Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I've got the Google Redirect virus...

  • Please log in to reply
No replies to this topic

#1 Ein_2765


  • Members
  • 1 posts
  • Local time:05:10 AM

Posted 30 December 2010 - 01:01 PM

I actually hadn't heard of this particular virus before I actually got it myself. Doesn't seem like a particularly useful virus.

Anyways, I've had this thing for about a week now (it has affected both Firefox and Safari, but not Safari won't open anymore). Hasn't been that much of a problem (I simply either copy and paste the site url, or open the link twice to get it to work), but as I just got a new computer (the one that I'm currently on, which has the virus, is a loner) I want to make sure that the virus is isolated to this computer and has not affect my network.

The redirects always happen on Wikipedia links, but not so prevalent on other sites (I don't think its affect any anti-virus websites except for maybe one or two times). The virus also affects Yahoo, and not just Google. Sometime the links work, sometimes they don't.

One of the weird things that has happened in Firefox 3.6.13 is that it no longer adds new sites to the drop-down url menu (the place where previous sites I have gone to are sorted by the frequency of visits). Ever since I got the virus, no new sites have been added. I also keep getting logged out of my various accounts (like Google, Facebook, and Youtube) whenever I close and restart my browsers.

Microsoft Security Essentials also shuts completely off after every 3 or 4 restarts (even if it is a clean turn-off, and not a manual by-the-power-button boot). Every now and then I get a warning saying MSE has found a trojan, but it never solves anything.

I've checked my DNS settings and it still says "Obtain DNS server address automatically", so I don't think the problem is with that.

Here's a couple samples of the virus sites I've been redirected to:

I also sometimes get links to media/Java sites that open up Windows Media Player without my permission (I'm running XP). Never actually watched the files, though. I think I've also gotten application pop-ups to run or install a program, but I've always clicked no. I've also been redirected to sites that say I have viruses on my computer, or it wants to run a malware scans, but those have always just been in the browser, so I just close the tab. Don't have any links for those, though. Sorry.

So I guess I just want to know how to get this off my computer, and to make sure it can't spread to my new one. I've run scans with both Malwarebytes and Microsoft Security Essentials, and even though it does find infected files (sometimes), it never seems to help. Ever since I got a virus back in late November (it was called XP Antispyware 2011 or Win HDD, I can't remember) it seems like my computer has been more susceptible to viruses. I think I even had another virus-like problem back around like December 15 or so, but I can't remember the specifics.

Sorry I went a little overboard with detail, but I just wanted to make sure you had all the necessary information.

Here were some infected files I just deleted from a Malwarebytes scan:

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\administrator\local settings\temporary internet files\Content.IE5\9HX5QFLR\knfmhlgl[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\D3S2SBUL\load[1].php (Trojan.Agent) -> Quarantined and deleted successfully.

EDIT: Here's another site I was redirected to:

Edited by Ein_2765, 30 December 2010 - 01:44 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users