The following instructions have been created to help you to get rid of "WhenU.Search.Desktoptoolbar" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
search.exe connects every 63seconds to a server from WhenU and loads searchfallback.exe

toolbar can be installed without users permission with bundled software

toolbar can attempt internetaccess without user consent
Supposed Functionality:
The WhenUSearch Desktop Toolbar provides immediate access to powerful Internet search and navigation functionality, while delivering contextually relevant text-based offers, discounts, and coupons.

Unlike traditional browser toolbars, WhenU's unique desktop toolbar allows you to have quick access to the Internet, search and email without ever opening a browser window.

Additionally, the contextual slider continuously presents you with non-intrusive text-links embedded within the toolbar as you continue to navigate the Internet.
Privacy Statement:
By downloading the WhenUSearch Toolbar ("the Toolbar"), you give permission to WhenU.com, Inc. ("WhenU") to display relevant contextual information and offers. The Toolbar selects which ads and offers to show you based on several factors, including: which webpages you visit, search terms you use while searching online, your local zip and/or country code, and content of the webpages you view. The Toolbar displays contextual ads and offers in the form of rotating text links accessible from within the application.

The Toolbar protects your privacy by uploading a database of content in small chunks to your desktop and then determining on your desktop whether to retrieve information from WhenU or third-party servers. To protect your privacy, the same database of content is sent to all desktops. Decisions regarding which advertising and offers to retrieve are processed on your computer desktop. In this way, WhenU is able to deliver to you relevant coupons, information and advertisements without establishing any profile about you (even anonymously) on WhenU servers.

Your privacy is also protected in the following manner:

1) Your personally-identifiable information is not required in order to use the Toolbar. WhenU does not know your individual identity and does not attempt to discern it in any way.

2) As you surf the Internet, your "clickstream data" (i.e. a log of all the sites you visit) is not transmitted to WhenU or any third party server. (Although impressions and click-throughs that contain indicia of browsing activity are transmitted each time an ad is served, as described below, these communications are never linked to personally identifiable information and are otherwise carefully designed to protect your privacy.)

3) WhenU does not assemble any personally-identifiable browsing profiles of you or your individual machine.

4) WhenU does not assemble any anonymous machine-identifiable browsing profile of you or your machine.

5) WhenU does not track which ads and offers you see as an individual user all of our analysis and tracking of ads is done in the aggregate.

The Toolbar does send back certain information from your desktop in order to count the number of users in our network and optimize the performance and relevancy of the ads. For example, when an offer is displayed to you in the Toolbar and you click on such an offer, the Toolbar sends WhenU a communication that may include information about the webpage you were viewing before you saw or clicked on a particular ad. WhenU has intentionally designed these communications back to WhenU to be highly protective of user privacy, in the following ways:

(a) Each individual desktop is assigned an anonymous, unique machine ID. This machine ID is used only to enable WhenU to count unique, active desktops in the network. The machine ID is not used to determine which ads to serve individual users or to create browsing profiles of users.

(b) When ads are requested and/or displayed by the Toolbar, impressions and click-throughs, including the factor (e.g., the URL, the keyword, or the search term, or some combination thereof) that caused the ad to be displayed are reported to WhenU. Because the Toolbar's advanced functionality is designed to display ads whenever contextually-relevant activity is detected, a continuous series of impressions and click-throughs may be transmitted to WhenU.com's servers as you surf the Internet. To protect your privacy and prevent WhenU or any third party from assembling individual user profiles or knowing which Web sites you visit, your unique machine ID is intentionally excluded from any communications sent back to WhenU that may include a URL or such other browsing-specific information.
Removal Instructions:

Start Menu:

Please remove the following items from your start menu.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.
  • Items named "WhenUSearch Desktop Toolbar.lnk" and pointing to "<$PROGRAMFILES>\WhenUSearch\whse.exe".

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "WhenUSearchWHSE".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
  • Products that have a key or property named "WhenUSearch".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$COMMONDESKTOP>\Toolbar.lnk".
  • The file at "<$PROGRAMFILES>\VVSN\vvsn.cfg".
  • The file at "<$PROGRAMFILES>\VVSN\VVSN.exe".
  • A file with an unknown location named "SAVE-WHSEInst.exe".
  • A file with an unknown location named "VVSN.exe".
  • A file with an unknown location named "searchupdate.exe".
  • A file with an unknown location named "VVSN_WHSE1104Inst.exe".
Make sure you set your file manager to display hidden and system files. If WhenU.Search.Desktoptoolbar uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMS>\WhenUSearch".
Make sure you set your file manager to display hidden and system files. If WhenU.Search.Desktoptoolbar uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.