Snap.do

What is Snap.do?

Snap.do is another common browser hijacker that spreads widely around the web. Snap.do uninstall is mandatory just like with any other hijacker of this kind. Unsuspected users get infected and have trouble with the removal of Snap.do. This particular infection is developed by Restoft.ltd and is allegedly used by more than 100.000 users daily. There is no way to prove or disprove these number, but the issue here is that Snap.do is  mostly used by the users that have no intention of doing so. This is because the malicious software got on their computer without their knowledge or lack of interest in their installation processes. Snap.do might be considered a browser helper object or in other words a browser plug-in, but the truth is that it only caries malicious traits that are in no way desired by the user. Delete Snap.do immediately  as this infection might be a gateway to something even more serious e.g. backdoor Trojan, botnet and other various infections that you don’t want to have on your system! 100% FREE spyware scan and
tested removal of Snap.do*

Where does Snap.do come from?

As mentioned Snap.do was developed by Resoft.ltd a company that is considered to be quite shady. Getting Snap.do form the official vendor (www.snap.do) is a possibility. The website even provides a removal guide, but in reality removal provided in the vendors website does not delete Snap.do entirely. It leaves traces all around the system. Anyway, Snap.do spreads in various ways, thus the direct download is not the only way to get it. One of the most common ways to get the infection is a download of bundled software. Downloading software from third-party vendors is always risky, as you may never know what is bundled with the software that you might want. Bundling is a kind of advertising/marketing technique that allows various vendors to share customers with each other. Thus bundles often give a chance of visibly for small vendors, for a certain price of course. For instance, Snap.do being bundled with any of CNET products means that Snap.do will reach a wider audience. In order to generate more money third-party vendors (these might include CNET, Softpedia, Softonics etc.) agree to bundle their various products with something like Snap.do. Thus you always have to be very careful about everything that you install on your system, the best way to prevent infections is to read everything on the page, and never skim through installation,  these are the main reasons of users getting infected. Also a common way of infecting the system is pop-up windows that mostly appear on dubious websites mimicking various updates. The most popular fake pop-up update is a mimic of Adobe Flash update. This is due to the fact that a lot of internet users use this plug-in within their systems. Also the vulnerabilities within the Flash system are another cause why cyber criminals choose to exploit this particular application. But you should always be careful what you click on various websites as even one click could open up your system for the infection. Adobe releases security updates every month, so check the official website for updates.  Although in decline, the suspicious email attachment is also a possibility to get infected, thus downloading any attachment might always be a risk, best way to prevent this is limiting yourself to opening and downloading attachments from known senders/contacts only. Safe browsing, and a proper anti-malware tools will prevent you from infections like Snap.do, and you will be able to avoid and spare time that you waste on removal of Snap.do

What does Snap.do do?

Snap.do just like so many other hijackers posses mainly the same traits. Once the user is infected quite a few settings within the browser are altered. Much like any other hijacker Snap.do alter the users homepage/new tab page/start page and change the default search engine within the browser. All of these changes will redirect user to either search.snapdo.com or search.snap.do. Despite all of these symptoms Resoft.ltd does something much more intrusive concerning the user. While installing a Resoft.ltd software user permits this company to gather personal information about the users. In the official site vendors state:

"The User agrees that these policies apply to this Agreement and are incorporated herein as an integral part thereof, the provision of Resoft Services and the information User provides through use of the Resoft Services.User understands that through your use of the Resoft Services it consents to the collection and use (as set forth in the applicable privacy policy) of certain personal information."

Also user agrees to be redirected to websites with adult/mature content:

"Certain Resoft Services may contain or direct User to adult or mature content, and You must be at least 18 years of age to access and view same."

These particular websites are like a holy grail for infections, because they are full of malicious pop-ups, various malicious redirections, that causes other infectionsFor instance, clicking on a dubious pop-up might allow an infection to enter your system. User might be redirected to any kind of fake website e.g. a website mimicking Facebook, thus by entering your account details you basically provide them to cyber criminals. Furthermore, the user agrees to be flooded with adverts targeted particularly to him, this is possible because Snap.do gathers search information, and various browsing habits of the user. Basically the user is exposed by having this infection. Certain personal information that is in the open might include some of the most sensitive data e.g. social security numbers, email accounts etc. Along with the mentioned symptoms Snap.do often might install a plug-in called General Crawler that has records showing of being a backdoor to your system that enables the re-installation of Snap.do and associated applications. And that’s not the worst thing that can happen while you have a backdoor on your system. Having a backdoor on your systems means that it is left open at all times to the criminals that can manipulate your system, more and more infections are probably what’s going to happen. Also your system is open for gathering sensitive data. These are the reason why uninstalling Snap.do is needed immediately!

Screens:

How to remove Snap.do?

A timely removal of Snap.do is important as it may cause more damage to the systems otherwise. Deleting Snap.do can be a bothersome and time consuming process, but if done right it will free your computer from this parasite. Manual removal provided in this article will clean up your system, but using a professional Anti-Spyware tool is recommended, because there is always a chance of human error. So please rescan your system after you’ve completed the steps provided below to see if you’ve missed something.

1: Remove Snap.do from Control Panel

Click on the >Windows start button and open the Control Panel. Select Uninstall a Program form the list.Now the list of applications on your system will appear, select Snap.do and remove it

Screens:


2: Remove Snap.do from Google Chrome

Open up your browser and get into the Settings menu, then select the Extensions subcategory and remove the extensions added by Snap.do

Screens:

Now select the Settings subcategory ad in the Appearance section check Show Home button. Now click on Change. In the pop-up window enter the website that you wish to be your home page.

Screens:

Scroll down a little bit and you’ll see the Search section, click on Manage Search engines. Remove the Web Search that was added by Snap.do and select a new default search engine.

Screens:

You can reset your browser setting if you want so by clicking on Show advanced settings, scroll down and at the bottom you’ll see a Reset button, just click on it if you wish to reset Chrome entirely.

Screens:

3: Remove Snap.do from Firefox

Jus like in Google Chrome we’ll first remove the extension added by Snap.do. So open up your browser and click on Firefox button and then select Add-ons. In the windows select Extensions and remove Snap.do from the list.

Screens:

Now in the same manner open the Options tab. In the window that will appear select the General from the above page and change the home page to a website of your choice.

Screens:

Now we’ll remove Web Search engine that was added by Snap.do. On the right side of yor browser in the search section click on the icon of search engine, a list of option will drop down. Select Manage Search engines. In the window that will open select Web Search and remove it, now select a new default search engine for your browser.

Screens:

Just like Google Chrome, you can reset the setting on Firefox as well. Once again click on the Firefox button and select Help, finally click on Troubleshooting Information. An window will appear and you’ll see a button Reset that will allow you to reset the settings within Firefox.

Screens:

4: Remove Snap.do from Internet Explorer

Removing Snap.do from internet Explorer is really similar as it was with Chrome of Firefox. Open up the browser and click on Tools then select Manage Add-ons. From the Toolbars and Extensions section remove everything associated with Snap.do

Screens:

Now in the same window select Search Providers, Remove Web Search from the list. This will allow you to change the default search engine from Web Search that was added by Snap.do to whichever search engine you like. Remove Web Search from the list

Screens:

Now once again click on Tools, but now select Internet Options. In this menu you will be able to alter your home page to the one of your choice.

Screens:

It is also possible to reset the setting of Internet Explorer, if you do choose to do so just select Advanced  section within the Internet Options window and click on Reset button.

Screens:

4: Cleaning p windows registry.

A detailed log of registry keys and values that need to be removed or tweaked is provided at the bottom of this article. So click on windows start button and type in regedit, hit enter and the windows registry editor will appear. Use it to navigate and find the registry entries that need to be altered.

Screens:

5: Cleaning up the windows file/folder system

Along with the list of registry entires I provide a detailed list of folder/files that need to be removed in order to ensure a total removal of Snap.do infection. This can be done quite simply with no expertise at all

100% FREE spyware scan and
tested removal of Snap.do*
QR Code

Stop these Snap.do Processes:

imgianttoolbar01.exe
snapinstaller.exe
snaper.exe
Toolbar136.exe
%Windir%/System32/[RANDOM].exe
snaper[1].exe

Remove these Snap.do Files:

c:\Documents and Settings\User\AppData\Roaming\Microsoft\Installer\{6FA71142-5ECD-460E-9490-43F48580BB44}\ (folder) remove
snaper.exe
c:\Users\User\AppData\Local\\Google\Chrome\User Data\Default\Web Data (file) remove
c:\Documents and Settings\User\AppData\Local\Application Data\Smartbar\ (folder) remove
snapinstaller.exe
c:\Documents and Settings\User\AppData\Roaming\Mozilla\Firefox\Profiles\z7vwelbu.default\searchplugins\Web Search.xml (file) remove
snapbar.dll
snaper[1].exe
%Windir%/System32/[RANDOM].exe
imgianttoolbar01.exe
desktoptoolbarhelper.16.1159819979.dll
c:\Documents and Settings\User\AppData\Roaming\Mozilla\Firefox\Profiles\z7vwelbu.default\extensions\{acadd8b1-9f33-6b27-b485-42c6a276836c}\ (folder) remove
snap desktop toolbar.lnk
c:\Users\User\AppData\Local\\Google\Chrome\User Data\Default\Preferences (file) remove
c:\Users\User\AppData\Local\Temp\Smartbar (folder) remove
%PROGRAM_FILES%\[RANDOM]
Toolbar136.exe

Remove these Snap.do Registry Entries:

HKEY_CURRENT_USER\Software\SmartbarLog\ (key) remove
HKEY_CLASSES_ROOT\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (key) remove
SoftwareMicrosoftInternet ExplorerSearchScopes{006ee092-9658-4fd6-bd8e-a21a348e59f5}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope (value) remove
HKEY_CLASSES_ROOT\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\ (key) remove
HKEY_CLASSES_ROOT\IESmartBar.SmartbarMenuForm\ (key) remove
HKEY_CURRENT_USER\Software\Smartbar\ (key) remove
HKEY_CLASSES_ROOT\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (key) remove
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (value) remove
HKEY_CLASSES_ROOT\IESmartBar.SmartbarDisplayState\ (key) remove
HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\ (key) remove
HKEY_LOCAL_MACHINE\Software\ Snap.do
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar (value) tweak
HKEY_CLASSES_ROOT\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\ (key) remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Smartbar_RASMANCS (key) remove
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl (value) tweak
HKEY_CLASSES_ROOT\IESmartBar.BHO\ (key) remove
HKEY_CLASSES_ROOT\IESmartBar.BandObjectAttribute\ (key) remove
HKEY_CLASSES_ROOT\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\ (key) remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS\ (key) remove
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Browser Infrastructure Helper (value) remove
HKEY_CURRENT_USER\Software\SmartbarBackup\ (key) remove
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page (value) tweak
HKEY_CLASSES_ROOT\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\ (key) remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Smartbar_RASAPI32 (key) remove
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\24117AF6DCE5E0644909344F5808BB44\ (key) remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} (key) remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} (value) remove
HKEY_CLASSES_ROOT\IESmartBar.IESmartBarBandObject\ (key) remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32\ (key) remove
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ (key) remove
HKEY_CLASSES_ROOT\IESmartBar.DockingPanel\ (key) remove
HKEY_CLASSES_ROOT\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\ (key) remove
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\Default_Search_URL (value) tweak
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Upgradecodes\5E8031606EB60A64C882918F8FF38DD4 (key) remove
HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ (key) remove
HKEY_CLASSES_ROOT\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (key) remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\Default (value) tweak
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (value) tweak
HKEY_CLASSES_ROOT\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (key) remove
HKEY_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Internet HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6FA71142-5ECD-460E-9490-43F48580BB44}\ (key) remove
HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 (key) remove
HKEY_CLASSES_ROOT\IESmartBar.IESmartBar\ (key) remove
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant (value) tweak
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\24117AF6DCE5E0644909344F5808BB44 (key) remove
HKEY_CLASSES_ROOT\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}\ (key) remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} (key) remove
HKEY_CLASSES_ROOT\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}\ (key) remove
HKEY_CLASSES_ROOT\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\ (key) remove
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *