Windows Problems Help Center

Thursday, November 27, 2014

Remove Javascript Alert "You've been hacked by the Syrian Electronic Army(SEA)" Completely

Lately, some computer users say that an javascript alert "You've been hacked by the Syrian Electronic Army(SEA)" is displayed on their computer browser. And then redirects to http://i.imgur.com/qD53RZY.png This code is due to the file http://cdn.gigya.com/js/gigyaGAIntegration.js integrated in many websites (that's why many different websites have this "hack"), has been changed by syrian.

In this post, there will be some information about this Syrian Electronic Army (SEA).

Description of  Syrian Electronic Army (SEA) 


According to the Wikipedia, the Syrian Electronic Army (SEA) is a group of computer hackers tolerated by the Syrian Government. Using spamming, defacement, malware (including the Blackworm tool), phishing, and denial of service attacks, it mainly targets political opposition groups and western websites including news organizations and human rights groups. The Syrian Electronic Army claims to be "a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria", however the SEA is believed by experts to be "a state-supervised operation" that is linked to the Syrian Government.

Syrian Electronic Army (SEA) is a hacker group which scared visitors to several news websites on by posting rogue pop-up messages saying they’d been hacked.The SEA have hacked a wide variety of websites since their formation in 2011. On 27 November 2014, there was a major attack on a large number of prominent sites, including those of Britain's Telegraph newspaper and the NHL. The SEA is thought to be the first public, virtual army in the Arab world to openly launch cyber attacks on its opponents.

If your computer keep getting some unwanted pop-up webpage and want to stop the alerts, you can follow the guide below to clean up your browser. And it is highly recommended to keep a powerful anti-virus like Spyhunter on the computer to remove and block viruses.

Solutions to remove Javascript Alert 


In this post, there will be two solutions to remove Javascript Alert:

1. Remove Javascript Alert manually.
2. Remove Javascript Alert by using SpyHunter anti-malware.




Instructions to Get Rid of Javascript Alert


Method 1: Javascript Alert Manual Deletion

Step 1: Reset your browser setting

Firefox:
In the drop-down list of Firefox, go to Help and click on Troubleshooting Information.
Click on the Reset Firefox button to reset it.

Google Chrome: 
Click on the Chrome menu on the right of toolbar and then select Settings.
Scroll down to the bottom to click Show advanced settings.
Go down to the bottom and click Reset browser settings to reset Google Chrome to its default setting.

IE: 
Click Tools on the up right corner and select Internet Options.
Click on Advanced tab, press Reset button to reset IE to its default settings.

Step 2: Stop related running processes in Windows Task Manager first.
( Methods to open Task Manager: Press CTRL+ALT+DEL or CTRL+SHIFT+ESC or Press the Start button->click on the Run option->Type in taskmgr and press OK.)


Step 3: Open Control Panel in Start menu and search for Folder Options. When you’re in Folder Options window, please click on its View tab, tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then press OK.


Step 4: Go to the Registry Editor and remove all the infection registry entries listed here:

(Steps: Hit Win+R keys and then type regedit in Run box to search)



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Start Page" = "http://www.<random>.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard drive id>"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search "CustomizeSearch" = "http://www.<random>.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search "SearchAssistant" = "http://www.<random>.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}"




Step 5: All the infection associated files listed below need to be removed:

%CommonAppData%\<random>.exe
C:\Windows\Temp\<random>.exe
%temp%\<random>.exe
C:\Program Files\<random>


Method  2: Automatic Removal with SpyHunter


SpyHunter is a world-famous real-time malware protection and removal tool, which is designed to detect , remove and protect your PC from the latest malware attacks, such as Trojans, worms, rootkits, rogue viruses, browser hijacker, ransomware, adware, key-loggers, and so forth. To keep SpyHunter Anti-malware on your computer is an important way to protect your computer in a good condition. Please find the instruction as follow. 

Step 1: Press the following button to download SpyHunter.


Step 2: Save it into your computer and click on the Run choice to install it step by step.



Step 3: Click Finish then you can use it to scan your computer to find out potential threats by pressing Scan computer now!

Step 4: Tick Select all and then Remove to delete all threats.


Guide to download RegCure Pro to optimize PC 


If you are still worried about the left over of Javascript Alert and want to clean all the unwanted registry entries,  it is recommended to use RegCure Pro.

Step 1. Install and launch RegCure Pro on your PC.




Step 2.  Select "Yes" to download and install RegCure Pro.

 

Step 3. Click "Next" to continue.


Step 4. RegCure Pro will open automatically on your screen.

RegCure Pro

 Step 5. RegCure Pro is scanning your PC for error.

 RegCure Pro2

Step 6. After scanning, choose the issues you want to fix. 

 

Note: Manual removal Javascript Alert refers to key parts of computer system. Any error step may lead to system crash. If you don’t have sufficient expertise in dealing with the manual removal. Install Spyhunter can be your better choice, because it is capable of auto-detecting and removing viruses. You can also Download RegCure Pro to help you clean up unneeded registry files and optimize the computer.

No comments:

Post a Comment