Threat Descriptions

Adware.MailRu

Classification

Category :

Adware

Type :

Adware

Platform :

W32

Aliases :

Adware.MailRu.[variant]

Summary

On installation, the MailRuSputnik HomeSearch browser extension program changes the web browser's default search address and homepage. It may also add additional extensions to the browser.

Removal

Once detected, the block it from running and prompt you for a desired action.

Exclude a file from scanning

If you are aware of and accept the potential risk associated with this program, you can configure the F-Secure security product to exclude it from further scanning.

Manual removal

Caution: Manual removal is a risky process; it is recommended only for advanced users. Otherwise, please seek professional technical assistance.

You may elect to manually remove MailRu from your device. To do so:

1. Search for and delete any files related to MailRuSputnik: 

Folder name: Mail.Ru
File path: C:\ProgramData
File name: MailRu.ico
File name: GoMailRu.ico
File path: C:\Users\JohnDoe\AppData\Local\Temp

Folder name: Mail.Ru 
File path: C:\Users\JohnDoe\AppData\Local\

Note: In the Folder Options, check the 'Show hidden files and folders' checkbox to see all available files.

2. Search for and delete any registry keys related to MailRu: 

HKU\S-1-5-21-1072731932-1066792346-1760298823-1000\SOFTWARE\Mail.Ru
HKCU\SOFTWARE\Mail.Ru

3. Finally, remove the MailRu module from your web browser. Consult the relevant documentation for your web browser and browser version for instructions on how to remove an extension.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

MailRuSputnik HomeSearch is a program that adds supplementary functionality to a web browser (also known as a Browser Helper Object, extension or add-on, depending on the browser in question).

It is typically distributed bundled with a legitimate program, alongside other such optional third-party software. As with most such programs, they may be unintentionally installed together with the desired main program.

On installation, the program is added to the web browser:

Adware.MailRu added as a BHO

It will modify the web browser settings for the search address:

Adware.MailRu alters the default search address

It may also alter the user's set homepage to display a page that looks similar to the legitimate MSN or Yahoo! pages, but contains more advertisements or sponsored links.