HEUR:Trojan.OSX.Vsrch.a and Browser Hijacking, How to Remove?

What Is HEUR:Trojan.OSX.Vsrch.a?

HEUR:Trojan.OSX.Vsrch.a is categorized as a Trojan horse but with additional capabilities. “HEUR” indicates that the Trojan horse mainly gives rise to browser problems. As what anti-virus program detected, “/users/[user name]/Library/Internet Plug-Ins/ConduitNpapiplugin.plugin/Contents/[OS]/ConduitNPAPIPlugin” is reported as HEUR:Trojan.OSX.Vsrch.a. It is obvious that the web applications produced by conduit search have been taken advantage by the HEUR Trojan horse.
 

HEUR:Trojan.OSX.Vsrch.a Payloads

By reading HEUR:Trojan.OSX.Vsrch.a’s payload, victims will get to know:

• Why anti-virus programs are not able to remove HEUR:Trojan.OSX.Vsrch.a?
• Why certain level of computer skills and virus knowledge are required to carry out manual removal steps?
• Why more infections will be anticipated after the attack by HEUR:Trojan.OSX.Vsrch.a?

HEUR:Trojan.OSX.Vsrch.a is a smart one, when being taken onto a machine, its vicious file will be released to %Temp% directory and display itself as executable file with the name similar to normal applications, such as skypee~1.EXE. Next, the executable file will copy itself to %SystemRoot%\system32\system.exe to perform download and generate dll files with random name in the process under %SystemRoot%\system32\.

Some of the generated dll files will then release its driver files ended with “.sys” under %SystemDriver% so as to create the service accordingly. By doing so, HEUR:Trojan.OSX.Vsrch.a becomes capable of obtaining SSDT  address and restore it to inject all the currently running processes including the ones related to security service/program and defense. As a consequence, all the installed/build-in security will be compromised when some services are disabled and some programs are shut down by force.

Mutex will be generated in DataBase during the process to ensure automatic running, adding the value called “C:\WINDOWS\system32\system.exe” there which is quite confusing to the victims without rich computer skills and virus knowledge. Finally, HEUR:Trojan.OSX.Vsrch.a copy the system file “wininet.dll” to %Temp% in order to get the correlation function so that the Trojan horse can download vicious Trojan files onto the target machine periodically.

It is thus recommended to remove HEUR:Trojan.OSX.Vsrch.a as soon as possible before more unexpected issues are incurred. Follow the below steps to help yourself. In the event that you are not clear about the steps or overwhelmed by some unexpected issues, please start a live chat window with senior technicians from VilmaTech Online Support.

 

Expert Shows How to Remove HEUR:Trojan.OSX.Vsrch.a

A
Brings up Task Manager to end the processes with the path directing to HEUR:Trojan.OSX.Vsrch.a’s location.

Windows 7/XP/Vista

1. Press down Ctrl,Alt and Delete key together to bring up Task Manager.
2. Hit its View tab to choose “Select Columns” so as to check “Image Path Name” and PID.
   
3. Full path name of programs will be displayed.
4. Track the suspicious ones that are related to HEUR:Trojan.OSX.Vsrch.a and end them.

 
Windows 8

1. Enable Charms bar by hovering mouse to the edge of Start Screen and type ‘Task’.
2. Hit Enter key to select Task Manager.
3. Hit on View tab to choose “Select Columns” so as to check “Image Path Name” and PID.
4. Track the suspicious ones that are related to HEUR:Trojan.OSX.Vsrch.a and end them.

 
 
B
Access Running Tasks and System Services to disable the service directing to HEUR:Trojan.OSX.Vsrch.a’s location and the ones you don’t know about.
(tip: you are allowed to remove the unknown services on condition that you are well equipped with computer knowledge and skills)

1. access Running Tasks.

Windows7/vista/XP

1. Access Start Menu to select All Programs for Accessories.
2. Click open System Tools to choose System Information.
3. After that, please expand Software Environment and choose Running Tasks.
4. You will now see the path for each service and program in the right pane.
5. Track the suspicious ones that are related to HEUR:Trojan.OSX.Vsrch.a and end them.
   

 
Windows 8

1. Select All Apps from the Start Screen to choose Accessories.
   
2. Click open System Tools to choose System Information.
3. After that, please expand Software Environment and choose Running Tasks.
4. You will now see the path for each service and program in the right pane.
5. Track the suspicious ones that are related to HEUR:Trojan.OSX.Vsrch.a and end them.

 
2. access System Services.

Windows7/vista/XP

1. Hold Win key and R key at once to type “services.msc” in the pop-up text box.
   
2. Hit Enter key to enable the services window.
3. Remove/disable the service you found in “Running Tasks”.

 
Windows 8

1. Open Windows Explorer from Start screen.
2. Access Administrative tools.
3. Double click on Services icon and remove/disable the service you found in “Running Tasks”.

 
 
C
Show hidden items to remove the ones related to HEUR:Trojan.OSX.Vsrch.a.

Windows 7/XP/Vista

1. Access ‘Control Panel’ from Start menu and click open “user accounts and family safety”.
2. Please then double click on ‘Folder Options’ and hit on its View tab.
   
3. Tick ‘Show hidden files and folders’ and non-tick ‘Hide protected operating system files (Recommended)’.
4. Press on ‘OK’ button to confirm the change.

 
Windows 8

1. Open Windows Explorer on Start screen and browse to View tab.
2. Check ‘File name extensions’ and ‘Hidden items’ options.
3. Press on ‘OK’ button to confirm the change.
   

1. navigate to the following listed directories respectively and remove the ones created on the day when HEUR:Trojan.OSX.Vsrch.a was firstly found according to the installed anti-virus program.

C:\Windows
C:\Windows\System32
C:\windows\winstart.bat
C:\windows\wininit.ini
C:\windows\Autoexec.bat
C:\Users\[your username]\Documents\
C:\users\user\appdata\local\
C:\Program Files\

 
2. Remove all Temp files.

1. Use Win+R key combination to get Run box again.
2. Type “%Temp%” and hit Enter key will get all the temp files.
3. Please remove them all.

 
 
D
Reset browsers to eradicate the items generated by HEUR:Trojan.OSX.Vsrch.a in browser settings.

Internet Explorer

1. Click on the Tools menu and then select Internet Options.
2. In the Internet Options window click on the Advanced tab.
3. Then click on the Restore Defaults button and then press OK.
   

 
Firefox

1. Click on the Firefox button to select Help.
2. Then choose Troubleshooting information.
3. A new window pops up with a box containing ‘Reset Firefox’ button on the left uppers corner of the web page:
4. Click on it to reset the browser.
   

Google Chrome

1. Hit on ‘Customize and Control Google Chrome’ menu to select ‘Options’.
2. Navigate to ‘Under the Hood’ tab to press on ‘Reset to Defaults’ button.
   

 
 
E
access system configuration to disable any unknown and redundant startup items.

Windows 7/XP/Vista

1. Press down Win key and R key together to put in ‘MSCONFIG’.
2. Hit Enter key will bring you to system configuration window.
3. Then tap its Startup tab.
4. Disable/end the ones you don’t know and the redundant ones.
   

 
Windows 8

1. Use Ctrl+Shift+Esc key combination to get Task Manager.
2. Hit on its Startup tab and disable/end the ones you don’t know and the redundant ones.
   

 
 

HEUR:Trojan.OSX.Vsrch.a Summary Plus

If one unfortunately get harassed by HEUR:Trojan.OSX.Vsrch.a, one may very well suffer from the following listed troubles:

• Browser hijacking/redirecting happens to ruin surfing experience.
• More unknown items are found in local disk as well as browser settings.
• The overall PC performance will be considerably degraded when multiple and unknown processes running in the background.
• It is easy for the machine to get extremely hot when running more services simultaneously to cause freezes and sometimes errors or malfunctions.
• Additional virus can be detected after getting held hostage by HEUR:Trojan.OSX.Vsrch.a.

 

How HEUR:Trojan.OSX.Vsrch.a Spreads?

Drive-by download has been the widest adopted dissemination routine in the virus world, HEUR:Trojan.OSX.Vsrch.a has been found by VilmaTech Online Support to be bundled with some fake anti-virus program or online applications. It can also be downloaded by Trojan downloader. Being a Trojan horse, HEUR:Trojan.OSX.Vsrch.a is capable of attacking vulnerability/loophole within a system or taking advantage of the backdoor program of some loosely built applications.
 

How to Prevent HEUR:Trojan.OSX.Vsrch.a?

• The precautions offered here are made according to the way HEUR:Trojan.OSX.Vsrch.a spreads. Take a glance at the below list to make yourself informed:
• Install and regularly update genuine and powerful anti-virus programs, Firewall and programs providing Internet security aids.
• Run computer-friendly applications to repair bugs and errors.
• No visit to unknown websites and no casual trial of the latest products before careful examination.
• Never accept suspicious files through instant messages.
• Set the Security Level of instant chat tools as high.
• Use “Custom” installation method when installing a third-party program.
• Seldom use freeware/ shareware.
• Download and update programs from official web sites rather than random messages pop up from nowhere.

 

HEUR:Trojan.OSX.Vsrch.a Removal Tip

It is advisable to check for if one gets additional virus if HEUR:Trojan.OSX.Vsrch.a has cost you quite a while to find an effective solution. If you locate any, please either go to VilmaTech virus reservoir for corresponding solution or get quick fix by contacting security assistance from Global PC Support Center. What’s more,  defrag disk is also recommended to optimize the PC performance. Here’s the video to show how:

 

Published & last updated on May 14, 2014 by Erik V. Miller