Posted 20 November 2011 - 04:37 PM
Update: The topic's name should say "get-answers-fast.com" and not "find-answers-fast.com". Typo on my part.
For any of you who have recently had exposure to a Google Redirect hijack, which redirects you to h t tp://find-answers-fast.com/ through a loop back interface to either 0.0.0.0:80 or 127.0.0.1:80, how did you remove the hijack?
This is not your grandpa's Google Redirect hijack, this one cannot be detected by ANY malware scanning application available at this time.
I've found that it accomplishes this through replacing the GoogleUpdate.exe file with a downloader trojan and continually injects malware onto your computer.
The annoying part about this hijack is that removing the routes and tunneling changes is rather cumbersome.
I've cleaned it out completely by keeping my eye on the firewall logs to see what it was doing. Has anyone had experience with this?
EDIT: Link to deceptive website deactivated to prevent anyone from inadvertently getting infected. Please do not visit that site without adequate malware protection enabled.~ Animal