• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Malware that hijacks google searches

yhelothar

yhelothar

Lifer
This is the first of it's kind I've come across. The malware strikes when I click on a result from a google search, and instead of taking me to the link i clicked from google search results, it'll redirect me through a series of links to their own search.

The redirect starts with a link with the domain moresearch.com

I'm running the latest firefox. I tried looking through all the add-ons, extensions, about:config, registry, and I'm not finding anything related to moresearch.com

Is there a way to reset the firefox browser?
 
astroidea said:
This is the first of it's kind I've come across. The malware strikes when I click on a result from a google search, and instead of taking me to the link i clicked from google search results, it'll redirect me through a series of links to their own search.

The redirect starts with a link with the domain moresearch.com

I'm running the latest firefox. I tried looking through all the add-ons, extensions, about:config, registry, and I'm not finding anything related to moresearch.com

Is there a way to reset the firefox browser?
Click to expand...

Maybe this is the case: http://www.google.com/support/forum/p/Web+Search/thread?tid=6df7e15519290612&hl=en

Follow the instructions and good luck! Basically use some malware removal tool from the suggested ones.
 
Did you tried anything yet? My suggestion is Avira AntiVir Personal. Install the antivirus and max out the scanning settings (including heuristics). Start Windows in safe mode, launch AntiVir and run a full computer scan.

And don't forget... keep us updated!
 
Check to see if you have a new proxy server selected. I've seen malware act as a local proxy server that will hijack searches.
 
My 9 yr old nephew's machine got this same (or similar) malware last month. His parents only occasionally hook his machine up to the 'net, primarily for updates, game patches or whatnot. He uses it mostly for gaming.

I spent most of a day on it, running deep scans with MSE and SUPERAntiSpyware and some other tools. Nothing major came up. HijackThis didn't reveal anything after cleaning, and it seemed fixed for a couple of hours, but damn...it just came right back. Figured it hid something buried in the registry, but didn't have more time to investigate, so I dropped an image...that only took 15 minutes, plus about 45 minutes for Windows Update, then created a new image.

Sometimes, nuking the box is the most efficient use of my time.
 
My experience was almost exactly the same. Nothing obvious could be found/detected, and re-image was needed to fix.
 
It is a rootkit virus. You can't use typical malware scanners to find it because it is loaded as part of the I/O drivers. Anything that attempts to read from the hard drive gets passed to the malware and the malware returns an 'ok, everything is fine' to the scanner. When it wants to run its own code it can run it because it has control of all the hard drive traffic. It is like asking a robber to check if any money is missing from your wallet.
http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top