by Bill Snyder

How to Tell if Your PC is Infected with ‘YellowMoxie’ Malware – Then Remove It

Aug 26, 20133 mins

The pesky "YellowMoxie" malware is making the rounds. If you see suspicious yellow links on websites, you may be infected. blogger Bill Snyder shares step-by-step instructions on how to remove YellowMoxie from your PC.

I pride myself on being a careful computer user, and I hadn’t found malware on any of my PCs in years. Last week I discovered that an annoying bit of malware called “YellowMoxie” had taken residence in two of my browsers. I managed to kill it after a few hours. But the malware seems to be making the rounds, so I thought I’d explain how to remove the pesky bug.

YellowMoxie is a link hijacker. It changes URL paths and sends users to sites that are not the ones they want to visit. Sometimes the destinations are annoying ad pages for fake pharmaceuticals; sometimes they’re sites that infect PCs and Macs with even more malware. I first spotted YellowMoxie when I noticed odd, yellow links on a Web page in my browser. When I hovered over the words, boxes containing ads and links appeared. The site in question was the one you’re currently visiting, so I called my editor. He looked at the page and saw nothing.  

I was browsing with Firefox at the time, but I switched over to IE9 and the bogus links were still there. They did not appear in Chrome.

Typically malware piggybacks on free applications from the internet, such as free software, videos and system utilities and software that promises to speed up your computer – or ironically – to eliminate malware. itself isn’t a pirate site, but appears to be linked to the YellowMoxie malware.  So I would not visit that site.

Here’s a step-by-step list of instructions on how to remove the YellowMoxie malware from your computer.


Step One:  Don’t panic, and do not pay some company to clean your computer using remote software or for an anti-spyware application.  If you search Google for “YellowMoxie,” you’ll find a lot of information from companies that want to sell you a fix. I don’t know if those fixes work, but they are expensive and, more importantly, not necessary.

Step Two: Sometimes link hijackers show up as search engines in your browser. If you see one that looks utterly unfamiliar, simply delete it. In Firefox, go to the search box, click on the down arrow, then click “manage search engines” and delete from there. The procedure is a little different in Chrome. You click the control icon on the far righthand corner and go to settings, where you’ll see a control to manage search. The same procedure works in the newest versions of IE. If you’re running an old version, look for the pull-down arrow in the search box.  

Step Three: If Step Two doesn’t work, you should look at each infected browser. Get rid of your browsing history and be especially careful to delete all of your cookies. (If you don’t know how to delete cookies, search Google.) You might need to repeat this action. Next, close the browser and reboot your machine. That worked for me, and it cleaned up Firefox and IE 9. ( wants to sell you something, but it also offers good instructions on removing YellowMoxie from your browsers.)

Step Four: If you’re still having problems, delete the infected browser (Chrome or Firefox) via the Windows Control panel. (Start > Control Panel > Programs). Deleting IE is trickier; instead download a new version, or go to Control Panel > View Updates and remove the most recent update to IE, which is probably where the malware is lives. Then download a new version of the browser. In most cases, your bookmarks remain intact.