Trojan:Win32/Medfos.B

The Trojan:Win32/Medfos.B Trojan was first detected in late March of 2012 and constitutes a severe threat to an infected computer system. The main payload of Trojan:Win32/Medfos.B involves taking over the victim's web browser, in particular Internet Explorer and Mozilla Firefox, and redirecting its traffic to particular websites. Trojan:Win32/Medfos.B is a malware infection known as a browser hijacker because of this. Criminals use browser hijackers for a variety of purposes; Trojan:Win32/Medfos.B in particular is used to direct computer users to various pay per click advertising websites. These are basically websites that contain numerous links and advertisements that generate revenue for their creators whenever a particular link or advertisement is linked.Trojan:Win32/Medfos.B is designed to direct computer users to any of the following pay per click advertising web pages: theppcfeed.com, marketingppcfeed.com, googleppcfeed.com, livefeedstream.com, highfeedstream.com, payviaclick.com or ppcstream.com. All of these websites seem to have been set up exclusively to take advantage of browser hijacker infections. If you find that your web browser is directing you to any of these websites over and over again, this is a categorical sign of a Trojan:Win32/Medfos.B Trojan infection. This requires immediate action and removal with a reliable anti-virus application.

How Trojan:Win32/Medfos.B Attacks a Computer System

Trojan:Win32/Medfos.B is installed with other malware in the Medfos family and is present as a Dynamic Link Library, or DLL, file located in the TEMP folder. As part of its installation process, Trojan:Win32/Medfos.B makes changes to the Windows Registry so that it will load the malicious DLL file automatically whenever Windows starts up. The main payload of Trojan:Win32/Medfos.B involves taking over Internet Explorer and Mozilla Firefox. Basically, Trojan:Win32/Medfos.B waits until the victim carries out an online search and then redirects the results to one of the websites listed above.

Trojan:Win32/Medfos.B can cause redirects after the victim entered search terms into a search engine or after entering a web address into the navigation bar. To take over Mozilla Firefox, Trojan:Win32/Medfos.B installs a malicious extension or plug-in for this web browser. This add-on will show up as "Translate This! 2.0" and carries out the same types of redirects as in Internet Explorer. Attempts to remove this add-on through normal means will result in "Translate This! 2.0" being reinstalled automatically or in an application crash. To remove this malicious add-on, Trojan:Win32/Medfos.B must be removed with a reliable anti-malware program.