Remove Yeabd66.cc / Moosjs.cn (TopYea) Fake Search Browser Virus
Yeabd66.cc or Moosjs.cn is a browser hijacker virus which changes the homepage of your browsers to its own domains. It changes the browser shortcuts so every time you open your internet browser a malicious search engine full of advertisements will open. The virus hides deep in Windows system and comes back even if you remove suspicious extensions or change the shortcuts.
The malicious homepages are full of advertisements and usually include a search field redirecting to Google custom search. The main purpose of this virus is to earn money for the creator by generating traffic to the advertisements from the hijacked browsers. Even though some of the advertisements may be from legitimate networks, it could also include malicious links leading to further infections. Also, the search engine monitors your browsing activity, history and related data.
This hijacker takes control of your browser settings, impairs your browsing experience and tracks your activity. Therefore, you should remove it as soon as possible. We have an automatic removal and protection tool. It will remove the threat and secure your computer from any viruses in the future. You can also find a manual removal guide below. Use the guide only if you feel confident in editing Windows system settings.
Recommended Method: Download Browser Hijacker Virus Removal Tool
What is yeabd66.cc / moosjs.cn browser hijacker?
The main purpose of this hijacker is to replace the homepages of your browsers (including Chrome, Firefox, Opera, Internet Explorer, Microsoft Edge and more) and drive traffic to the creator’s websites. The websites are disguised as search engines although they just include custom Google Search and do not have real search functions themselves. Such hijackers usually generate revenue for the creators from advertisement views and clicks. Sometimes malicious homepages also promote other viruses by suggesting various updates and displaying warnings as well as redirecting to infected links.
Here are several websites belonging to the virus creators:
yeabd66.cc yeabests.cc yeabests.top moosjs.cn
This malware focuses on modifying the shortcuts of your browsers so you will see the annoying advertisements reappear even if you remove all suspicious extensions or reset the browser settings. It is designed to be hidden deeply in the Windows system so you would not be able to remove it easily. The virus usually has a scheduled VBScript that modifies the shortcuts and makes it come back in case a user decides to remove it. After infection the virus destroys itself and only leaves the scheduled task. This means that there is no infected file on the system and it is harder to detect and remove the hijacker.
The following browsers are targeted by the virus:
Internet Explorer Chrome Firefox 360 Chrome Sogou Explorer Opera Safari Maxthon QQ Browser Baidu Browser TheWorld Browser Liebao Tencent Traveler
The most common way to get infected with this virus is by installing a program that has yeabd66.cc / moosjs.cn hijacker bundled with it. Skipping the installation steps and neglecting to uncheck any “install additional software” fields can result in getting this adware even if you were installing a potentially harmless program. Other ways of getting infected include opening spam email attachments or other suspicious files, downloading illegal torrents, cracks and other software from unverified providers.
You should remove this adware in order to prevent spying on your browsing activity as well as to restore the browsing experience impaired by this virus. It is possible to curb this threat by following our manual guide, however, we recommend the automatic tool as it will also protect from any further infections as well. You will also be able to contact the removal tool support team and ask for manual removal help in case it has problems detecting the threat.
Here are some screenshots of the browser hijacker websites. Sometimes the websites are down and display errors or redirect to other pages:
Manual Removal Instructions:
NB: Manual removal does not guarantee that this or any other threat will not come back in the future. You need to properly secure your machine even if you successfully remove the virus and the symptoms are gone. Use the tool provided at the top of this page to protect your machine from future infections.
Bookmark or print out this page before proceeding further. You can also open it on a separate device while working on the removal. This will guarantee that you will be able to come back after a browser or computer restart.
► Step 1:
Remove the infections source from Windows Management Instrumentations.
Start by searching for “cmd” in Windows search.
Right-click on cmd.exe (command prompt) and choose to “Run as administrator“.
Enter the following in the newly opened black window:
Windows Management Instrumentations will launch.
There is also an alternative quicker way to launch Windows Management Instrumentations but sometimes it does not give you the right permissions:
Hold Windows () key and click R key.
Enter the following in the field:
Windows Management Instrumentation Tester tool will open in a new window.
When Windows Management Instrumentations launches:
In the Namespace field input the following:
Now all buttons will be enabled.
Click Open Class…
A window with an input field will open. Enter the following:
Click Instances when another window opens.
You should see a list of ActiveScriptEventConsumer Instances.
The malicious one is usually listed as follows:
Select this entry and click Delete in order to remove it.
► Step 2:
Delete the shortcuts for all browsers on your computer as they have been changed by the virus. Browser hijacker includes its own website in “Target” field.
The virus modifies browser shortcuts in the following locations:
C:\Users\Public\Desktop C:\ProgramData\Microsoft\Windows\Start Menu C:\ProgramData\Microsoft\Windows\Start Menu\Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup C:\Users\User\Desktop C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup C:\Users\User\AppData\Roaming\Roaming C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
Recreate all browser shortcuts again in order to have clean launch.
Alternatively, you can click Properties on each of the shortcuts and remove any additions made to the Target field by the virus.
After removing browser hijacker
Even though the virus has been removed you should still secure your computer with a proper antivirus software in order to prevent future attacks. Also, avoid installing suspicious programs and always follow the installation steps carefully in order not to skip removal options for any additional unwanted programs.