Security+Alert+++Remove+SEARCHNU+from+Your+System

In the last newsletter I reported on a problem from a reader who was infected with the FUNMOODS and SEARCHNU infections. I gave steps on how to remove FUNMOODS (which you can read about by clicking here). So to complete the picture, here are the details of how to get rid of SEARCHNU:
 * [[file:///D:/Word/Word/Computer/Lindburgh/Drafts/Wiki%202nd/Security%20Alert.doc#thema2#thema2|**Security Alert: Remove SEARCHNU from Your System**]]
 * 1)  Press [**Windows Key**] + [**R**], type **TASKMGR** and click **OK**.
 * 2)  Click on **Processes**, select any processes called **Searchnu.com** and click **End Process**.
 * 3)  Close the Task Manager.
 * 4)  Click **Start** > **Control Panel** > **Programs and Features** (**Add or Remove Programs** in XP).
 * 5)  Look for any programs with names similar to Searchnu, and if you find any remove them.



Y ou now need to eliminate traces of SEARCHNU from the registry. Before removing the infection, backup your registry following the steps here: https://www.windows-secrets.co.uk/backing-up-registry/ Finally, you need to delete the following files left behind by the infection:
 * 1)  Press [**Windows Key**] + [**R**], type **REGEDIT** and click **OK**.
 * 2)  Navigate to the registry key: **HKEY_CURRENT_USER\​Software\​Microsoft\​Windows\​CurrentVersion\​Run**
 * 3)  Remove the registry value **“.exe”**
 * 4)  Navigate to the registry key: **HKEY_CURRENT_USER\​Software\​Microsoft\​Windows\​CurrentVersion\​Internet Settings**
 * 5)  Double-click on the registry value **CertificateRevocation**, change the Value data field to **1** and click **OK**.
 * 6)  Double-click on the registry value **WarnonBadCertRecving**, change the Value data field to **1** and click **OK**.
 * 7)  Navigate to the registry key: **HKEY_CURRENT_USER\​Software\​Microsoft\​Windows\​CurrentVersion\​Policies\​ActiveDesktop**
 * 8)  Double-click on the registry value **NoChangingWallPaper**, change the Value data field to **0** and click **OK**.
 * 9)  Navigate to the registry key: **HKEY_CURRENT_USER\​Software\​Microsoft\​Internet Explorer\​Download**
 * 10)  Double-click on the registry value **CheckExeSignatures**, change the Value data field to **yes** and click **OK**.
 * 11)  Navigate to the registry key: **HKEY_CURRENT_USER\​Software\​Microsoft\​Windows\​CurrentVersion\​Explorer\​Advanced**
 * 12)  Double-click on the registry value **Hidden**, change the Value data field to **1** and click **OK**.
 * 13)  Double-click on the registry value **ShowSuperHidden**, change the Value data field to **1** and click **OK**.
 * 14)  Exit the Registry Editor.

**Windows 7/Vista:**

%AllUsersProfile%\​~

%AllUsersProfile%\​~r

%AllUsersProfile%\​.dll

%AllUsersProfile%\​.exe

%AllUsersProfile%\​

%AllUsersProfile%\​.exe

%UserProfile%\​Desktop\​Searchnu.com/420.lnk

%UserProfile%\​Start Menu\​Programs\​Searchnu.com/420\​

%UserProfile%\​Start Menu\​Programs\​Searchnu.com/420\​Uninstall Searchnu.com/420.lnk

%UserProfile%\​Start Menu\​Programs\​Searchnu.com/420\​Searchnu.com/420.lnk

**Windows XP:**

%AllUsersProfile%\​Application Data\​~

%AllUsersProfile%\​Application Data\​~r

%AllUsersProfile%\​Application Data\​.dll

%AllUsersProfile%\​Application Data\​.exe

%AllUsersProfile%\​Application Data\​

%AllUsersProfile%\​Application Data\​.exe

%UserProfile%\​Desktop\​Searchnu.com/420.lnk

%UserProfile%\​Start Menu\​Programs\​Searchnu.com/420\​

%UserProfile%\​Start Menu\​Programs\​Searchnu.com/420\​Uninstall Searchnu.com/420.lnk

%UserProfile%\​Start Menu\​Programs\​Searchnu.com/420\​Searchnu.com/420.lnk ||