Applehebi

Applehebi is a potentially unwanted program. It may get inside the computer is a number of ways that is not expected by user. Most of the time, Applehebi enters the computer without user’s consent. It is packed to other threats, adware, or even legitimate programs that were repacked to carry Applehebi into one’s computer automatically.

There are many types of unwanted program and Applehebi belongs to a group that makes changes on the computer in order to promote software. In short, this potentially unwanted program annoys user through pop-up alerts, messages, and other disturbance to catch user’s attention. It takes this opportunity to endorse a program, web site, or even popularize certain people and events.

If in case you are seeing a pop-up of Applehebi on the computer, it only denotes that a fix is necessary to stop these annoyances. There may be threats inside the system that can only be removed when you run a thorough scanning. Anti-virus and anti-malware programs are needed to find and delete malicious items that are hiding on the PC. To totally remove Applehebi, you must also get rid of all of its files and registry entries that could be hidden deep inside the system.

Once Applehebi was removed, it is best to install a security program that has real time protection to guard the computer from threats like viruses, Trojans, malware, and potentially unwanted program.

applehebi

Signs and Symptoms of Applehebi Infection:

Browser is redirected to Applehebi web sites
Trojan usually infects a web browser in order to redirect it to another web page that contains additional malware. In some instances, redirects are used to promote a rogue program such as fake antivirus products.

Exhibits fake pop-ups and security alert
In order to deceive computer users, Applehebi will exhibit a bunch of fake security alerts and warning messages. It also intends to promote the malware as the sole remover for identified threats.

Applehebi will detect errors and threats that do not exists
If the redirect intends to promote a rogue program, user may see a bunch of fake detection after the browser is redirected to a malicious page. Keep in mind that that detection is fictitious and does not really exists in the computer at all. This trick is common to viruses and malware that uses redirect methods.

Other Functions of Applehebi:

  • Applehebi will arrive on computer via another virus infection
  • Internet browser can be redirected to unknown address that is usually the location of other malware
  • Applehebi may contact a remote computer and download more threats
  • Applehebi will display excessive advertisements on the computer
  • This threat also monitors Internet activity on the infected PC

How to Remove Applehebi

Remove the rootkit Trojan causing the redirect

Anti-rootkit utility called TDSSKiller is a free tool from Kasperksy that neutralizes complicated malware which effectively hides its process, folders, files and registry entries.

1. Download TDSSKiller from this link. Save the file to your desktop.
2. Extract the contents using archiver applications.
3. Reboot the computer in Safe Mode to avoid Applehebi from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will now start in Safe Mode.

4. Locate and run the TDSSKiller.exe file.

5. On Object to Scan, please mark Services and drivers as well as Boot Sectors.
6. Click on Start Scan to begin scanning your system. This may take a while.
7. After the scan is finished, it will reboot the computer. That should complete the disinfection process.

Download and scan with Malwarebytes Anti-Malware

1. Download Malwarebytes' Anti-Malware from this link and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as default only.

4. Before the installation completes, check on the following prompts:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware

5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the Show Results button.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.

13 Comments

  1. Adeptus

    This does not fix the browser hijack and you will still be unable to use the internet properly! most browsers will be redirected to fake web pages which instruct you to pay and download a fake antivirus program DO NOT DO THIS!
    First click START the RUN and type ‘regedit’ then click EDIT and SEARCH for ‘Applehebi’ you will see one entry with this title DELETE THIS.
    To remove the browser hijack problem you need to download ‘Hijackthis’ from trend micro ‘http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis’ just copy this link into your address bar.
    Then when you run it you will see a huge amount of websites which all have the same ip address, check the boxes next to all these ip addresses and click FIX on hijackthis, this should delete them and alow your browser to function properly……i have learned all this the hard way! Good luck!

  2. johnfs

    Malwarebytes’ Anti-Malware

    I removed winrar from pc and installed above it ran a test free I could not believe it removed all my problems including applehebi i will definitly be looking into buying this program.WHEN SCANNING USE THE QUICK SCAN it worked for me
    john

  3. wayne

    ok that worked but when i try to connect to the internet i get a fake microsoft security site. How do u get rid of that

  4. Kevin

    Simple fix for this…. All you have to do is go to c:windowssystem 32explore

    in this folder find the item named “explore”. Mine looked like a WinRar file. Select it and check the properties it will say applehebi. If so it is the right item just deleted and your problem is fixed……. Has not happened to me since….

  5. Denfaro

    explore.exe can’t be deleted on my computer. Please advise

  6. Alyssa

    That happened to me too, and it can’t be deleted. I’ve seen on other sites people saying that once they restart their computer they can’t get onto websites anymore, which sounds like a virus we recently had. I don’t know what to do!

  7. chris

    I had the virus and removed it using hi-jack. it’ll lock the explore so you cant remove it, but when you run hi-jack it’ll release the lock and you’ll be able to remove it. thanks for the help adeptus

  8. kev

    most of those methods work but by the way if you are waiting for the check just click another window so as not to close the popup and it wont keep appearing

  9. Andy

    I still get the fake Microsoft antivirus site. and i did just about everything you guys said to do. i uninstalled winrar, i got malware and hijack, and i deleted the winrar file explorer. and i still cant get onto google.

  10. Ler

    If you can’t delete the explore.exe rename it to whatever you want. If the applehebi appears again just close it and cannot find file pop-up will appear. Go back to your renamed file, you can delete it now. Hope this helps.

  11. Alyssa

    Ok, I deleted the .exe and the popups stopped, but I still couldn’t get onto certain websites. This is EXACTLY what I did to fix it, and it worked!

    1. Click Start, and click Run.
    2. If your computer is running Windows 95, Windows 98, or Windows ME:
    In the Open field, type: notepad %windir%hosts
    If your computer is running a Windows NT-based operating system, such as Windows 2000 or Windows XP:
    In the Open field, type: notepaddriversetchosts
    — for example, on Windows 2000:
    In the Open field, type: notepad C:WINNTsystem32driversetchosts
    — or on Windows XP:
    In the Open field, type: notepad C:Windowssystem32driversetchosts
    You have to open it in notepad.
    3. Delete all text in the HOSTS file.
    4. On the first line of the HOSTS file, type: 127.0.0.1 localhost
    At this point the HOSTS file contains nothing but this one line of text.
    5. Save the file to the same location you opened it from.
    6. Close Notepad.

  12. ann

    i went to c:windowssystem 32 and i couldn’t find explore anywhere..also i tried resaved the hosts file with only 127.0.0.1 localhost and it is still not working..please help!!!

  13. traci

    ive just tried adeptus’s method of getting rid of the applehebi, and so far so good, i can now get back on to facebook without any problem, thanks adeptus…

Comments are closed.