How to protect your browser and network settings from unwanted applications

Unwanted applications are often installed on your computer when you download torrent clients, extensions, and other software from questionable sites that distribute unlicensed content. These applications aren't viruses, but can negatively affect your online security and browser use. For example, they can slow down your browser, install additional toolbars without user consent, and redirect you to fraudulent, phishing, or advertising pages. For more information, go to "What are the dangers presented by unwanted applications?".

If you have been affected by unwanted programs, use the system cleanup utility. It will check your computer and remove programs that interfere with the browser's functions.

The utility is provided for free and works with all popular Windows browsers.

What are the dangers presented by unwanted applications?

Modified system start parameters (StartPage)

This type of unwanted application modifies the system registry by adding the address of an advertising site that imitates a popular internet service. The address is added to a key that registers legitimate software for Auto-start.

This results in your default browser opening the advertising site every time you restart your computer.

Filter driver that displays undesirable content (Fake NetFilter)

This type of unwanted application takes the form of a filter driver. It intercepts your internet traffic in order to display invasive and offensive ads in your browser, open advertising tabs, redirect you to unwanted sites, and steal your private data.

This type of unwanted application can function regardless of which browser you use, and even when your browser is closed.

Spoofed DNS (Infected DNS)

This type of unwanted application changes your system's DNS settings.

Every time that you open a web page, your browser sends an address request to a DNS server, which then replies with the IP address of the page you're trying to open.

This unwanted application changes which DNS server your system sends address requests to. As consequence, all address requests are then sent to a different server, which will then redirect the user to fraudulent, phishing, or ad pages.

Unwanted hosts file records (Infected Hosts)

The hosts system file, located at C:\Windows\System32\drivers\etc, contains a list of website addresses and their corresponding IP addresses. Malicious applications can insert fraudulent addresses into your hosts file, thus blocking your access to popular sites, redirecting the user to phishing pages, or disabling your browser's security features.

Malicious browser extensions (Unwanted Extensions)

This type of unwanted application installs malicious extensions in your browser without your knowledge. These extensions then open advertising tabs, display invasive and offensive ads, or steal private user data .

Malicious extensions are poorly recognized by anti-virus applications. This is because extensions function within the browser and do not affect the computer's operating system.

It is recommended to only install extensions from the Opera Add-ons and Chrome Web Store catalogs. All extensions offered in these web stores are checked and verified.

Undesirable traffic-modifying application (PBot)

This type of unwanted application starts up every time an infected computer is turned on and tracks which applications the user opens. When the user opens a browser, the unwanted application inserts its code into the browser processes in order to redirect the user to phishing pages, change the default search engine settings, and steal the user's private data.

Modification of browser shortcuts (Infected LNK)

This type of unwanted application modifies the browser launch shortcut by inserting additional parameters (usually, a website address) or launching a different application instead of the browser. This results in the browser opening ad pages every time it starts up.

How to remove unwanted applications

Install the utility
Note. If you are using Yandex Browser, you don't need to download and install the utility. When a security threat is discovered, an Unwanted applications found warning will appear in your browser window. To start the utility, press the Start scan and cleanup button.
  1. To get the system cleanup utility, write to Yandex's support service.
  2. You will receive a reply with a download link for the utility. Follow this link.
  3. Open rescue_tool.exe and press Start.

    By starting the utility, you accept the user agreement.

Start cleanup
  1. In the System cleanup utility window, press the Start scan button.
  2. After the system scan is complete, you will be asked whether you want to remove the unwanted applications that were found.

    To view the list of unwanted applications found during the scan, click on the Scan report link.

    To complete the cleanup process, press the Remove button. You may need to restart your computer in order to completely remove certain applications.

Restart cleanup

If no unwanted applications were found during the scan, or not all applications could be removed, try performing the cleanup again:

  1. To run another scan, press the Restart button.
  2. Allow the utility to make changes to your device.
  3. In the Potentially unwanted applications found window, press Remove.

If a repeat cleanup was unable to remove the unwanted applications, or if none were found, but you're sure that unwanted applications are affecting your computer's security, take a look at what else you can do, or contact support.