DiscoverAncestry is a Browser Extension for Google Chrome developed by Mindspark Inc that presents itself as a web tool to discover the origins or meanings of particular family names.
When installed this extension changes your default new tab page to search by MyWay, as well as your default search engine to Search.MyWay.com
While active, DiscoverAncestry logs user browsing information, recording clicked links, visited websites and viewed products. This information is later used to better target personal ads. Browsing the internet with this extension active will result in injection of additional ads, sponsored content and even pop-up ads throughout the browsing sessions.
DiscoverAncestry is usually found bundled with other potentially unwanted software, this combined alongside its aggressive ad injection is why DiscoverAncestry has been marked as a Browser Hijacker, and it is recommended to remove it from your computer.
About Browser Hijackers
Browser hijacking is regarded as the web’s constant risks that target web browsers. It’s a type of malware program that redirects web browser requests to other suspicious websites. Basically, most browser hijackers are made for advertising or marketing purposes. It redirects you to the sponsored websites and inserts adverts on your internet browser which helps its developer generate income. It might seem naive, but the majority of such websites aren’t legitimate and can pose a significant risk to your on-line safety. In a much worst case, your internet browser could be hi-jacked to download malware that will do a lot of damage to your computer.
Browser hijacking signs and symptoms
There are several symptoms that could indicate a browser hijacking:
1. your homepage is reset to some unknown site
2. bookmark and the new tab are also changed
3. default online search engine is modified
4. you’re getting browser toolbars you haven’t witnessed before
5. you will find random pop-ups start showing regularly
6. your internet browser has instability issues or exhibits frequent errors
7. you are blocked to access the websites of antivirus solution providers.
How does a computer get infected with a browser hijacker?
Browser hijackers can get into a computer by some means or other, for instance via file sharing, downloads, and email also. Many web browser hijackings originate from add-on applications, i.e., toolbars, browser helper objects (BHO), or extensions added to web browsers to give them extra features. A browser hijacker may also come bundled-up with some free application that you inadvertently download and install, compromising your PC security. Common examples of browser hijackers include CoolWebSearch, Conduit, Coupon Server, OneWebSearch, RocketTab, Snap.do, Delta Search, and Searchult.com.
Browser hijackers may record user keystrokes to gather potentially valuable information leading to privacy issues, cause instability on systems, drastically disrupt user’s browsing experience, and eventually slow down the computer to a stage where it becomes unusable.
Removal
Some browser hijacking can be simply reversed by discovering and eliminating the corresponding malware software through your control panel. However, many hijackers are really tenacious and need specialized applications to remove them. Also, manual removals demand deep system understanding and thus can be quite a difficult task for novices.
Professionals always suggest users eliminate any malicious software including browser hijackers by using an automatic malware removal tool, which is easier, safer, and faster than the manual removal procedure. To remove any kind of browser hijacker from your laptop or computer, you should download the following certified malware removal tool – SafeBytes Anti-Malware. Along with anti-virus software, a system optimizer tool, similar to Total System Care, will help you repair Windows registry errors, get rid of unwanted toolbars, secure your online privacy, and stabilize programs installed on your computer.
Learn How to Get rid of Malware that is Blocking Websites or Preventing Downloads
Viruses may cause a lot of damage to your computer. Some malware sits in between your PC and the internet connection and blocks some or all internet sites that you really want to visit. It will also prevent you from adding anything to your PC, particularly antivirus applications. If you’re reading this article, you probably have affected by a virus that prevents you from downloading a security program like Safebytes Antimalware on your PC. There are some actions you can take to circumvent this issue.
Install anti-malware in Safe Mode with Networking
In the event the malware is set to run at Windows start-up, then booting in safe mode should avoid it. Just bare minimum required programs and services are loaded when you boot your PC in Safe Mode. Here are the steps you need to follow to start into the Safe Mode of your Windows XP, Vista, or 7 computers (check out the Microsoft website for instructions on Windows 8 and 10 computers).
1) At power on, press the F8 key while the Windows splash screen begins to load. This should bring up the Advanced Boot Options menu.
2) Choose Safe Mode with Networking using arrow keys and hit Enter.
3) Once you get into this mode, you will have an internet connection again. Now, obtain the malware removal program you need by utilizing the web browser. To install the program, follow the directions within the setup wizard.
4) Right after installation, do a complete scan and allow the software eliminate the threats it finds.
Utilize an alternate browser to download antivirus software
Some malware only targets certain browsers. If this sounds like your situation, utilize another internet browser as it can circumvent the malware. The ideal way to avoid this problem is to opt for a internet browser that is known for their security features. Firefox contains built-in Phishing and Malware Protection to keep you safe online.
Create a portable USB antivirus for removing viruses
Another method is to download and transfer an anti-malware application from a clean PC to run a virus scan on the infected computer. To run antivirus using a USB drive, follow these simple measures:
1) Make use of another virus-free computer system to download Safebytes Anti-Malware.
2) Plug the USB drive into the clean computer.
3) Double-click the executable file to open the installation wizard.
4) When asked, choose the location of the USB drive as the place where you want to store the software files. Follow the on-screen instructions to finish the installation.
5) Transfer the flash drive from the clean computer to the infected computer.
6) Double-click the anti-malware software EXE file on the pen drive.
7) Run Full System Scan to identify and clean-up up all sorts of malware.
SafeBytes Anti-Malware: Lightweight Malware Protection for Windows Computer
If you are looking to purchase anti-malware for your desktop, there are numerous brands and packages for you to consider. A few are well worth your money, but most aren’t. When looking for an antivirus tool, select one which provides dependable, efficient, and comprehensive protection against all known computer viruses and malware. On the list of highly recommended applications by industry leaders is SafeBytes Anti-Malware, well-known security software for Windows computers.
SafeBytes is a powerful, real-time anti-spyware application that is made to assist everyday computer users in safeguarding their computers from malicious threats. Once you’ve got installed this software, SafeBytes advanced protection system will make sure that absolutely no viruses or malicious software can seep through your PC.
There are lots of amazing features you’ll get with this security product. The following are some typical features present in this software program:
Active Protection: Malware programs aiming to get into the system are discovered and stopped as and when detected by the SafeBytes real-time protection shields. This utility will always keep track of your computer for any suspicious activity and updates itself continuously to keep current with the latest threats.
World-class AntiMalware Protection: Built upon a highly acclaimed antivirus engine, this malware removal tool can find and get rid of various obstinate malware threats such as browser hijackers, PUPs, and ransomware that other typical anti-virus applications will miss.
Fast Multi-threaded Scanning: SafeBytes’s virus scan engine is one of the fastest and most efficient within the industry. It's targeted scanning tremendously increases the catch rate for viruses which is embedded in various computer files.
Web Protection: SafeBytes provides instant safety rating about the webpages you’re about to visit, automatically blocking dangerous sites and to make sure that you’re certain of your online safety while browsing the net.
Lightweight Utility: This software is lightweight and will work silently in the background, and will not impact your PC efficiency.
24/7 Customer Service: You can obtain totally free 24/7 technical support from their IT experts on any product queries or computer security issues.
SafeBytes has created a wonderful anti-malware solution to help you conquer the latest computer threats and virus attacks. Now you may realize that this particular software does more than just scan and eliminate threats from your computer. So if you are searching for the best anti-malware subscription for your Windows-based computer, we strongly recommend SafeBytes Anti-Malware software.
Technical Details and Manual Removal (Advanced Users)
If you don’t want to use an automated tool and prefer to eliminate DiscoverAncestry manually, you might do so by going to the Windows Add/Remove Programs menu in the control panel and deleting the offending software; in cases of web browser plug-ins, you can remove it by visiting the browsers Add-on/Extension manager. You might even want to reset your web browser settings, and also delete temporary files, browsing history, and cookies.
To ensure complete removal, manually check your hard disk and registry for all of the following and remove or reset the values accordingly. Please remember that this is for skilled users only and may be challenging, with wrong file removal leading to additional system errors. Furthermore, certain malware keeps replicating which makes it tough to eliminate. You are suggested to do this process in Windows Safe Mode.
Files:
%USERPROFILE%\Application Data\DiscoverAncestry_chIE
%USERPROFILE%\AppData\LocalLow\DiscoverAncestry_chIE
%USERPROFILE%\Application Data\DiscoverAncestry_ch
%USERPROFILE%\AppData\LocalLow\DiscoverAncestry_ch
%PROGRAMFILES(x86)%\DiscoverAncestry_chEI
%PROGRAMFILES%\DiscoverAncestry_chEI
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Extension Settings\icmiidhlbncmcphhngimjmggjiionjpe
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\icmiidhlbncmcphhngimjmggjiionjpe
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Sync Extension Settings\icmiidhlbncmcphhngimjmggjiionjpe
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Sync Extension Settings\icmiidhlbncmcphhngimjmggjiionjpe
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pakhopeeieecchbhooipmmgjkfajbpkl
%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\pakhopeeieecchbhooipmmgjkfajbpkl
Registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Approved Extensions, value: 8EAFF39E-95FA-48E7-B465-74F985754E6C
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Approved Extensions, value: D9712913-5FE6-4956-B291-7A6689170736
HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\8eaff39e-95fa-48e7-b465-74f985754e6c
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\8eaff39e-95fa-48e7-b465-74f985754e6c
HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\d9712913-5fe6-4956-b291-7a6689170736
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\d9712913-5fe6-4956-b291-7a6689170736
HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar, value: 6ffa4cac-5ad4-42f5-bd18-7cd228761d1a
HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, value: DiscoverAncestry EPM Support
HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, value: DiscoverAncestry Search Scope Monitor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: DiscoverAncestry Search Scope Monitor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: DiscoverAncestry EPM Support
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: DiscoverAncestry AppIntegrator 64-bit
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: DiscoverAncestry AppIntegrator 32-bit
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services\DiscoverAncestry_chService
HKEY_CURRENT_USER\SYSTEM\ControlSet001\services\DiscoverAncestry_chService
HKEY_CURRENT_USER\SYSTEM\ControlSet002\services\DiscoverAncestry_chService
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser, value: 6FFA4CAC-5AD4-42F5-BD18-7CD228761D1A
HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\DiscoverAncestry_ch
The list contains some nice essential and good things but we gave our best not to break the bank so you will not find any large screens or 300$ keyboards here. Of course, you can always get expensive gifts and if you have money for it do it, it is just we want to have affordable stuff here.
Each time when the company is breached data is stolen and that places the company in a bad light usually because its user database has been compromised and people are concerned about their data being misused. This is very rational fear and concern but this time things are a little bit different than usual, why is that, you might ask?
Well, as before mentioned GoDaddy is a hosting company and the vector of attack was aimed at the part where it is hosting WordPress. Attackers were able to get their hands on the sFTP credentials of customers on that server meaning that all of the websites are also been relieved of their user base as well.
This potentially means that there is a high chance that all of the hosted web site's content is also compromised, meaning that your data could also be compromised even if you were not a GoDaddy customer, all you needed to do is to be a member of any site hosted on their platform.
GoDaddy has reset WordPress passwords and private keys, so it’s already taken the steps required to stock the attacker from exploiting anything with the passwords obtained. The company is in the process of generating new SSL certificates for customers.
Bad thing is that the attack used a compromised password to get into systems all the way back around September 6th, 2021, the breach was discovered on November 17th, 2021, which is more than a 2-month active time where the attacker could harvest tons of data. The outcome of this attack will be seen in the upcoming time, until then be safe, and Just in case change your passwords. 
Good thing is that website or web application will prompt you to allow it to use this feature like when a site/application wants to use your microphone or web camera. Developers are on board with this feature since it can provide them with more telemetric data on how users are interacting with their website/application but there are some that are strongly voicing against this.
Tantek Çelik, Mozilla Standards Lead, commented on GitHub, saying:
Before we move to the article I just want to say that technically there are no random crashes, there is always a reason why the system hangs up, why you received blue screen, annoying restarts out of nowhere and many more PC crashes. In this article, we will explore many possible reasons why something may occur and offer you straight forward solution on how to escape the situation and prevent it from happening again.
Without further delay, let's begin:
