Family Historian User Group

I have just updated from v5 to v6 and find that if I open a web page on the internet via FH I am taken to astromenda's home page and search engine. Is this part of the update?. I do not need or wish to have this program on my computer. Usually, when I open chrome I get the google browser; it is only when I open via FH that I get astromenda.

Astromenda is a search engine, normally downloaded as part of a bundle (default install or similar), and is viewed by many as malware as it can be very difficult to remove. I sincerely hope FH is not including this as part of the FH6 install?

Which FH V6 commands are you using?
If you are talking about the Internet web windows integral within FH V6 (as opposed to an Exernal Browser window), then common with Plugins and other programs, FH uses the Internet Explorer Shell instead of your default Chrome browser.

So perhaps it is IE that has been compromised by Astromenda without your knowledge. I doubt if it is anything to do with FH V6 itself.

The browser was reached by internet- open web search window and the default page is astromenda. The search the internet button goes direct to ancestryUk but does not use my normal chrome browser with my bookmarks etc.

Last weekend I did a system restore to remove another malware program called media?. My computer was clean afterwards. The only program I have downloaded since then was the v5 to v6 upgrade. I have read that astromenda can attach itself to other files. I have also downloaded emails etc (but not with any attachments) and visited a few internet forums. I will try the upgrade again on my laptop tomorrow.

Incidentally, surely it is better for Calico and other programs to use the user's default web browser to surf the internet.

OK, so all those Internet windows are internal to FH, and therefore use the Internet Explorer Shell.

FH offers drag from Internet features that I believe are only possible with an internal Internet window, which for technical reasons I think has to use the IE Shell.

I am fairly sure that if possible programs would use the user's default browser, but presumably Windows does not support that capability from a program.

If you open Internet Explorer does it default to Astromenda?

I am pretty sure that a System Restore will NOT necessarily remove all malware, especially if it is in your C:\Users\{username}\... files.

Also, if you never use IE you don't know how long the infection has existed.

Internet Explorer did default to Astromenda. I changed the home page in IE to google.co.uk which it seemed to accept. I then tried to load a web page via FH and it gave me the google home page and not astromenda. This seems too good to be true so I will watch this carefully over the next few days.

I do not use IE on a regular basis so do not know how it has picked up this malware. I know that this type of malware is very hard to eradicate and I do not expect simply changing the home page will make that much difference. I suppose time will tell.

If I were you, I'd try to find and eliminate the malware. You could try something like: this https://www.malwarebytes.org

Thanks for the suggestion Craig. I've always been a bit wary about this type of software in case it gets rid of one malware program and introduces some other. I suppose it all depends on the recommendation.

After further investigation it appears that my grandkids use IE when visiting their game sites. They have probably unknowingly downloaded the malware. I do not use IE and much prefer Chrome to link with my tablet and smartphone.

The malware was obviously still in IE even after a system restore. As Mike states that FH uses IE as the default browser then it is probably no surprise that I encountered astromenda after the v5 to v6 update. On balance, I think it is a coincidence that the malware appeared in FH and now do not believe that it was introduced by the FH update program.

It sounds like you allow your grandkids to use the same Windows account as yours.
Based on probability, I also suspect that it is an Administrator privileged account.
If so, you are asking for trouble, and no amount of Anti-Virus Software will protect you, because grandkids are savvy enough to switch it off if necessary.

If you take my advice, set up a separate standard (non-Administrator) account for your grandkids, then they can do much less damage, and your Administrator account settings will not get disrupted.

Very good advice Mike, although I suspect within the next few months my eldest grandson will know far more about computing than I do and I might even find myself locked out of my own machine!.

If you have a strong password protected Admin account he will find it difficult, assuming you are running Windows 8, 7 or Vista.
He would need a Unix boot CD to reset your Admin password.