My career in technology

I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.

The “Internet Security” fake antivirus I talked about in my previous post was not the only recent run-in with malware.  A couple of weeks ago, Funmoods hijacked my wife’s browsers.

Funmoods was only a minor pain to remove, but there were no concrete directions to remove this mild nastyware, so we kept running into little things it left behind.

Funmoods is a malicious browser add-on that resets your home page and redirects all of your internet searches to Funmoods.com.  Want something that will kill your fun mood?  This hijacker is a good candidate.  It is time to return the favor.

UPDATE 1/22/2013:  Reports from readers in the comments indicate that changes have been made to the program since I encountered it nearly a year ago.  While following the steps I took to clear the system will help, readers are reporting that Malwarebytes or other malware removal tool is required to completely remove Funmoods.  Malwarebytes is free (a paid version is also available).  I haven’t used the tool, so I can’t endorse it personally, but it appears that it has a good reputation.

It installs itself on any and all browsers on your system, so you will have to repeat the process several times if you have more than one browser installed.  (I’ve included instructions for IE and Chrome, the two browsers on my wife’s system).

The tasks are:

  1. Uninstall from Windows.
  2. Remove the add-on/extension.
  3. Fix your home page setting.
  4. Fix your default search setting.

First you need to uninstall it from Windows.  Go To Control Panel >> Programs >> Uninstall a program.  Find Funmoods, and uninstall it.

Then you need to fix each browser.   To remove the add-on, in Internet Explorer, go to Tools, Enable Add-ons, Enable or Disable Add-ons.  Find Funmoods and remove.  In Chrome, uninstall the extension to remove it completely from the browser:

  1. Click the wrench icon on the browser toolbar.
  2. Click Tools.
  3. Select Extensions.
  4. Click Uninstall for the extension you’d like to completely remove.

Next you need to reset you home page back to your prior choices.  In IE, click the drop arrow next to the Home icon, and choose Add or Change Home Page.  In Chrome,

  1. Click the wrench icon on the browser toolbar.
  2. Select Options
  3. Click the Basics tab.
  4. Set your home page
    Pick the page you’d like to be your home page in the “Home page” section. You can select to use the New Tab page as your home page. To use another page, select “Open this page” and enter the web address of the page you’d like to use.

Then you need to reset your search provider.

Instructions for IE

  1. In Internet Explorer, click the arrow to the right of the search box.

    Internet Explorer 8 search box
  2. Do one of the following:
    • In Internet Explorer 8, click Manage Search Providers.
    • In Internet Explorer 7, click Change Search Defaults.
  3. Do one of the following:
    • In Internet Explorer 8, click the search provider you would like to set as the default, click Set as default, and then click Close.
    • In Internet Explorer 7, click the search provider you would like to set as the default, click Set Default, and then click OK.

Set your default search engine in Chrome

  1. Click the wrench icon on the browser toolbar.
  2. Select Options (Preferences on Mac and Linux; Settingson a Chromebook).
  3. Click the Basics tab and find the “Search” section.
  4. Select the search engine you want to use from the menu. If the search engine you want to use doesn’t appear in the menu, click Manage search engines.
  5. In the Search Engines dialog that appears, select the search engine that you’d like to use from the list.
  6. Click the Make Default button that appears in the row.

Funmoods should now be gone and that should put you in a better mood.

It did for me!

UPDATE: There are a number of great tips in the comments below, especially by Shelby and Jean (the response to Jean has some screenshots with it) to deal with some new wrinkles the malware has added. Scrooll down and check them out if the instructions above haven’t fully solved your problem!

Death to viruses, trojans, and spyware! Death to malware!

Jim Adcock makes a living as a SharePoint Administrator, and makes a difference as Vice President of Launch Pad Job Club, an organization in Austin, Texas, whose mission is help people who have lost their jobs to get the skills they need to land their next job, and to help them cope with the interim between jobs. Check out his career-related posts or check out some of the other content on the site.

About these ads

Comments on: "Death to Malware: Killing Your Funmoods" (83)

  1. Roderick Gadson said:

    I would like to cancel my funmoods subscription

    • Please do! Browser hijacking is a slimy, underhanded, scummy tactic and it should not be tolerated.

      Follow the instructions in the post, and you should be in a better mood.

      (Yes, I’m going to keep milking the “better mood” thing long beyond its ability to cause a chuckle.)

      Feel free to let me know if the solution presented does not resolve your Funmoods problem, and I’ll do what I can. (I can’t be held responsible for any other mood you might have, though.)

      • Kathryn Fisher said:

        Jim I am a widow woman and I cannot do this “funmoods” removal thing. I have IE and Mozilla Firefox. this thing showed up on my chat box in facebook this morning and I have no idea how it got there. I have read everything called hotlines that told me I could not remove it and it had to go into professional shop. It is not listed in programs in control panel and there is nothing in extentions in my firefox. My blood pressure is rising and I’ve been at this for hours. I’ve even searched for each string individually with no results. I went to funmoods site and clicked on uninstall and nothing. I sent them emails and nothing. you seem to be the only hope that I have. I have no money whatsoever after bills each month and totally go broke the entire month. I am not well and getting sicker by the hour! lol.
        Jim… WILL YOU PLEASE HELP ME? I guess I’m too dumb to follow the instructions. what can I/You do? PLEASE JIM… I NEED YOU NOW!
        Sincerely…
        Kat

      • Hey Kat

        I’d be happy to help in any way I can. But let me start by saying it has been a year and a half since the infection I had to fight, so not only is it a bit of a dim memory, but the programmers have obviously made changes to the program that I am not going to have experience with.

        Let me know what operating system you are using, and which versions of IE and Firefox you are using, as well as describing the symptoms you are experiencing.

  2. segismundo antmann said:

    I had the same problem with funmoods and got a great help from Jim Adcock in solving the question

  3. Thank you sooo much. I managed to get rid of it from chrome just by disabling it on ‘add-ons’ but it had been plaguing IE for months!

    Very helpful and easy to understand.

    Thanks :)

  4. Thank you !!!!! After searching for help for two days, I found you! You explained things very simply for me and more completely than anything else I’ve seen! Bless you!

  5. Kat Bep said:

    Thank you! This took care of it.

  6. Thank you, but using explorer 8 I don’t seem to have a remove add-ons. It can enable or disable add-on. But there is no uninstall/remove add-on option. I want it off my comp. completely. Do I have to live with it being disabled? Or can it actually be fully removed. In your explination it says enable and disable and it also says remove. Am I doing something wrong?

    • Sorry, I guess I need to look at modifying the text describing the process. Disabling should be adequate, but you can try completely removing the add-on.

      Right-click on the disabled add-on, choose “More Information”. There is a “Remove” button in the dialog, but for most add-ons in my browser, that button is greyed out. Of course, I don’t have Funmoods on this system, and I am on IE9, so I can’t tell you if the option is available for the Funmoods add-on in IE8.

      If you try this, please let me know what your results are!

  7. I already removed funmoods but sometimes when I use the search area, i would be directed to funmoods.

    • Check all the steps in the post. The reason I posted this was because there were so many little changes that had to be made to prevent being redirected to Funmoods search – none of them individually difficult, but every additional step another annoyance and violation of the principles of honest software.

  8. Nothing worked, so I used system restore to do the job with no more sweat.

    • Thanks, Alex. This is correct, if nothing else works, a system restore will do the trick.

      I am curious, and would appreciate more information, about what you mean when you say nothing worked. Have they changed the nature of the software so that my instructions are no longer valid? What did you try?

  9. Walden Freedman said:

    When I try to uninstall Funmoods Web Search from my computer, I get the message: “You do not have sufficient access to uninstall Funmoods Web Search. Please contact your system administrator.” But I am the system administrator, so I don’t know what to do,

    • Try the solutions here.

      I haven’t heard of this happening with Funmoods, but this error message around uninstalling programs is not uncommon. If the link I provided doesn’t resolve your issue, Google the error message (without “Funmoods Web Search”) and try the suggested resolutions.

      Good luck to you!

      And please post what the solution was when you find it, to help others if they encounter the same problem.

  10. Thanks Jim, great advice, cleared it up. Much appreciated.

  11. Yeah My IE More information remove button is grey out as well. Why?

    • I am not entirely sure. With the add-on disabled, that should be sufficient to prevent Funmoods from hijacking your searches.

      I will try to get some time on my wife’s computer this evening and check to see if the add-on is still there and the remove is greyed out, and try to find a way to remove and not just disable.

      She hasn’t been using IE at all, only Chrome, and we haven’t seen any Funmoods searches since I went throught the whole process.

  12. I have IE 9. I have uninstalled the program, uninstalled the extensions, reset my homepage and search engine, deleting funmoods completely and the stupid funmoods STILL hijacks every search. I am at a loss.

    • How are you entering your search terms? In the browser, in the address bar, in a toolbar?

      • I can’t thank you enough for your help removing that persistent funmoods search. In the end, we discovered that funmoods had altered my search engine to insert itself in the “search suggestion” and “top search result” options (options on the “manage add-ons” in IE). I never would have figured this out without your assistance. Thanks again!!!

      • Jean and I emailed back and forth a few times, sending screenshots, before I realized there is more to the search provider configuraiton in IE than just who the provider is.

        While Googling around a bit, I found this page about fixing IE9 address bar search. If you look at the second image on that page, you’ll see that there are a number of settings visible once you have actually clicked on the provider in the dialog.

        Without clicking on it, the dialog looks like this:
        Search Provider Dialog
        But when you click on it, Funmoods is revealed to have added itself to the provider’s settings:
        Search Provider Dialog with Details

        My advice was to re-add the provider again from Google, which resolved Jean’s problem. You can get a clean search provider by clicking “Find more search providers” in the bottom left corner. You should be able to find the Google search provider easiest by clicking “Most popular” in the window that comes up.

  13. Running malwarebytes after clean up should remove any leftovers

  14. What about Firefox?

    • Sorry, wasn’t installed on the infected system, so I don’t have specific advice. However, the process was similar for IE and Chrome, so adapt the steps to Firefox – uninstall the windows application, reset the home page, remove any add-ons, and reset all instances of search provider settings (or whatever “add-ons” and “search providers” are called in Firefox). Good luck, and I’m sure others would appreciate a step-by-step of how you got it off Firefox, if you would be so kind as to post it here as a reply! Thanks!

  15. I have an interesting twist that might account for me not finding Funmoods on a particular computer. I usually use Chrome on my home computer and sign in with my gmail account to iGoogle. I do the same at work and through some mechanism my default home screen is synced on both computers. So I see the exact same home page both places as well as my bookmarks being the same both places. I noticed that an extra tab with funmoods recently started opening along with my normal browser on both computers. Currently, I’m at work and can’t find Funmoods installed on the computer, neither under the Control Panel or in the Chrome extensions. I’m thinking however that it has most likely infected my home computer and has been synced through the same mechanism as my default home screen and the bookmarks. I’ll check my home computer at lunchtime to see if this theory is correct. So if you hear that Funmoods can’t be found as installed on a particular computer it might be this situation. Neither IE nor Firefox on my work computer shows any signs of Funmoods that I have detected.

    • Interesting issue. I can see how it might be possible for Funmods to add a home page tab to your home browser and then Google synchs that setting to anyplace you are logged in. I suspect that successful removal from your home system should resolve the issue at work as well, but if not check the settings on your Google profile.

      Let us know what you discover!

      • Jim,
        I did get a chance to check my PC at home. Once again however I could not find Funmoods listed as a program that I could remove and it was not listed as a Chrome extension either. I was able to remove it in Chrome settings as a site to launch when the browser is opened. The behavior that I noted on both of my PCs is that my old default page launched in one tab and Funmoods would launch in a second tab. Other browsers do not seem to be affected on the machines.

  16. You’re awesome, Jim! People like you are great, thanks for taking your time. I had gone though all of these steps, but my New Tab Page in Chrome still had a blue bar on the top with a magnifying glass, which used START.FUNMOODS as the search provider.
    To remove the ‘additional’ search bar in your Chrome new tab page, I removed the Speed Dial 4.0 extension. If this doesn’t work for you, try disabling all of your extensions (in Wrench / Tools / Extensions) then re-enabling them one at a time to see if one was infected. As soon as you find the infected one, go back to the extension and delete it by pressing the trash can icon.

    Funmoods gone! Finally (and it took me an hour and I’m a computer-guy! so well done Jim!)

  17. I run firefox instead of IE and am having trouble getting rid of funmoods out of my pc system,can you help me get rid of it?

    • I would love to, but I don’t have Firefox installed.

      But try starting here for removing search providers. Then Google removing add-ons (or whatever the terminology is for Firefox browser extensions). Make sure you have uninstalled the program that gets installed on Windows.

      Basically, for each step I have ifr IE/Chrome, there shold be a similar step for Firefox. As I am not a use rof Firefox, I don’t know the terms, but hopefully it should be somewhat intuitive for you to find the right terms.

      Good luck, and I would appreciate it (and so would other readers) if you came back and posted the steps for Firefox!

  18. Thanks, Jim………….I am still chewing on the fact that in IE the “remove” option is grayed out……….and I would *really* love to remove it completely. I find it quite abnoxious that funmoods inserts itself maliciously, and then manages to disable the “remove” button. How could they get away with that? – Anyone able to *remove* completely?

    Thanks, Peter

    • If you don’t have this option you are not logged into windows with sufficient privileges. Try logging in as admin. If you can’t then google for windows admin login. Hope this helps.

  19. Thank you! I removed it and set my search engines back to default…is there anything i need to to after this to completely remove it from my system or am i good to go? It just seems too easy to be true! thanks!

    • If you followed all the steps (for each browser if you have more than one installed), and you aren’t seeing any symptoms (getting search results provided by Funmoods), you should be good to go.

      Funmoods isn’t particularly difficult to remove, once you know all of the places that have to be cleaned. My guess is that this was a deliberate choice made by its creator, to avoid being classified as malware by antivirus programs.

  20. Thanks very much everyone, that was a mess! I had a lingering Funmoods icon on my Chrome status bar at the bottom, and it was not showing the Other devices option for my other synced Chrome device pages. I found an extension called New Tab that was the issue by turning off all extensions as suggested and turning on one by one. Solved!
    Thanks again.

    • Same problem with Chrome – new tabs had their format and blue search bar. Turns out there was more than one Funmoods extension. Thanks for the update funmoods. The name was something like “Default new Tab for Chrome 4.0″ – I don’t remember exactly. Anyway, I recommend a Cntrl+F to find the word Funmoods on Chrome’s extension page.
      I think I’m finally free of funmood nonfun. I fear it’s gonna be like a cold sore.

      Perhaps a naive question but…. is there anything (legal) to do regarding the massive time waste they’re causing?

      • Oh how I wish there was! Someone is in DIRE need of a smackdown. Unfortunately there is not, to my knowledge.

        For me, I get my revenge by helping others stop putting pennies in thir wallets.

  21. Thanks man I got it off IE but on my Mozilla it opens fine to my default page but wont stop popping up as funmoods in new tabs. Help?

    • Remove or disable all of the extensions, check any search providers (or whatever the equivalent is)… basically go through similar steps to the instructions for Chrome and IE. The components for each browser will be a little differnet, and will go by different names, but the functions each has are going to be replicated across the different browsers.

      Sorry I can’t give you more detailed info, but since I didn’t have to uninstall if from Firefox (since FF wasn’t on the infected system), I don’t have the specific experience to draw upon.

      Feel free to come back post the steps you took to resolve your issue here for the beneift of others in your position!

  22. How do I remove Funmoods on Chrome’s ‘new tab’ page?
    I uinstalled it from control panel, removed it in the settings, on the start up section, the search sections and the extension section. I uninstalled Google chrome and reinstalled it but when I open the new tab page, it’s still in the background. I also tried changing the theme but it’s not working either. I’ve tried everything but i cant find anything to work. Please help. It’s really annoying.

    • Check the extensions installed on the browser. One reader reported an extension called New Tab, another reported one called Speed Dial. Try disabling all extensions, then re-enable one at a time and test each,,until the problem returns, then you will have found your culprit.

      Failing that, make sure all of the programs installed on your computer are ones you recognize.,

      Good luck, and please report back what you find to be the cure!

  23. Hi Jim, Found all of your information very helpful. I was curious does this completely remove the funmoods virus? Yesterday was when I got the virus I followed the steps which seem to have worked but just got a norton pop up that is had to fix a problem (never seen this pop up) but said it was unable to fix the problem. Have had this computer for a month now. Thanks

    • To my knowledge, once you have uninstalled the windows application and disabled the add-on (and now apparently, the New Tab extension), that should take care of actually uninstalling the bits that got installed on your system. The rest of it is fixing the settings that the program changes (default search engine, etc).

      I don’t know what Norton found, but it probably wasn’t Funmoods, because my experience was that Funmoods wasn’t difficult to uninstall. Norton should have a log you can check to find out what the problem was that it encountered.

  24. Dude, you are awesome thanks heaps

  25. Thanks Jim!
    I think I have finally managed to get rid of this nasty bit of ****. I could not get rid of the ****moods toolbar and new tab opening with it in my Mozilla Firefox so I deleted it alltogether and now no longer use it. Mozilla, are you listening?
    I think this thing got in when I downloaded CPU-Z to establish some info on my PC. I remember some tick boxes to download some extras but I thought I ticked them the correct way. But looks like I didn’t. Lesson to be learnt there??

    What a nerve, though! It is like somebody keeping breaking into you house to put adverts in your front window. Hopefully the people who advertise through ****moods realise how stupid they are to do so.

  26. Incidently, I tried to use system restore after deleting all the visible signs of ****moods but it would not work, reporting that it could not find a reset point. I remember having to system restore as part of the process of getting rid of a similar bit of scumware, spysherriff. However, I have just looked at the wiki entry for Spysherrif and it says that it stops you resetting your machine which I presume is a more recent development. However, it makes me ask the question, has ****moods messed up my systems restore and is it still lurking in my machine somewhere?
    I would add that I’m blundering around in the dark on all this so may not really know what I am talking about! That is of course how this stuff gets away with it, so Rock on Jim!! More power to your elbow!

  27. thank you! I hate funmods.com it’s a pain in the neck!

  28. So apparently I’m retarded (I’m not) Or Funmoods is trickier than just going into Control Panel//programs and uninstalling, I’ve removed all extensions from Chrome(my browser pref) And even IE too. I’ve downloaded Malware Bytes and it didn’t detect it( yes i updated) And spy hunter(both free) per someone elses “solution”. It just isn’t working for me :( And its def started to effect my general browsing. Now shockwave is crashing randomly. Any and all help is appreciated!!

    • Did you follow all of the steps described in my post?

      Either they have upgraded Funmoods to be more than just a mere annoyance into full-blown malware, or you may have additional problems.

      Can you give me a clearer understanding of your current symptoms?

  29. I had done all this & thought it was gone. Then I ran a malware scan, and found literally HUNDREDS of registry files!!!!

    • So it looks like Funmoods has evolved to something more nasty than what I encountered.

      Can you provide examples of registry keys where Funmoods insinuated itself? Thanks!

      • I don’t really remember now. I used Malwarebytes to remove it all. A lot of it was installed in Windows folders. We recently received an imac from a friend as a gift, so I’ve not been on the PC as much, but as far as I can tell, Malwarebytes removed it all – along with disabling the plugins in the browsers, of course which I did first. We’ve used Firefox, Google Chrome, and IE on the PC, and that funmoods stuff had installed itself on all of them. My husband was using IE on the PC so he could sign into a forum I was always signed into on Firefox (separate users), and until I had run Malwarebytes, no matter what I did to IE, funmoods kept cropping up on IE. Once I ran the Malwarebytes & removed all those registry files, the problem stopped.

  30. thank you

  31. I feel obligated to inform you that after following all of these steps Funmoods will still be on your computer. You need to run a program like Malware Bytes (Not the programs that do security scans but the ones that actually detect the problems and remove them. I ran scans with Microsoft Security Essentials for example and this program will detect nothing and can do nothing because it is the wrong kind of security app for this process.)
    I found 38 files still on my computer with this program even after completing all of the steps above. Hope this helps!
    Gulstad

    • As we’ve been noting in the comments, the developers have apparently been modifying the program from when I had to deal with it nearly a year ago. I am unsurprised that, by now, additional steps are required to completely clear the system.

  32. I was finally able to completely remove FUNMOODS from my search provider section thanks so much. Finally free from FUNMOODS!

  33. I run Malware bytes (full scan) it removed the Funmoods bugs. I run system restore, deleted and reinstalled Chrome but I still get the Funmoods window open in Chrome. I also get the pesky thing on my other machine which I did mot use for a while, which suggests that this thing spreads itself through Google. Is there anything I can do short of closing all my Google accounts?

    • In the comments, DanielC found that there was some sort of Chrome setting listing Funmoods as a site to launch when the browser is opened. The behavior that he noted on both of his PCs is that his old default page launched in one tab and Funmoods would launch in a second tab.

      Check your Chrome home page settings.

  34. I was able to remove funmoods from my homepage and also the toolbar, but it still shows up whenever I open a new tab (ie8). Do you have any solutions?

  35. Thank you. I AM in a fun mood now after removing funmoods.

  36. Hitman pro will find funmood and you can delete it manually.

    • From Wikipedia:
      “HitmanPro 3 also requires a license key to remove malware found on a user’s computer, however it does offer a free 30-day trial, which does not let you remove any files identified. In version 3.5 the 30-day trial does let you remove identified threats.”

      Thanks for the tip. I am unfamailiar with HitmanPro.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 877 other followers

%d bloggers like this: