Search engine redirects and script errors

Did you recently remove a fake defragmenter program from your PC, but you're continuing to experience search engine redirects and script errors? If so, you're not alone; recently, there have been frequent reports of these ongoing issues, which are associated with a specific family of rogue disk defragmenting applications. Fortunately, the malware that causes the search engine redirects and script errors can be removed.

The Reason for Ongoing Search Engine Redirects and Script Errors

Usually, when you remove a fake security program from your computer, whichever anti-virus program you use will clean out anything associated with that fake security program. However, if you choose to remove the threat manually, or you use a security program without up-to-date threat definitions, some malware may be left behind. In the case of these "Script errors" windows and search engine hijacks, what happens is that the fake disk defragmenter is removed, but the rootkit that comes bundled with it is left behind. This is an especially common problem with the fake system optimization program Windows Restore, although cases have been reported with other rogue disk defragmenters. Although the malware in this family of fake optimization tools does not always come bundled with a rootkit, it appears to be the case that recently – as of mid-April 2011 – Windows Restore comes with a rootkit almost universally. This makes the Windows Restore infection both more dangerous and more difficult to remove, compared to a malware infection that only involves a fake security program.

How and When Windows Restore Symptoms Appear

If the rootkit installed alongside Windows Restore is not removed, you will continue to see search engine redirects and more general browser redirection. So, for example, if you go to Google and run a search, you will get an ordinary-looking list of results; however, if you click on any of the links in the search results, you will be taken to a site that is completely different and unrelated to the link. The sites you are taken to may contain advertisements, promote fake security tool, or be otherwise malicious. Also, if you attempt to visit a website relating to an anti-virus product or malware removal support, you will be redirected even if you type in the site's address directly.

The script errors generated by the rootkit are definitely stranger and more distressing than the browser redirection, because they are evidence that your computer is doing something on its own, outside of your control. What happens is that while you are using Windows, you can hear sounds that go along with advertisements, although no advertisements are displayed. You'll see pop-up error windows from Internet Explorer that say "Script errors" – disregarding if Internet Explorer is or is not your default browser and you weren't attempting to view anything online. These script errors are associated with web-based advertisements, which Internet Explorer is apparently trying to open on its own, only to fail because the scripts on the ad pages stop running. That is why you get the pop-up from Internet Explorer, and why it asks you if you want to continue running scripts on the page. All of this can happen anytime, and you do not have to have your web browser open in order to hear the ad audio or see the script error messages.

When a rootkit is present on your computer, it is important to remove the malware as quickly as possible. Rootkits give other people administrator-level access to your PC, and that means that they can gain access to everything you do on your computer. The search engine redirects and script error alerts will only stop once the rootkit has been removed.