Sunday, February 17, 2013

Remove BearShare Search Engine Virus (

What BearShare Is? 

BearShare is promoted as a useful and substantial tool to download as many songs and videos as possible:

However, it reveals its nature as a browser hijacker when it puts its search engine bar without asking for your permission and makes its obligatory appearance to every page you are attempting to visit. Here’s the screenshot of its odd search helper bar:

Looks familiar? YES! It resembles much the interface with, and Imesh redirect virus. Such malicious search bar will usually changes its URL, therefore some people get, some get, other may get,, and other affiliate sites.

What Does BearShare Virus Do?

The moment you download BearShare or other programs that is bundled with it, your DNS (Domain Name System) setting is modified, which lead to a different default homepage and undesired redirection to More queries to its sites, more commands it will receive to further compromise your computer including making a backdoor to your system. That’s why some people get additional redirect destination like or are forced to get unwanted pop ups.

ATTENTION: do not take it for granted. Browser issue as it appears to be, it has something t do with system security. A backdoor manages to make the target computer subject to more infections and place your machine under the reach of a remote hacker. More things will be downloaded to the system, making the machine overloaded to perform poorly. What’s worse, your information will be recorded and scraped without your knowledge. So hurry up to rescue your machine. Any question will be answer if you live chat with 24/7 online experts here.

Detailed Steps to Remove BearShare Search Engine Virus (

1. If your computer is choppy in normal mode, you can remove PUP.CrossFire.SA either  in safe mode with networking or create a new User Account

a) Get into the Safe Mode with Networking
step: Reboot your computer. As the computer is booting but before Windows launches, tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to highlight "Safe Mode with Networking" option and press Enter key.


b) Create a new User Account

For Windows XP

  1. Click the Start button in the lower left corner of the desktop. 
  2. Click Settings, then click Control Panel. 
  3. In the Control Panel window, click User Accounts.  
  4. In the User Accounts window, click Create a new account. 
  5. Enter the user account name in the Account Name field and click Next. 
  6. Select the Limited radio button, then click Next. 
  7. Click Create Account. 
  8. In the User Accounts window, click on the new account. 
  9. Click Change the password. 
  10. Enter the desired password (this should be different than the administrator password). Be sure to use a strong password. 
  11. Verify the password and add a password hint. 
  12. Click Change Password. 
  13. Log out of the administrator account by hitting CTRL-ALT-DEL and selecting Log Off. Then log back in as the new user account.

2. Disable any suspicious startup items.
For Windows XP:

step: Click Start menu -> click Run -> type: msconfig in the search bar -> open System Configuration Utility -> Disable all possible startup items including BearShare's.

3. Remove add-ons:

Internet Explorer:
1) Go to Tools -> ‘Manage Add-ons’;
2) Choose ‘Search Providers’ -> choose ‘Bing’ search engine or ‘Google’ search engine and make it default;
3) Select ‘Search Results’ and click ‘Remove’ to remove it;
4) Go to ‘Tools’ -> ‘Internet Options’; select ‘General tab’ and click website, e.g. Click OK to save changes.

Google Chrome
1) Click on ‘Customize and control’ Google Chrome icon, select ‘Settings’;
2) Choose ‘Basic Options’;
3) Change Google Chrome’s homepage to or any other and click the ‘Manage Search Engines…’ button;
4) Select ‘Google’ from the list and make it your default search engine;
5) Select ‘Search Result’ from the list to remove it by clicking the ‘X’ mark.    

Mozilla Firefox
1) Click on the magnifier’s icon and select ‘Manage Search Engine…’;
2) Choose ‘Search Results’ from the list and click ‘Remove’ and OK to save changes;
3) Go to ‘Tools’ -> “Options”. Reset the startup homepage or change it to under ‘General tab;  

4. Disable proxy

  1. Click on Tools on the menu bar
  2. select Internet options
  3. go to Connections tab
  4. select LAN settings at the bottom of the dialog
  5. under the Proxy sever, untick 'use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections).'
  6. Click OK 

5. Show hidden files  
a) open Control Panel from Start menu and search for Folder Options;

b) under View tab to tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then click OK;


c) Click on the “Start” menu and then click on the “Search programs and files” box, Search for and delete these files created by BearShare:

C:\Program Files\BearShare
C:\Program Files\BearShare\db
C:\Program Files\BearShare\Extras
C:\Program Files\BearShare\Installer
C:\Program Files\BearShare\Logs
C:\Program Files\BearShare\Playlists
C:\Program Files\BearShare\sounds
C:\Program Files\BearShare\Temp
C:\Program Files\BearShare\Webstats
C:\Program Files\BearShare\BearShare.dat
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BSidle.dll
C:\Program Files\BearShare\FreePeers.ini
C:\Program Files\BearShare\History.txt
C:\Program Files\BearShare\INSTALL.LOG
C:\Program Files\BearShare\license.lic
C:\Program Files\BearShare\UNWISE.EXE
C:\Program Files\BearShare\Webstats.bat
C:\Program Files\BearShare\Webstats.exe
C:\Program Files\BearShare\Webstats.ini
C:\Program Files\BearShare\db\config.bin
C:\Program Files\BearShare\db\connect.txt
C:\Program Files\BearShare\db\gwebcache.dat
C:\Program Files\BearShare\db\Hostiles.txt
C:\Program Files\BearShare\db\Hostiles-Chat.txt
C:\Program Files\BearShare\db\library.2.db
C:\Program Files\BearShare\db\library.2.db.lastgoodload.bak
C:\Program Files\BearShare\db\library.db
C:\Program Files\BearShare\db\library.db.lastgoodload.bak
C:\Program Files\BearShare\db\searches.ini
C:\Program Files\BearShare\Installer\BSPROINSTALL.exe
C:\Program Files\BearShare\Logs\hosts-state.txt
C:\Program Files\BearShare\Logs\memory.txt
C:\Program Files\BearShare\Logs\ordinal.txt
C:\Program Files\BearShare\Logs\streams.txt
C:\Program Files\BearShare\sounds\notify.wav
C:\Documents and Settings\All Users\Start Menu\Programs\BearShare.lnt
C:\Documents and Settings\Mohit Padalia\Desktop\BearShare.lnk

6. Open Windows Task Manager and end running processes of BearShare.
step: Use CTRL+ALT+DEL combination to open Task Manager  

7. Delete all related files and registry values in your local hard disk C.
step: Hold down the Windows key on your keyboard and press the "R" button. Type in "regedit" and hit "Enter" to gain access to the Registry Editor.


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector".

Video Sample Guide on How to Remove BearShare Search Engine Virus (


Kind Reminder: There's a lot of work need to do after you have resorted to security utilities. And what you need to do is to get into the kernel part of the affected system to kill related  files and registries. Be careful when you do that, since any slight mistake would result in none-access to Windows again. Besides, BearShare Search Engine Virus is able to trigger random redirect virus, thus the removal of related files and key values to BearShare Search Engine Virus is not enough. Should you fail to kill BearShare Search Engine Virus and the mess of your browser, you are welcome to start a live chat with Tee Support experts 24/7 online for real-time help.

No comments:

Post a Comment