Removing AdRotator/yoogi Search

Yoogi Search is an infection that will infect Internet Explorer and Mozilla Firefox and it is installed along with the AdRotator adware( common on P2P networks).
This infection modifies the browser settings to redirect searches the infected computer on the search yoogi Search. Furthermore, this adware displays pop-up ads.

Identify infection

We can detect this infection through Internet Explorer BHO (line 02 of the Hiajckthis reports). Here are some examples:

O2 - BHO: addestination browser enhancer - {3E956688-6D36-55D6-E1C4-FC559DAE5A85} - C:\WINDOWS\system32\yjnhkdifnpcyj.dll 
O2 - BHO: bignetdaddy search enhancer - {D08C6C0A-C72E-213C-3B0E-1A5C3CE1CB87} - C:\WINDOWS\system32\ndzlhuafbdigdlsff.dll 
O2 - BHO: blueskyadagency browser enhancer - {D532CA23-A723-89F4-0634-EFBFDCFF1D8B} - C:\WINDOWS\system32\ntfvuwqomruv.dll 
O2 - BHO: cpmsky browser enhancer - {1a8a0d1f-e823-b1e4-42ae-024aa3c2333e} - C:\WINDOWS\system32\zusnedttqkfbq.dll 
O2 - BHO: mysidesearch search enhancer - {9a3fe4e7-5a29-255e-f320-0cb991482b1a} - C:\WINDOWS\system32\gigbpgfibeglg.dll 

The infection also changes the preferences of Firefox to redirect the user searches on the Yoogi Search. Changes are made in these files:

%APPDATA%MozillaFirefoxProfiles\%aléatoire%.defaultprefs.js
%APPDATA%MozillaFirefoxProfiles\%aléatoire%.defaultuser.js

Methods of disinfection

No antivirus or anti-spyware can completely overcome this infection, but there are tools specific to them: AD-Remover (from C_XX) and Yoog_fix from (Batch_Man).

AD-Remover

• Download Ad-Remover (from C_XX) on the desktop.
• Close all running applications
• Double click the installer and install it in its default location (C: Program files)
• Under XP: Click on the shortcut to launch
• Under Vista: Make a right-click the shortcut created and click "Run as Administrator"
• At the main menu select "S" (Start scan)
• A report will appear after scan the post it on the forum (it is also saved as C: \ Ad-Report-SCAN.log)

Yoog_Fix

• Download Yoog_Fix (from Batch_Man) on the desktop.
• Under XP: Double-click it to launch
• Under Vista: Make right-click on Yoog_Fix.exe and choose "Run as administrator".
• Choose Option 1 (Search / Delete)
• A report will be generated at the end (C:\ Yoog_Fix.txt)
• Post the report on the forum.

MalwareBytes Anti-Malware

• Download and install Malwarebytes' Anti-Malware Anti-Malware
• At the end of the installation, make sure the option "update Malwarebyte's Anti-Malware" is checked
• Run program and let the update process be completed
• Then go to the "Search" tab, check "Run a quick" then "Search"
• At the end of the scan, click on "Show Results"
• Check all items found and click "Remove Selected"
• The report is saved in the Report tab-Log Malwarebytes.
• If you are prompted to restart, accept.
• Post on the forum report appearing after deletion.