Google Redirect Virus Description
The Google Redirect Virus has been around for quite some time and is known by many aliases, although, the primary behavior remains constant. Basically, the Google Redirect Virus plays tricks on the minds of PC users who desire Google web searches by randomly redirecting them to malicious web pages or search engines.
Any form of the Google Redirect Virus is dangerous due to the malicious commands it executes and the stealth programming techniques used to hide its files from prying eyes and anti-virus software radars. Malware such as the Google Redirect Virus may come bundled and cloaked inside a legitimate download of freeware, shareware, or a codec needed to view a movie. Plug-ins are another form of deceptive transport that exploits PC users' ignorance to Internet security, since many blindly click without knowing the origin.
Google Redirect Virus's main goal is to hijack your web browser and redirect it to malicious websites, including but not restricted to: Search.babylon.com, scour.com, blinkx.com, Worldslife.com, Blendersearch.com, Bodisparking.com, coolsearchserver.com, webplains.net, find-fast-answers.com, search-netsite.com, toseeka.com, AboutBlank, La.vuwl.com, 10-directory.com, 22.214.171.124, 126.96.36.199, 7search.com, adorika.com, adf.ly, admarketplace.com, alive-finder.com, alltheservices.com, articlemule.org, asklots.com, ave99.com, b00kmarks.com, background-sleuth.net, bargainmatch.com, beoo.com, bestdiscountinsurance.com, bestsearchpage.com, bestclicksnow.com, bestmarkstore.com, bestwebchoices.com, bestwebsearch.com, bidsystem.com, secure.bidvertiser.com, britewallet.com, budgetmatch.net, buzzclick.com, celebrity-gossip.net, cheapstuff.com, citysearch.com, clicksor.com (Clicksor), clkads.com, feed.clickbizz.com, comparedby.us, comparestores.net, couponmountain.com, digitaltrends.com, easilyfindlocal.com, everythinghere.com, evoplus.com, expandsearchanswers.com (expand search answers), fastfinder.com, feedsmixer.org (starFeedsMixer), find-quick-results.com, FilesCup.com (FilesCup), findexmark.com, find-answers-fast.com, Zinkwink.com, us-srch-system.com, finditreport.com, findology.com, finderquery.com, findstuff.com, flurrysearch.com, forless.com, gimmeanswers.org, glimpse.com, google-redirect.com, googlesearchserver.net, get-search-results.com, goingonearth.com, goodsearch.com, gomeo.co.uk, gossipcenter.com, gquestionnaire.com, greatsearchserver.com, greenluo.com, grooveswish.com, guide2faucets.com, happili.com, HelloLocal.com, hyperpromote.com, informationgetter.com, inruo.com, jerseyscatalog.com, juggle.com, k100searches.com, YouPorn, liutilities.com, livejasmin.com (creative.livejasmin.com popups), local-search-pages.com, localpages.com, localsearchbug.com, lowpriceshopper.com, manufacturersdirectory.com, multifind24.com, mybestclick.net, mycustomsearch.cn, mydealchoices.com, mydealmatch.com, mylocalhero.com, neatsales.com, neatsearchserver.com (neat search server ZeroAccess rootkit), netsearchfinder.com, netshoppers.com, nexplore.com, privacycheck.ru, Pulse360.com, qooqle.com, questyes.com, quick-search-results.com, quick-suggest.com, redirectsite.net, results5.google.com, safecompare.com, saveandcoupon.com, savecompare.com, savingwithads.com, scoursearch.net, search-redirector.com, searchforall.info, searching4all.com, search-results.com (int.search-results.com), searchbacon.com, searchdiscovered.com, searchqu.com, searchqualitysites.com, searchnext.com, searchspice.com, shopcompare.net, shopcompareus.com, shopfinded.com, shopica.com, shopica.com/search, shopzilla.com, socialsurvey2011.info, Social Search Redirect, Search-netsite.com, kitchenrenopages.com, kingtopsearch.net, kiseek.com, lawyerinsight.org, letsbuystuff.com, njksearc.net, qooqlle.com, Storeordersonline.com, somesearchsystem.com, startnow.com, startsearcher.com, supersearchserver.com, TabDiscover.com, tazinga.com (tazinga!), theifinder.com, Thewebtimes.com, Marveloussearchsystem.com, merchantsnearby.com, monstermarketplace.com, mooter.com, TheTop10.com, tubedownloader.com, theyellowpages.com, theyellowpagez.com, topdaodrugs.com, tubedownloader.com, Therelatedsearch.com, unblock-us.com, valueapproved.com, vshare.toolbarhome.com (vShare), vehiclefind24.com, whatcarefreefeelslike.com,weeklycontestwinner.org, weeklyusa-winner.com, webshoppinghelper.com, webresults6.org, yellowmoxie.com, search.yellowise.com, ylwbook.addresses.com, youfindmore.com and Zwankysearch.com.
Not all malware announces its presence, but unless you changed your own host file, you can be certain you have a browser hijacker or Google Redirect Virus when your search requests forcibly routes you to unwanted websites. Cybercriminals create malware to multi-task and achieve one or more payloads. The foreign websites may include links that yield cybercrooks unearned pay-per-click (PPC) residuals or might help promote a rogue security program.
Google Redirect Virus has rootkit characteristics meaning it may go undetected from many applications. Google Redirect Virus can be said to be very similar to the parasites and fake security applications known as Backdoor.Tidserv, Alureon, Windows Necessary Firewall and even Fast Windows Antivirus 2011.
Malware exploits vulnerabilities found in software or hardware or takes advantage of human behavior and the ignorance of executing Internet security practices. So if you or someone using your PC indulged in one of the following, it could explain how your PC got infected with the Google Redirect Virus.
- You took your chances and decided against installing a reputable anti-malware tool.
- You installed an anti-malware tool but got comfortable and did not renew it.
- You were drawn into clicking on a dubious link of some online suicide or
- You were spammed because you didn't verify the source of that email attachment or link from
your family or friend, whose accounts was hijacked by a cybercriminal.
- You love the word free and pirated music or movies.
- You love freeware and shareware and downloaded an infectious codec to view a movie or video.
- You love visiting porn sites, gaming sites or warez ones and got infected.
To combat malware short and long-term is to understand its structure and malicious intent. Below is a general outline of what is in store for PCs housing the Google Redirect Virus:
- Trojan gains deceptive entry by exploiting vulnerabilities in hardware, software or good ole human behavior and weak Internet security practices.
- Modifies system registry and makes an entry so that its random named executable (done to keep the Internet security community guessing) is run at every boot.
- Drops a .TMP file in your temporary folder and this file installs other malicious components.
- The .TMP file (randomly named) will register itself as a legitimate service (thus bypassing your firewall and eluding AVG efforts) by copying a legitimate .dll file and infusing it with its poisonous script to load its malicious .TMP file.
- It then exploits vulnerabilities in Microsoft Windows DLL listing by adding the 'modified' .dll file and having it loaded into memory along with the other 'legitimate' ones.
- Once loaded, the venomous .TMP file creates a randomly named file in your 'driver' folder (usually with the .sys extension). This random file is the component that hides all its malicious files and programs from prying eyes (yours and AVG radar).
- Once the random .sys file is deployed, it drops a .dll file in your 'system' folder and this file is then injected into the SVCHOST executable, which downloads more malicious components from the Internet. It is these configuration files that help a hacker do the following:
a. Perform HTTP transfers (i.e. to send or receive new transmissions)
b. Display or trigger pop-up adverts
c. Inhibit programs or applications from running, especially those threatening malicious attacks.
d. Set command delay
e. Order DNS attacks
f. Spoof email accounts and spam persons on contact list
g. Download other malicious programs such as:
i. Trojan keylogger = steal vital data out of cache or directly off-web based forms
ii. Trojan backdoor = exploit remote assistance tool to secretly make use of your PC
iii. Trojan hijacker = change your host files and redirect web searches to malicious or unwanted websites
iv. Trojan dropper = drop more malicious components or programs in your PC
In addition to the Google Redirect Virus hijacking your browser, your system may become impaired, and you might notice the following:
- Keyboard malfunctioning
- Windows will unexpectedly requests reactivation of drivers
- System runs slow or freezes up
- Applications do not run properly
- Homepage changed or browser redirects you to unwanted websites
- Icons added or missing and hardware or drivers inoperable
The longer you allow the Google Redirect Virus to fester, the bigger the risk or threat to your data and system, as these malicious programs use a lot of resource and could cause a system crash.
However, don't be surprised if you are assaulted by pop-ups adverts or scary alerts and fake warnings, or if a slick-looking interface appears out of nowhere and runs an unauthorized scan. This is the typical behavior of a rogue security program, a well-used scam used to scare PC users into blindly handing over their credit card and bank routing number to buy a useless piece of software. Never trust any program that self-loads, runs an unauthorized scan or hijacks your browser.
Don't waste time and don't let some hacker steal your personal information. Fight fire with fire by using a reliable anti-malware tool that is capable of digging into the root of your system and finding all traces of the Google Redirect Virus.
In the interim, disconnect your Internet to stop any new transmissions of data to some remote server. Get to a malware-free PC and change your logins and security credentials for your online accounts.
Infected with Google Redirect Virus? Scan Your PCDownload SpyHunter's Spyware Scanner
to Detect Google Redirect Virus * SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.
Security Doesn't Let You Download SpyHunter or Access the Internet?
Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.
Screenshots & Other Imagery
File System Details
|#||File Name||Size||MD5||Detection Count|
|1||%LOCALAPPDATA%\AIM Toolbar\[RANDOM CHARACTERS].dll||96|
|6||%USERPROFILE%\Local Settings\Application Data\Conduit\Babylon\xriotabb.dll||485,376||2a69d434d9d6d6d120fc39a190ca00d3||78|
|12||%APPDATA%\Bitrix Security\[RANDOM CHARACTERS].dll||21|
|26||C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll||N/A|