One step search is widely reported to be a rogue/harmful software, added when you visit a search site of that name and downloaded on your computer without your knowledge. If it has infected your computer, you will notice constant popups of it on your computer. This article provides step by step removal information alongwith demonstration videos. All the tools/ softwares mentioned in this article are freeware.
Trojan Removers: As you know, that this malware could be installed by a Trojan, therefore you will also need to remove that Trojan as well. Try these free tools. Click here to read more...
Preparation: Youwill need the windows operating system cd. If you have received a CD with the purchase of your computer. If hard disk has a partition"Restore Partition" , you won't require the CD. Your computer should have an antivirus software. You will also need a free software CCleaner, and a Firewall. You can choose one of the freeware firewalls.
Turn off - system restore : The malicious files are saved in the system restore backup. You need to turn system restore off to remove them. You can turn it ON after cleaning the computer. Click here to read more...
If you are unable to open Task Manager Sometimes you are not able to open the task manager, the run command etc. The virus does this. There are free tools to solve this problem. They are listed here. See which is helpful for you. Click here to read more...
Remove Processes from Task Manager Press Ctrl Shift Esc to open Task Manager. See in the list of the processesonestep.exe Select if found and press the End Process button. It will prompt you, say yes, and then close the Task Manager. There may be more processes belonging to this malicious software.
Removing a Program from windows startup: The system configuration utility can be started in xp and in vista by typing msconfig in the run box. The run box can be opened in xp by clicking on Start > run The best part of windows startup is that the setting is reversible, therefore you can check / uncheck any entry from windows startup any number of times. So do not hesitate to uncheck anything that you find doubtful. You can always check it back if you later come to know that it is something useful.
After the system configuration utility window is open, Click on the Startup tab, that will list all the programs that are scheduled to start when you turn your computer On. Expand the middle column using your mouse pointer so that you can see the path of the program on the hard disk, that will give you a clear idea, what program that is. Locate and uncheck the entries if found onesearch.exe, onesearch.dll, onestep210.exe
Removing a service: While still in the system configuration utility, click on Services tab. Check the "Hide All Microsoft Services" box. The look in the list for "OneStepSrch Service" and Uncheck the box in front of it. Press Apply, Press OK. Restart the computer.
Boot in safe mode: If you are unable to delete the malware files/ folders and get "Access denied" message, try doing it while in windows safe mode. Click here to read more...
Searching and Deleting the Folders / files on the hard disk
C:\Documents and Settings\All Users\Application Data\OneStepSrch search and delete all the instances of the above folder from the hard disk. Use windows search utitlity to search for "OneStepSrch"
C:\Documents and Settings\[UserName]\onestep.dll C:\Documents and Settings\[UserName]\onestep.exe delete all the above files if found.
These registry keys may be found on an infected computer. Delete them if found. If you delete the keys, then the values are also removed, so the first para lists the registry keys, and second para lists the values assigned to those keys. In case of removal, you can limit yourself to the first para, no need to get bogged down looking at so many registry entries.
Description = "Update and control for OneStepSearch"
Using CCleaner: CCleaner is a freeware temp files and registry cleaner. We need to use this type of software because almost all the infection that occur through internet, come through the temp files, and unfortunately windows does not remove temp files automatically.
Using Antivirus Application: Follow this step, if even after applying all the above steps, the virus still shows its presence in the computer. Your best helper is the antivirus program on your computer. Keep it always updated. Click here to read more...
Using the system file checker: Follow this step if you notice trouble in the normal functioning of windows. Click here to read more...
If you are unable to access one or more sites during the repair process
- if possible use another computer to download the software needed for repairing your computer, and then copy and transfer it to the infected computer using any available means like a pen drive. - if you are using only internet explorer, and if it is blocked from visiting some of the security related sites, try to download/ install Firefox browser, and see if you can use it for the same purpose.
Using a Firewall : It is helpful to install a standalone firewall so that you can block any unsolicited communication done by the malware to and from your computer. This malware tries to connect to "onestepsearch.net" block these sites/hosts in your firewall.
The last advice: When after all the efforts, the problem still remains or lingers, if you have a lingering sensation that everythig is not right about the computer, then you should not stay in that limbo. There are always undetected viruses/ or traces present on any given computer, at least i think it is safe to assume so. Therefore I have come to a conclusion about a safe way to use the computer. You should treat your computer as a Cooking Utensil, and not as a Refrigerator. Or If i may say, use it as a Vehicle, and not as a Garage. Do not use your computer as a primary storage device. That is what most of use tend to do. I extend this advice to all Home Users, who do not have the knowledge/time/ energy and the resources to ensure the safety and the security of their computers. So as a last resort you should be prepared to format the hard disk, and reinstall the windows and all other software along with it.
The last resort : If your computer comes with a restore partition on it , then you can use it to reinstall windows , or you can use a operating system cd/dvd it you got one with your computer. This will ensure that hard disk is erased and the viruses and the innumerable changes made in your computer are all gone for sure. see article for details
