Remove “Funny Collection” (fanli90.cn/qtipr.com) Browser Virus

Fanli90.cn or Qtipr.com is a browser hijacker which displays random advertisements across the pages you browse. It also installs unwanted browser extensions with permissions to “read and change all your data on the websites you visit” and changes the homepage. The browser settings are modified and the default search engines could be replaced as well. Even if you remove the unwanted extensions they reappear after a while and the homepage gets changed back. This is because the virus hides deeper than just in the browser extensions and you need to remove the program which modifies your browser first.

The virus is mainly designed to drive profits to its creators by generating traffic to their websites and advertisements. Most of the advertisements are from legitimate networks but the method of getting visitors by employing hijacked browsers is a criminal activity. Some advertisements might be malicious as well and lead to further infections. Finally, since the virus gains complete control of your browser it might steal your personal data including logins and passwords.

You should remove this adware as soon as possible. Meanwhile, refrain from using your browsers while the infection is still present in order to avoid revealing your presonal data. We recommend using the automatic removal tool listed below for quick and easy removal. It will also clean and protect your computer from any other possible infections. Alternatively, you can use our manual removal guide if you have experience in editing important Windows files and system settings.


Recommended Method: Download Browser Hijacker Virus Removal Tool

Version:   All Updated:   2 days ago Compatible OS:   All
This is the most suitable program for automatically removing the threat and repairing your PC.
Works with: Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP. Read instructions here
File name Size
mb3-setup.exe 56.5 MB

Click here to download alternative tool

What is fanli90.cn / qtipr.com browser hijacker?

This virus has several websites that are set as unwanted homepages. Most popular ones are fanli90.cn and qtipr.com. The websites usually have a title “Funny Collection”, yellow color scheme and have some text content and a lot of advertisements. This adware mainly targets Google Chrome but can affect Mozilla Firefox, Internet Explorer and Microsoft Edge as well.

The websites are displayed each time you launch your browser or you are redirected to them automatically. However, the adware can also modify the content of legitimate websites and display virus creator’s advertisements and in-text links there as well. You can also start seeing a completely different search engine and other modifications being made to your browser since the adware gains complete control of it. Malicious extensions and addons are usually employed to modify your browser. However, even if you track down and remove such extensions (for example, Easychrome) the virus usually comes back as it has a backup program installed deeper in the Windows system.

The virus is usually distributed bundled with other free programs. If you skip the installation steps by clicking “Next” while installing various programs you might end up with this threat infiltrating your computer as a separate program. The presence of this adware usually slows down your machine and browsing experience. Therefore, if you have just installed a program and see the symptoms described above as well as the computer feels slower in general, you most likely have received a browser hijacker that has been bundled with the legitimate software.

You should stop using your browsers as soon as you see detect the activity of this adware. Even though the main purpose is simply generating more traffic to the virus creator’s websites, there are more dangerous risks of losing your data underlying. Since the virus gains a complete control to read and modify your browsing data you can end up losing your important personal information including your login credentials. Remove the threat first before continuing to use your browsers normally.

We have prepared a manual removal guide below if you are experienced in editing Windows system files and settings. However, we recommend choosing the automatic removal tool listed at the top of this page. This way you will be sure that the threat is not only removed correctly but will not come back in the future since the tool also offers protection from various viruses and malware.

Here are some screenshots of the virus in action:

     


 Manual Removal Instructions:

NB: The manual removal process requires basic understanding of editing important Windows system files and settings. Make sure you are being careful while removing the threat in order not to affect critical system entries and damage the operating system. We recommend choosing the automatic option instead, listed at the top of this page.

Bookmark or print out this page in order to come back to it after a browser or computer restart. We recommend opening this page on a separate device while you are working on removing the threat.

Step 1:

Restore the old system settings using System Restore. Browser hijackers change many system settings so you need to revert to the old ones first. This automatic way will greatly reduce the work needed in the following steps.

Press and hold Windows () key and click R key.

Enter the following in the field:

rstrui.exe

Click OK.

Click Next.

Check Show more restore points.

If you see any restore points, restore the system. Make sure you select a point that has been created before the infection happened and that is not too old.

It will restore your system settings only and will not affect your files.

If you do not see any restore points the virus might have removed it or they might have never been created. Proceed to the next steps in such case.

Even after you restore the system you will need to perform the following steps in order to completely remove the virus.

Step 2:

Remove any suspicious programs that might contain the virus or act as its main control point.

Start by opening the Programs and Features window:

Press and hold Windows () key and click R key while holding.

Enter the following in the field:

appwiz.cpl

Click OK.

You might have to wait a bit before the list of all programs installed on your PC is loaded.

We recommend sorting the programs by “Installed On” column (simply click on the column name in order to sort by this value).

Look for any recently installed suspicious programs that might contain the virus as a bundle or could be the virus itself. If you have never seen or used an app chances are that it is an unwanted software and should be uninstalled.

Uninstall all suspicious programs by right-clicking on them and choosing Uninstall…

Repeat this process until no more suspicious programs are left.

Step 3:

Clean up Windows temporary files as the virus may operate from this folder.

Removing all temporary files is completely safe for your computer.

Hold Windows () key and click R key.

Enter the following in the field:

%Temp%

Click OK.

Simply select all files and folders displayed in the temporary files directory and delete them permanently by simultaneously pressing CTRL + A and then SHIFT + DELETE.

Step 4:

Check your hosts file for any suspicious IPs that could be inserted by the virus.

Press and hold Windows () key and click R key while holding to open “Run” window.

Enter the following in the field:

notepad %windir%/system32/Drivers/etc/hosts

Click OK.

Your “hosts.ini” file will open in Notepad. If you see any suspicious IP that do not have “#” in front of them you will need to remove it and save the file. Remember to leave 127.0.0.1 localhost entry in the file. Here is an example:

Step 5:

Clean up your registry entries. Be careful not to delete important system entries as this might result in Windows not being able to operate anymore.

Press and hold Windows () key and click R key.

Enter the following in the field:

regedit.exe

Click OK.

Use the folder tree on the left to navigate to this location:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome\

Check if it has any of the following entries listed:

  • HomepageLocation;
  • RestoreOnStartupURLs\1.

Delete these registry entries if you see them.

Search for additional virus entries by pressing keyboard buttons CTRL + F and entering the virus name. Here are some examples:

easychrome
qtipr
fanli

Click Find Next.

Delete any registry entries associated with the virus.

Repeat the search until all entries are cleaned.

Step 6:

Clean up your DNS.

Press and hold Windows () key and click R key.

Enter the following in the field:

ncpa.cpl

Click OK.

It will open your current network adapters list.

Right-click on the one you currently use (unused usually have a red X near them while the active one is usually green).

Choose Properties.

Click on Internet Protocol Version 4 (ICP/IP) (make sure the checkbox is checked near it).

Click Properties.

First, select Obtain DNS server automatically.

Then click Advanced… and go to DNS tab in the newly opened window.

Remove everything from the DNS server addresses, in order of use.

Step 7:

Delete the shortcuts for all browsers on your computer as they might have been changed by the virus. Browser hijacker usually includes its own website in “Target” field and the browser launches it even after you remove the threat.

You will be able to create them again when you completely remove the virus.

Step 8:

IMPORTANT: Now you will have to reset browser settings for each browser individually that you have installed on your computer. Alternativelly, you could simply reinstall them.

 Google Chrome:

Launch the browser and select More Tools, then click Extensions.

Check for any suspicious extensions.

Click Remove From Chrome for each unwanted or suspicious extension (the trashcan icon on the right).

Go to Settings.

Scroll to the very bottom of the settings page and click Show advanced settings…

Scroll to the very bottom again and click Reset settings.

Click Reset.

 Mozilla Firefox:

Launch the browser and go to Add-ons.

Search for any suspicious add-ons and Remove them.

We recommend going to Options (input about:preferences in your address field and press Enter) and clicking Restore to Default near the Home Page field.

Refresh the browser settings by entering the following in the address (URL) field:

about:support

Press Enter.

Click Refresh Firefox… and then click Refresh Firefox again.

 Microsoft Edge:

Since Microsoft Edge is not a separate program and is a core component of Windows 10 you should backup your computer or at least create a Restore Point before continuing.

Navigate to the following folder (where %username is your computer user name):

C:\Users\%username\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe

Clear all contents of the folder. Click CTRL + A to select everything and delete the contents.

Click Start (Windows logo).

Search for Windows PowerShell.

Right-click on the result.

Choose Run as administrator.

Paste the following command:

Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}

Press Enter.

The settings should now be reset to default.

 Internet Explorer:

Press and hold Windows () key and click R key.

Enter the following in the field:

cmd

Click OK.

Enter the following command in the appeared window:

RunDll32.exe InetCpl.cpl,ResetIEtoDefaults

Press Enter.

Check Delete personal settings.

Click Reset.

Alternatively you can run this command to delete all caches and settings:

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351

After removing the virus

When you have finished removing the virus and reverting your browser settings make sure to protect your computer by installing a good antivirus suite that would identify the threats online and in programs you have downloaded. Also, never install suspicious programs and always follow the installation process without skipping any parts to make sure it has nothing bundled in it. Avoid downloading unofficial torrents or other files from P2P networks. We also recommend reading user reviews online if you are unsure about the program you want to install.

2 comments on “Remove “Funny Collection” (fanli90.cn/qtipr.com) Browser Virus


Share your experience with us by leaving a comment!

Leave a comment to tell us about your experience removing this threat!
We can also help you if you run into any problems during the process, just don't hesitate to ask!

Leave a Reply

Your email address will not be published. Required fields are marked *