What is CercaVoli?
Our cyber security experts have recently discovered and tested a program called CercaVoli. They have concluded that CercaVoli is potentially unwanted program (PUP) that you might want to remove from your PC because it simply does not work and because you can get it accidentally when installing bundled software. Furthermore, you cannot uninstall it from Control Panel, so you have to delete all of its files manually. For more information on this program, please read this whole article.
Where does CercaVoli come from?
The origins of this program are unknown, but researchers say that it was created by software developers in Italy and it was also intended for Italian-speaking users. Researchers say that this program used to be featured on a dedicated distribution website at Dealflightsfinder.com. However, this website is no longer online and it is unlikely that it ever will be. Still, this program is still being distributed. Researchers say that this program can come bundled with third-party software. The websites that feature bundled with this program are unknown and so are the programs that come bundled with CercaVoli. Researchers say that this program is distributed in Italy only as it was intended for the Italian user base from the very beginning.
What does CercaVoli do?
Malware analysts say that this program was supposed to provide its users with great plane flight deals, so it is likely that it was sort of an adware-type program. However, CercaVoli no longer works as its main server seems to be down. While you can get it accidentally via bundled installers, it will not work but run anyway and display an empty window.
The main reason researchers have classified this program as potentially unwanted is the fact that you cannot uninstall CercaVoli from Control Panel. Research has revealed that this program can drop its files into many locations on your PC. Its main files are cercaVoli.lnk, Wsis32, SysUrlHL.job and SysUrlHL. The list of locations where these files are located is presented below.
%PROGRAMFILES(x86)%\cercaVoli
%PROGRAMFILES%\cercaVoli
%USERPROFILE%\Desktop
%ALLUSERSPROFILE%\Start Menu\Programs\(Default)
%APPDATA%\Microsoft\Windows\Start Menu\Programs\(Default)
%USERPROFILE%\Microsoft\Windows\Start Menu\Programs\(Default)
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\(Default)
%ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\(Default)
%WINDIR%\Tasks
%WINDIR%\System32\Tasks
%WINDIR%\Tasks
%WINDIR%\System32\Tasks
Furthermore, CercaVoli creates two registry keys upon installation. These keys are HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SysUrlHL and HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SysUrlSH and you ought to delete them as well.
How do I remove CercaVoli?
CercaVoli is not a malicious application, but is an undesirable one as it does not do anything and you can get it accidently from a software bundle. You also cannot uninstall it from Control Panel so you ought to get rid of it manually as it will run on your PC constantly and waste your PC’s recourses. All of these traits tick the boxes of a potentially unwanted program. We have included a manual removal guide below.
Removal Guide
- Simultaneously press Windows+E keys.
- Type the following file paths in the File Explorer’s address bar and press Enter.
- %PROGRAMFILES(x86)%\cercaVoli
- %PROGRAMFILES%\cercaVoli
- Delete the contents of the cercaVoli folder.
- Then, typethe following file paths.
- %ALLUSERSPROFILE%\Start Menu\Programs\(Default)
- %APPDATA%\Microsoft\Windows\Start Menu\Programs\(Default)
- %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\(Default)
- %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\(Default)
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\(Default)
- Press Enter.
- Find and delete cercaVoli.lnk from the folders.
- Then typein the following file paths.
- %WINDIR%\Tasks
- %WINDIR%\System32\Tasks
- Find SysUrlSH and SysUrlSH.job and delete them.
- Finally, go to the desktop and delete cercaVoli.lnk
- Empty the Recycle Bin.
Delete the registry keys
- Simultaneously press Windows+R keys.
- Type regedit in the dialog box and press Enter.
- Go to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
- Locate SysUrlHL and SysUrlSH value strings and delete them.
tested removal of CercaVoli* 100% FREE spyware scan and
0 Comments.