How To Remove The MP3 Tube Toolbar Virus And Repair Internet Browser Settings (Mp3tubetoolbar.com Adware)

What is the Mp3tubetoolbar.com (MP3 Tube Toolbar) virus?

The Mp3tubetoolbar.com (MP3 Tube Toolbar virus, MP3 Toolbar virus) virus is adware, categorized as a browser hijacker because the MP3 Tube Toolbar virus can modify internet browser settings and redirect website searches and URL input to a malicious, unnecessary website, or drive by download website which may be infected with malware. The website Mp3tubetoolbar.com may appear real and have realistic features such as searches, services, etc, but the website Mp3tubetoolbar.com is malicious to an infected user. If you attempt to manually access Mp3tubetoolbar.com on your own you will most likely be directed to a blank webpage.

Most infected users internet settings become hijacked and computer systems become infected by Mp3tubetoolbar.com from phishing techniques (email scams, etc), malicious websites, previous malware and viruses (Trojans, etc), and freeware and shareware (bundlded software). The MP3 Tube Toolbar is even available for free download by Yahoo Downloads (pictured below).

MP3 Tube Toolbar

As stated before the MP3 Tube Toolbar seems real, it appears non-malicious and is mass distributed even though it is malware. The Toolbar is easily distrubuted because it does not detail the what the victim is downloading along side what seems to be a real MP3 Toolbar. The commercial distributers of the malicious Toolbar misinform the general public about the dangers of their plugin.
This is a claim from the developers of the MP3 Tube Toolbar:

The MP3Tube Toolbar conveniently sits on the browser window. The toolbars main function allows you to download videos from sites such as YouTube directly to your desktop with a click on a button. When the Save MP3 button turn green this signals that you are on a page with downloadable videos. Clicking the green button will open up a drop-down menu where you select which videos to download, see the status of the download and have a link to your previously downloaded files. You can even download your favorite video while watching it! On top of the video downloading function, this toolbar provides you with quick useful features such as weather, games and shopping apps.

Most freeware and shareware applications never detail the unnecessary ware which may installed with suck programs by simply clicking a link, which is why you investigate any software before you install it onto your computer. The MP3 Toolbar seems real, you can download it from Yahoo, but it is still malware and is not safe.

[Note]Similar Malware: MyStart by Incredibar, Searchqu, Adware.Sogou, Text Enhance, DNSChanger,[/Note]

MP3 Tube also installs (or bundles with) Browser Seek (BrowserSeek.adware) files and possibly a Browser Seek toolbar. Browser Seek is commonly bundled with different types of malware; Signifigantly MP3 Tube and All Search.

BrowserSeek Virus

To learn more about All Search and Browser Seek please read a more current article here.

Mp3tubetoolbar.com Virus Symptoms

  • Mp3tubetoolbar.com creates a dynamic link library file on your system without permission, such as directory files (application data), and registry values.
  • A Mp3tubetoolbar.com infection may change internet browser settings like most malicious hijackers and redirects the infected user to malicious website, or adware based website. The services and links provided on these websites are assoacited with malware, viruses, and spam.
  • Some infected users have documted that Mp3tubetoolbar.com is associated with browser helped objects (BHOs) that install extensions and toolbars, plus changes homepage (startup page) settings.  One of these URLs and BHOs is Browser Seek and the “Browser Seek Toolbar”.
  • Mp3tubetoolbar.com allows other infections onto infected systems and works simontaneously.

How To Remove The Mp3tubetoolbar.com Virus

There are different options to safely remove MP3 Tube Toolbar and all associated files (etc) from your computer and internet browser.

  1. Anti-Malware Software – Scan for and remove malware.
  2. Manual Removal – Manually kill the Mp3tubetoolbar.com process, remove registry entries, and remove installed directory files.
  3. System Restore Restore your system to a date and time before infection using Window’s automatic restore points. Please click here to learn more about a system restore.
  4. Repair Internet Browser Settings –  Once the infection is removed repair internet settings, check for malicious extensions (if necessary).

1. Anti-Malware Software

Not many malware removal programs are current with new malware updates as different variants of infections. Your safest bet is with Malwarebytes. Malwarebytes has the highest sample rate due to being the most downloaded Malware removal software in 2011 and 2012 (based off Cnet records). They also provide free or paid versions.Try Malwarebytes, the Leader in Malware Removal.
[Small_Button class=”lightblue”] Remove Malware [/Small_Button]  

2. Manual Removal

Manually removing the Mp3tubetoolbar.com process may be difficult because it is unknown what the process name is titled though the process is a .exe file. The steps to remove this infection are detailed below.

  1. Kill process
  2. Remove registry entires (values)
  3. Remove directory files
Kill Process

Access Windows Task Manager by pressing Ctrl+Shift+Esc (or Ctrl+Alt+Delete > Task Manager). Navigate to the “Processes” tab.

Windows Task Manager Processes Tab

Find the Mp3tubetoolbar.com executable process and kill it. These processes can be a mix of random letters and numbers such as: a482g.exe or in some cases related to Browser Seek described below.
[Normal_Box]

Browserseek.exe
Browserseek.dll

[/Normal_Box]

Remove Registry Entries

Access Windows Registry Editor by navigating to Window’s Start Menu and typing regedit into the search field, followed by pressing Enter.

Regedit

Remove the registry values created by Mp3tubetoolbar.com and Browser Seek detailed below.[Normal_Box]

  1.     HKEY_LOCAL_MACHINESOFTWAREClassesBrowserSeekIEHelper.DNSGuardCLSID
  2.     HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar “BrowserSeek Toolbar”
  3.     HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} “BrowserSeek Toolbar”
  4.     HKEY_LOCAL_MACHINESOFTWAREClassesBrowserSeekIEHelper.DNSGuardCurVer
  5.     HKEY_LOCAL_MACHINESOFTWAREClassesBrowserSeekIEHelper.DNSGuard.1
  6.     HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7}InprocServer32 “C:PROGRA~1WINDOW~4ToolBarBrowserSeekdtx.dll”
  7.     HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}ProgID “BrowserSeekIEHelper.UrlHelper.1″
  8.     HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} “UrlHelper Class”
  9.     HKEY_LOCAL_MACHINESOFTWAREClassesBrowserSeekIEHelper.DNSGuard
  10.     HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7}”BrowserSeek BrowserSeek Toolbar”
  11.     HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}VersionIndependentProgID “BrowserSeekIEHelper.UrlHelper”[/Normal_Box]
Remove Directory Files

The Mp3tubetoolbar.com and Browser Seek infection creates a good sample size of application data due to it’s characteristics which classify it as a browser hijacker. Application Data by default is a hidden file. To learn how to show hidden files please click here.

Application Data Folder

Access your Application Data folder by navigating to Window’s Start Menu and typing %appdata% into the search field, followed by pressing Enter.

%Appdata%

Search for and remove the files below.[Normal_Box]

  1.     %AppData%BrowserSeektoolbardtx.ini
  2.     %AppData%BrowserSeektoolbarguid.dat
  3.     %AppData%BrowserSeektoolbaruninstallIE.dat
  4.     %AppData%BrowserSeektoolbaruninstallStatIE.dat
  5.     %AppData%BrowserSeektoolbarcouponsmerchants2.xml
  6.     %AppData%BrowserSeektoolbarcouponsmerchants.xml
  7.     %AppData%BrowserSeektoolbarstats.dat
  8.     %AppData%BrowserSeektoolbarstat.log
  9.     %AppData%BrowserSeektoolbarcouponscategories.xml
  10.     %AppData%BrowserSeektoolbarlog.txt
  11.     %AppData%BrowserSeektoolbarpreferences.dat
  12.     %AppData%BrowserSeektoolbarversion.xml[/Normal_Box]

Temporary Folder

Finally, access your Temp folder by navigating to Window’s Start Menu and typing %temp% into the search field, followed by pressing Enter.

%temp%

Search for and remove the file below.[Normal_Box]

  1.    %Temp%BrowserSeektoolbar-manifest.xml[/Normal_Box]

3. System Restore

Restoring your computer to a date and time before infection is a simple way to remove malicious settings and infections from your computer. To learn more about a system restore, including easy directions and options please click here.
Windows Recommended Restore And Choose A Restore Point

4. Repair Internet Browser Settings

The Mp3tubetoolbar.com virus is known to change internet browser settings. The Mp3tubetoolbar.com infection may install third party extensions, tool bars, and other browser objects onto a particular internet browser. Even once Mp3tubetoolbar.com files are removed from a particular system, internet browsers on the systems may have been malformed or changed. We have written a post about a redirection virus and browser hijacker called MyStart. Most infections which affect browser helper objects (BHOs) have the same steps to repair internet browsers. Please refer to the previous post about the MyStart Incredibar infection for similar internet browser repair instructions.

Other Article Suggestions:

These articles are useful in repairing internet settings and removing malicious extensions.


Sean Doyle

http://Botcrawl.com

Sean Doyle is an engineer from Los Angeles, California. Sean's primary focuses include Internet Security, Web Spam, and Online Marketing.

Comment ( 1 )