Google Search Hijack and Redirected to Unwanted sites


These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used.

This happens when the system is infected with any of these variants; Trojan Win32/Daonol.A/B, Trojan.JSRedir/Trojan.Gumblar, Win32.Alureon, Win32.Olmarik, Trojan.generic, TDSS rootkits, Backdoor.Tidserv!.inf.

Some variants of TDSS rootkit TDL3 also patched system drivers e.g., iaStor.sys, atapi.sys, iastorv.sys, cdrom.sys etc.

ISSUES:
* clicking on the link of a Google search result redirects to random sites.
* disabled utilities such as cmd and regedit, or running cmd or regedit command may reset Explorer.
* error popup message “DCOM server protocol launcher server terminated”.

SOLUTION:
Older variants that hijack the valuedata of the HKLMsoftwaremicrosoftwindows ntcurrentversiondrivers32 key like Trojan.JSRedir, Daonol and Gumblar are easily removed using MalwareBytes, but recent ones, especially variant of TDSS/TDL3 that MBAM fails to remove can be taken care of using TDSSKiller, so I suggest you go straight for TDSSKiller.

Download TDSSKiller , extract and run the TDSSKiller.exe

Additional info on how to remove malware belonging to the family of Rootkit.Win32.TDSS
http://support.kaspersky.com/viruses/solutions?qid=208280684

FireFox Only Hijacker:

Google Search redirects that affect only Firefox browser but NOT Internet Explorer.
Other hijackers are only targeting Firefox browser. Searches are redirected via domains e.g., resultsad2.doubleclicker.net, goored, zfsearch.com and goougly.com, googlesearchserver.net, 66.230.188.* and others displaying unwanted search results. Some of these variants may target Chrome as well.

SOLUTION:
Thanks to malware Expert/Developer jpshortstuff for creating a tool that handles this infection.
Just download GooredFix.exe to your Desktop. Make sure all Firefox windows are closed then double-click the executable or right-click and “Run As Administrator” in Vista.

If the problem persists, use ComboFix, and ask a question in the Virus & Spyware sub-zones and attached the ComboFix log, as there are other infections that also caused search engine redirects.

Recently, there’s an infection doing the rounds patching either one of these files “ws2_32.dll” and “user32.dll” where you need to replace the file to stop the redirects.

Leave a Reply

Your email address will not be published.