. no access to related search results but advertisements instead most of times;
  6. frequent redirection made to and other affiliate pages;
  7. unauthorized access from known third party, putting yourself in a pretty risky situation of information theft;
  8. modifications of systematic registries, browser settings, making search results are Isearch.fantastigames domain-based. Here’s the snapshot:

Annoying Isearch.fantastigames Redirect

It has been found by Tee Support experts 24/7 available that the issue is not restricted to Firefox only, Chrome would run into the phishing site if unwitting online practice has been done incurring Rookit invasion. Fantastigames virus is not only irritating itself but also able to arouse more nuisances by inviting endless pop-up commercials. What’s worse, objectionable manages to impose some dysfunctions like:
  • Multiple tasks freeze up sometimes.
  • Security-related softwares seem to work improperly.
  • Pauses occur from time to time.
  • Machine always keeps thinking when try to launch a program.
How to remove fantastigames redirect effectively? You may simply follow up the steps hereinafter or you can simply live chat with online experts 24/7 online here for quick removal.

Detailed Steps to Follow up to Remove Isearch.fantastigames Redirect

1. If your computer is choppy in normal mode, you can remove PUP.CrossFire.SA either  in safe mode with networking or create a new User Account

a) Get into the Safe Mode with Networking
step: Reboot your computer. As the computer is booting but before Windows launches, tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to highlight "Safe Mode with Networking" option and press Enter key.


b) Create a new User Account

For Windows XP

  1. Click the Start button in the lower left corner of the desktop. 
  2. Click Settings, then click Control Panel. 
  3. In the Control Panel window, click User Accounts.  
  4. In the User Accounts window, click Create a new account. 
  5. Enter the user account name in the Account Name field and click Next. 
  6. Select the Limited radio button, then click Next. 
  7. Click Create Account. 
  8. In the User Accounts window, click on the new account. 
  9. Click Change the password. 
  10. Enter the desired password (this should be different than the administrator password). Be sure to use a strong password. 
  11. Verify the password and add a password hint. 
  12. Click Change Password. 
  13. Log out of the administrator account by hitting CTRL-ALT-DEL and selecting Log Off. Then log back in as the new user account.

2. Disable any suspicious startup items.
For Windows XP:

step: Click Start menu -> click Run -> type: msconfig in the search bar -> open System Configuration Utility -> Disable all possible startup items including those of fantastigames:

3. Remove add-ons:

Internet Explorer:
1) Go to Tools -> ‘Manage Add-ons’;
2) Choose ‘Search Providers’ -> choose ‘Bing’ search engine or ‘Google’ search engine and make it default;
3) Select ‘Search Results’ and click ‘Remove’ to remove it;
4) Go to ‘Tools’ -> ‘Internet Options’; select ‘General tab’ and click website, e.g. Click OK to save changes.

Google Chrome
1) Click on ‘Customize and control’ Google Chrome icon, select ‘Settings’;
2) Choose ‘Basic Options’;
3) Change Google Chrome’s homepage to or any other and click the ‘Manage Search Engines…’ button;
4) Select ‘Google’ from the list and make it your default search engine;
5) Select ‘Search Result’ from the list to remove it by clicking the ‘X’ mark.    

Mozilla Firefox
1) Click on the magnifier’s icon and select ‘Manage Search Engine…’;
2) Choose ‘Search Results’ from the list and click ‘Remove’ and OK to save changes;
3) Go to ‘Tools’ -> “Options”. Reset the startup homepage or change it to under ‘General tab;  

4. Disable proxy

  1. Click on Tools on the menu bar
  2. select Internet options
  3. go to Connections tab
  4. select LAN settings at the bottom of the dialog
  5. under the Proxy sever, untick 'use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections).'
  6. Click OK 

5. Show hidden files  
a) open Control Panel from Start menu and search for Folder Options;
b) under View tab to tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then click OK;


c) click on the “Start” menu and then click on the “Search programs and files” box, Search for and delete these files created by Isearch.fantastigames:

%Documents and Settings%\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
%Documents and Settings%\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat l

6. Open Windows Task Manager and close all Isearch.fantastigames' processes.
step: Use CTRL+ALT+DEL combination to open Task Manager  

7. Delete all related files and registry values in your local hard disk C.
step: Hold down the Windows key on your keyboard and press the "R" button. Type in "regedit" and hit "Enter" to gain access to the Registry Editor.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}

Video Sample Guide on How to Remove PUP.CrossFire.SA


Kind Reminder: There's a lot of work need to do after you have resorted to security utilities. And what you need to do is to get into the kernel part of the affected system to kill related  files and registries. Be careful when you do that, since any slight mistake would result in none-access to Windows again. Should you fail to kill Isearch.fantastigames and the mess of your browser, you are welcome to start a live chat with Tee Support experts 24/7 online for real-time help.

No comments:

Post a Comment