Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Trojan


  • Please log in to reply
2 replies to this topic

#1 Kazinsal

Kazinsal

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 24 July 2010 - 05:04 AM

Hello, folks.

The other day, I was bombarded by AVG with seven infection reports of four trojans, two adware bits, and a virus. It claimed to have dealt with them, but here I am, two days later, still stuck with the wonderful Google redirect trojan. Yes, that wonderful trojan that redirects google search results to possibly malicious websites.

I have run two complete AVG scans, which fixed one virus. I have run Malwarebytes' Anti-Malware twice, one quick scan which claimed to lay waste to the trojans, and a full scan just now that didn't result in anything. I have also googled (heh) for possible fixes, and tried multiple system restores to up to a week ago. Nothing has worked so far. There is nothing hostile in my HOSTS file, and the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers node looks perfectly fine to me.

I'm heading off to bed now, but I'll be back in eight hours or so. I'm considering running a scan-through of HiJackThis to see if it can find anything dirty, but I doubt it.

I'm running Windows Vista SP2 and browsing using Google Chrome. The redirect trojan effects me in Firefox and Internet Explorer, too. I currently use the Google Public DNS to speed up response times (my ISP's DNS is a little... slow...), but it occurs on my ISP's DNS as well.

I'd appreciate any and all help I could get.

Thank you, and have a nice morning/day/evening/night.

--Troy

PS: I've noticed there are quite a few threads about the Google redirect trojan recently... Wonder what's been beating us all with it.

BC AdBot (Login to Remove)

 


#2 Kazinsal

Kazinsal
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 24 July 2010 - 02:43 PM

Sorry for the light bump, but I've found a few more things that look a little bit suspicious.

In HKCU\Software\Microsoft\Windows\CurrentVersion\Run, there is an entry for "ehTray.exe" pointing to "C:\Windows\ehome\ehtray.exe". Does anyone know if that's a confirmed bad file? I don't have any "eHome" software on my computer, nor anything of the sort in my system tray.

I'm still getting these annoying redirects.

Cheers,
--Troy

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 29 July 2010 - 12:32 AM

Try this:

http://support.kaspersky.com/viruses/solutions?qid=208280684
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users