Friday, April 29, 2011

Steenkin' Address Bar Search Redirect to urlseek20.vmn.net Cured - Removed Visicom_antiphishing.exe from start-up, Uninstalled

Recently I noticed that my FireFox browser wasn't allowing me to search from the address bar.  Instead of returning the Google results it used to, I was getting this damned web page with a Yahoo search bar at the bottom.  Address of the URL was: http://urlsekk20.vmn.net.  I hate anything "configuring" my very customized system for me, so I set about trying to determine what was causing it.

First I did the ol' About:Config thing in FireFox's address bar & everything looked good there.

Next I went to recently installed items, & removed a few that I suspected might cause it, rebooted, & had the same results.  I also removed some toolbars that re-appeared recently from a recent install (even though I am careful to choose "No" to extraneous installs & always do a custom install).  Still no go.  So, no recent installs or toolbars were the culprit.

Finally I looked under Run>MSCONFIG>Startup tab, & began removing suspicious or un-needed entries.  I only had 6 or so entries, so I removed all but security related items.  Still no go.

Finally, I removed one "security-related" looking entry that I don't recall ever installing.  It was called Visicom_antiphishing.exe.  Supposedly, this somehow utilizes lists of phishing websites maintained by Panda, which I don't use.  Also, I don't use anti-phishing software, just A/V & anti-malware (not at all related to Panda or Visicom).  I unchecked it from start-up & rebooted.  Well, wouldn't you know, the problem went away.  I typed a word into the address bar & Google search results came up!  Yay!

What is interesting is that research indicates this URL20.vmn.net is considered malware, but from what I could see superficially in my searches on Visicom Anti-phishing Domain Advisor, it looks like it's a legit application.  I wonder if it somehow became compromised?

Needless to say, I uninstalled Visicom Anti-phishing Domain Advisor, then did a registry search for any left-over entries.

This affected both IE 8.0 & FireFox.  Both were fixed by removing the Visicom anti-phishing software.