Hao123, an intrusive homepage and default search hijacker, is getting scrutinized in this tutorial from a computer security and privacy perspective.
It’s doubtful whether one can question the legitimacy of the Hao123 service as such. It’s a portal created and run by the Beijing-based Baidu company; moreover it ranks very high on the worldwide Internet traffic map. The tip of the iceberg is it’s an aggregate of various web services (including web search, social networks, news, videos, games, finance, etc.) incorporated in one place. What does arouse serious concerns is one of the ways that this service has been progressing towards such a success. An app called Hao123-Client, when installed on an arbitrary computer, will forcibly change some web browsing preferences without proper approval on the user’s end. This affects the homepage settings as well as the default search, new tab and browser shortcut parameters. Resulting from such activity, much of the outgoing web traffic on the PC gets routed to hao123.com. This site is available in multiple languages, for instance the English version is at en.hao123.com.
The thing that makes Hao123 a fairly run-of-the-mill adware entity is its proliferation peculiarity, of course aside from the above-mentioned unauthorized toggling of one’s browser settings. In the spreading of this unwanted app, its authors rely on a bundling model, where the installer is built into the setup workflow for completely different free programs. As an example, Hao123-Client is included into the installation of the app called Format Factory, at least a custom build thereof. Since said application is a popular free media converter, it’s being downloaded a lot – and so is the adware payload accompanying it. Then a browser plugin or extension gets added to Chrome, Firefox and Internet Explorer on the machine. From that moment on, the browsing preferences are out of user’s control, and there will be permanent redirects to the variant of hao123.com which corresponds to the victim’s geolocation.
In the process of Hao123 removal, it matters what kind of measures you adopt. Trying to find it on the list of browser add-ons is most likely to avail, so uninstalling it from there is not the case. Remember this isn’t a standard extension. The fix consists in applying some more advanced troubleshooting methods, all of which are provided in the succeeding parts of this post.
Hao123 automatic removal
All the other adware uninstall methods being worth a try, the cleanup using automatic security software guarantees a proven fix involving little user effort and a trouble-free procedure.
- Download and install the featured security tool and launch an in-depth malware checkup by clicking Start Computer Scan buttonDownload Hao123.com remover
- When the software returns a list of malicious and potentially unsafe items found on the PC, select Fix Threats in order to have the Hao123 infection uninstalled from your machine. An additional virtue of this process is the elimination of other threats that may be active in the background.
Use Control Panel to uninstall Hao123 adware
- Go to Control Panel from Windows Start menu. If you are using Windows XP or Windows 8, proceed to Add or Remove Programs. If it’s Windows Vista or Windows 7, Uninstall a program is the right option to click
- Carefully examine the list and find the entry for Hao123-Client there. Once spotted, select the Change/Remove / Uninstall/Change option for this item in order to complete the uninstall
Reset the compromised browser to its defaults
Despite the fact that this is a fairly radical fix, resetting the affected web browser is effective. However, be advised you will lose your personalized settings such as temporary Internet files, history, cookies, saved passwords, web form data, toolbars and add-ons. So proceed with caution, and if you’re not sure – perform the cleanup using methods highlighted in the previous sections.
Reset Firefox to its original defaults
- Open Firefox, expand the Help menu on the top of the window, and in the drop-down list pick Troubleshooting Information. Alternatively, simply type in ‘about:support‘ (without quotes) in the Firefox omnibox and hit Enter.
- Troubleshooting Information will open in a separate tab. Click the Reset Firefox button as shown. You’re now done.
Reset Internet Explorer to its original defaults
- Launch Internet Explorer and proceed to Tools/Gear icon – Internet Options.
- Select the Advanced tab at the top and click Reset.
- When IE comes up with the respective screen, read the warning carefully and, if sure, put a checkmark for Delete personal settings. Now click Reset.
Reset Google Chrome to its default values
- Open your Chrome browser, click the Chrome menu icon to the upper right and select Settings on the list. Alternatively, type in ‘chrome://settings‘ (without quotes) in the URL field.
- Find the Show advanced settings… link on the tab that opened up.
- Under Chrome’s advanced settings, click the button that says Reset browser settings.
- Be sure to read the information about the personal settings that will be lost if the transaction gets completed. Click Reset if it’s fine with you.
Complete the Hao123 removal process
Given the likely persistence of this adware sample, it’s recommended to repeatedly check the machine for its components after the cleanup procedure has been performed. Rescan your system with trusted security suite to make sure Hao123 extermination has been successful.