How to Remove Mail.Ru Virus Permanently

Can’t Remove Mail.Ru hijacker virus? This page includes detailed Mail.Ru Removal instructions!

If the Mail.Ru website has replaced your homepage without your approval, if “Ads by Mail.Ru” pop up out of the blue, the news is bad. Your computer is no longer free of infections. A browser hijacker lurks in the shadows of your OS and wreaks havoc. You are stuck with an utter menace! The intruder follows programming to detect your web browsers and to turn them into ad-displaying platforms. The hijacker inserts various ads on every website you visit. It also opens pop-ups, plays commercials, turns random text into hyperlinks. And it doesn’t stop here! This parasite also loads third-party websites in new tabs. And as if that’s not annoying enough, but it changes your default search engine and forces you to use a questionable search tool. If you are not sure, that’s hazardous. The hijacker uses a customized search engine that displays more ads than organic results. Apart from the obvious sponsored links, these search tool displays promoted entries that are not marked as ads. You can never be sure which results are organic, and which are there on purpose. And this can lead to severe issues as the hijacker has no filters nor security mechanisms. Numerous dodgy websites pay for their links to be displayed at the top. The hijacker threatens to redirect you to deceptive, spam, and corrupted websites. Do not risk ending up into online traps! Remove the parasite now. That’s your best course of action. Take action as soon as the “Powered by Mail.Ru” ads appear. Find where the parasite hides and delete it for good!

Remove Mail.Ru

How did I get infected with?

A hijacker is behind the numerous “Brought to you by Mail.Ru” ads. This parasite is so aggressive that many users mistake it for a virus. Luckily, that’s not the case. The hijacker is a simple app. As such, it has standard limitations. This parasite, for example, can’t get installed without your approval. It is bound to seek your consent. Note, though, that having to ask is not the same as having to do so outright. The hijacker is a trickster that knows how to steal your “yes.” It does so through malvertising, fake updates, corrupted links, malicious bundles, and spam messages. The hijacker lurks in the shadows and infects your computer when you give into naivety. Do not make its job easier! Do not throw caution to the wind. No anti-virus app can protect you if you do. Only your diligence can prevent infections. The good news is that even a little extra attention can spare you an avalanche of problems. So, don’t be lazy. Make the right decision: choose caution over carelessness. Don’t visit shady websites. Download software and updates from reputable (preferably official) sources only. And, of course, don’t skip installation steps. Opt for the advanced/custom installation wizard. Deselect the bonus apps and go through the terms and conditions. Don’t hesitate to abort a setup process if you notice anything suspicious!

Why is this dangerous?

Mail.Ru is a harbinger of trouble. As soon as this website pops up, ads flood your browser. Every website you visit gets heavy on banners. Every link you follow opens additional tabs. Every video you play gets paused for commercials. You can’t so much as touch your browser without getting your screen covered in “Ads by Mail.Ru.” The ads are annoying and irritating. They, however, are also your warning. If you take a close look at them, you’ll realize that you are in serious trouble. You are under surveillance! The ads are not random, but based on the websites you visit, the links you follow, the videos you watch. That’s how the hijacker operates. It studies your browsing habits and uses your preferences against you. Do you think that ends well? Do you trust the hijacker with your personal information? Do you believe that it collects data merely for ad targeting? Do not fool yourself! The parasite not only turns you into an easy target but also threatens to leak sensitive information. Any crook out there can use the parasite and its resources against you. And not only that, but when the hijacker gathers enough data, it wastes no time and sells everything on the black market. Do not unnecessary risks! Protect yourself and your privacy; remove the hijacker ASAP!

How to Remove Mail.Ru virus

The Mail.Ru infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.

If you perform exactly the steps below you should be able to remove the Mail.Ru infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.

STEP 1: Track down Mail.Ru related processes in the computer memory

STEP 2: Locate Mail.Ru startup location

STEP 3: Delete Mail.Ru traces from Chrome, Firefox and Internet Explorer

STEP 4: Undo the damage done by the virus

STEP 1: Track down Mail.Ru related processes in the computer memory

  • Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Carefully review all processes and stop the suspicious ones.


  • Write down the file location for later reference.

Step 2: Locate Mail.Ru startup location

Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

Clean Mail.Ru virus from the windows registry

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


  • A dialog box should open. Type “Regedit”


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.

Clean your HOSTS file to avoid unwanted browser redirection

Navigate to %windir%/system32/Drivers/etc/host

If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:


STEP 3 : Clean Mail.Ru traces from Chrome, Firefox and Internet Explorer

  • Open Google Chrome

  • In the Main Menu, select Tools then Extensions
  • Remove the Mail.Ru by clicking on the little recycle bin
  • Reset Google Chrome by Deleting the current user to make sure nothing is left behind

disable Mail.Ru from chrome

  • Open Mozilla Firefox

  • Press simultaneously Ctrl+Shift+A
  • Disable the unwanted Extension
  • Go to Help
  • Then Troubleshoot information
  • Click on Reset Firefox

remove Mail.Ru from firefox

  • Open Internet Explorer

  • On the Upper Right Corner Click on the Gear Icon
  • Click on Internet options
  • go to Toolbars and Extensions and disable the unknown extensions
  • Select the Advanced tab and click on Reset

remove Mail.Ru from ie

  • Restart Internet Explorer

Step 4: Undo the damage done by Mail.Ru

This particular Virus may alter your DNS settings.

Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for Mail.Ru, be sure to write down the current server addresses on a piece of paper.

To fix the damage done by the virus you need to do the following.

  • Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
  • go to Network and Internet
  • then Network and Sharing Center
  • then Change Adapter Settings
  • Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!

You must clean all your browser shortcuts as well. To do that you need to

  • Right click on the shortcut of your favorite browser and then select properties.


  • in the target field remove Mail.Ru argument and then apply the changes.
  • Repeat that with the shortcuts of your other browsers.
  • Check your scheduled tasks to make sure the virus will not download itself again.

How to Permanently Remove Mail.Ru Virus (automatic) Removal Guide

Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible registry leftovers or temporary files.

Leave a Comment