Documente Academic
Documente Profesional
Documente Cultură
SUPERAntiSpyware
Ad-Aware
Windows Defender
Spybot S&D
If the above malware scanners do not find any malware or can not clear it, you should consider
posting in one of these forums for specialized malware removal help:
http://forums.spybot.info/
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://www.bleepingcomputer.com/forums/
http://www.spywareinfoforum.com/
I guess I had this rootkit too. I used a tool called tdsskiller and I think it did the trick. Now I can
use Google without these annoying redirects. I also found the removal instructions given at
http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html to be very useful.
http://www.bleepingcomputer.com/forums/t/405/antivirus-antimalware-and-antispywareresources/
Thanks a lot for your removal instruction page, it solved the problem! The program ComboFix did
most of the work. Thanks so much, I've had to put up with the virus for weeks, and now I can
finally search redirect free :)
was gone but it always came back! If you want to kill this thing for good, combofix is the only
thing that removes ALL of the infected elements. Combofix takes a long time to run (circa 30
min?) and requires some user input and also messes with your system settings a little but it is
VERY thorough and it does work and best of all, it's free.
I had lots of aggro with this.... I used malawarebytes, the standard search did not uncover the
cause but instigated a full search and it found an additional 6 trojan and odd malaware
oddments.... cleared all and ... Eureka... sorted.
This Google Redirect affects Yahoo Search as well. No Malware or Virus scans will find it
because it is installed as an Add On in Firefox tools menu. Go to your Add Ons in the tool menu,
scroll down untill you find "Google Update" and disable it. I don't know how this was download
onto our computer but this ended the redirects using the search bar in the Firefox browser. Matt
1.) Click on start, run, type in cmd press enter, type in ipconfig /flushdns press enter 2.) You need
to check your Host file and lmHost file for domain entries if you see thousands of entries remove
them. You will know them when you see them because your list will be HUGE! You will see
THOUSANDS of domain entries in there. 3.) Next open the registry and go to these 2 hives.
HKEY_LOCAL_MACHINE &
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains delete everything except microsoft.com 4.) Next go to the Key P3P 2
folders up and delete the history entries. That will be all of the places you have been redirected
to. You will see HUNDREDS to thousands of redirect domain entries! If you can replace the
entire KEY on both Hives that would be better!!! 5.) You also need to check many other small
things however these are the major identifiers. 6.) The reason why Virus scans and Spyware
programs cant find the so called Virus. Because it is not one! Scanning the registry is pointless
because those new registry KEY's are legit KEY's. Think of it as you have a Google or Yahoo or
Bing search bar in your browser. Lets say you change the default search to a porn site. Is there
anything wrong with your browser or default search engine? No! All spyware will scan past this
because people have different search engines. It took me a month and a half to figure this out
and I just happen to stumble upon the answer! 7.) I dont know how the registry entries were
changed so be alert that you might catch this annoying issue again! 8.) If you can get another
PC, get the registry KEY for I.E, it must be the same version and import the new entire KEY. That
is the course of action I took.
Guys, here is the removal for the redirect virus. You will know this is your solution beyond the
shadow of a doubt once you see where all of those annoying redirects are hiding at. Having
some experience with the registry is very helpful. If you dont have any find somebody who does,
backup your registry entries before making any changes and this info is for information purpose.
1.) Click on start, run, type in cmd press enter, type in ipconfig /flushdns press enter 2.) You need
to check your Host file and lmHost file for domain entries if you see thousands of entries remove
them. You will know them when you see them because your list will be HUGE! You will see
THOUSANDS of domain entries in there. 3.) Next open the registry and go to these 2 hives.
HKEY_LOCAL_MACHINE &
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains delete everything except microsoft.com 4.) Next go to the Key P3P 2
folders up and delete the history entries. That will be all of the places you have been redirected
to. You will see HUNDREDS to thousands of redirect domain entries! If you can replace the
entire KEY on both Hives that would be better!!! 5.) You also need to check many other small
things however these are the major identifiers. 6.) The reason why Virus scans and Spyware
programs cant find the so called Virus. Because it is not one! Scanning the registry is pointless
because those new registry KEY's are legit KEY's. Think of it as you have a Google or Yahoo or
Bing search bar in your browser. Lets say you change the default search to a porn site. Is there
anything wrong with your browser or default search engine? No! All spyware will scan past this
because people have different search engines. It took me a month and a half to figure this out
and I just happen to stumble upon the answer! 7.) I dont know how the registry entries were
changed so be alert that you might catch this annoying issue again! 8.) If you can get another
PC, get the registry KEY for I.E, it must be the same version and import the new entire KEY. That
is the course of action I took.
Prior to my redirects with Google. Zone Alarm alerted me that a program. Bullet Storm wanted
access to the internet. I denied access and soon after Norton AV notified me that a program
called Tracor was trying to access my computer. Firefox quit connecting to the internet at this
point. I ran a full scan with Norton AV. Nothing was found. I tried a couple of the spyware and
malware programs to look around and nothing was found. Firefox would work only when I gave
the go ahead with Zone Alarm for that Bullet Storm program. I used Norton Power Eraser and it
found a program called muzaf123 and a couple of other things. I cleared out those problems with
the Norton Power Eraser program. Firefox worked fine after this. I believe I've cut off the
communication with the virus program and to who ever out on the internet. Now I only get
Google redirects on the first click and it can be stopped by going to Help on FF and clicking the
Restart with add-ons disabled. So something is still affecting FF.
c) Uncheck the checkbox under Proxy server option and click OK.
c) The hosts file should look the same as in the image below. There
should be only one line: 127.0.0.1 localhost in Windows XP and 127.0.0.1
localhost ::1 in Windows Vista. If there are more, then remove them and
save changes. Read more about Windows Hosts file
here: http://support.microsoft.com/kb/972034
to the Factory Default Settings. Then you should flush DNS cache:
1. Go to Start->Run (or WinKey+R) and type in "cmd" without quotes.
2. In a new window please type "ipconfig /flushdns" without quotes and hit
Enter. And that's it!
Share182
Posted by Admin at 5:30 PM
Labels: Trojans
202 comments:
1 200 of 202 Newer Newest
Anonymous said...
Thanks; I have been looking ofr quite some time now for soultions.
your info seems to be the best out there-- straight forward with direct
download links. It's my turn to now try it all out.
Anonymous said...
This worked! Thanks for the solution and the clarity of presentation.
Deeply grateful.
February 7, 2010 at 5:38 AM
Anonymous said...
Thanks
the description and step are clear and help me
get ride of my google redirect
thanks a lot
February 12, 2010 at 10:34 PM
Admin said...
You are welcome!
February 13, 2010 at 3:52 AM
Anonymous said...
Hi. I've had the Google redirect virus lately as well, however, mine is
on mozilla firefox. If you have instructions relevant to mozilla, I'll be
really grateful!! Thank you in advance.
February 13, 2010 at 9:41 PM
Admin said...
Yes, I think I will have to include Mozilla Firefox in this tutorial too.
Meanwhile, you can still complete these steps:
2. Make sure that DNS settings are not changed
3. Check Windows HOSTS file
5. Use TDSSKiller tool to remove malware belonging to the family
Rootkit.Win32.TDSS
6. Scan your computer with legitimate anti-malware software
(ComboFix)
Anonymous said...
i havent even the problem and was impressed with the solution might
try it myself JUST to be sure :-)
February 28, 2010 at 6:33 AM
Anonymous said...
i got up to the part about add ons but i dont know which one is
considered to be suspicious. I also scanned my computer twice with
updated versions of malewarebytes and avast. They found the
trojans but i still get redirected.
February 28, 2010 at 9:27 AM
Anonymous said...
Win XP: I did everything as per the very well written instructions. The
TDSSKiller found nothing, ComboFix found nothing, CCCleaner
picked up some trash. But, the redirecting fro what appears to be
google still persists.
From start/Run, I enter "www.Google.com". It puts me into Google,
but the Google name image is standard. However, when I do the
same on an uninfected computer, the Google name image is a
special graphic; not the standard. Could this mean that even before
the redirection, I've been captured by the virus on the first PC?
I have spent hours using MalwareBytes, ComboFix, Hitman, AVG,
and CCCleaner to no avail. They all claim the computer is clean, yet
the redirecting behavior still persists.
- Jim
March 4, 2010 at 7:36 PM
Anonymous said...
I noticed a difference between an infected computer and a noninfected computer. When I go into a DOS command window and
perform a ">ping http://www.google.com/", my non-infected computer
resolves and completes the ping successfully; while the infected
computer fails to resolve the url.
On my non-infected computer, the AVG link icons show up by each
google search result item; while on the infected pc, the icons neve
show up (and they used to)
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
This Malware program Seems to have taken the virus out.
This is what was found in the register and deleted.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value:
bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Associations\bak_Application (Hijacker.Application) -> Value:
bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl ->
Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1)
Good: (0) -> Quarantined and deleted successfully.
Thanks to all whom posted.
http://deletemalware.blogspot.in/2010/02/remove-google-redirect-virus.html
AdBlock
Adblock stops pop-up adds from showing up on your computer.
1. Go to the Chrome web store (type in Chrome web store in your omnibox/address bar).
2. In the search box in the top left type in Adblock
3. Click Add to Chrome
ScriptSafe
ScriptSafe will allow you to choose which scripts you want to trust and which you don't. This will
ensure only the script of the site you're looking at will run.
1. Go to the Chrome web store (type in Chrome web store in your omnibox/address bar).
2. In the search box in the top left of the Chrome web store type in ScriptSafe.
3. Click Add to Chrome
*Mobile Devices*
sugaki said:
I spent the whole day downloading different malware removers, none of them worked (though they did
kill some trojans that I didn't know were in my computer, whew).
I FINALLY fixed the problem.
My search results in google chrome kept getting redirected to go.go-search.net.
Uninstalling/reinstalling Google Chrome did nothing. Deleting old cache, history, cookies has nothing
to do with redirects because those aren't infections. Mozilla Firefox didn't have the same problem, so I
knew it was a Chrome-specific infection. I tried Gmer, Hitman Pro, Avast, Spybot, Ad-aware,
Malwarebytes, Kapersky's TDSS rootkit remover (found nothing), Kapersky's virus remover,
ComboFix (didn't work on 64-bit Windows 7)... and none of those worked.
The problem it turns out is that Google Chrome doesn't completely uninstall when you uninstall. So
what you need to do is:
a) Uninstall Google Chrome
b) go to C:\Users\USERNAME\AppData\Local\ and find the Google directory. This contains
Googleupdate.exe and some other junk. Delete this whole folder. For "USERNAME" put your own
name. I only found one instance of a google directory, but you might want to search for any other
google-related folders and delete those too.
c) I also went and deleted every single instance of Google Chrome in the Windows registry manually. I
doubt this did the trick, but not sure because I did this along with b) before testing it. Personally I think
the culprit was an infected Googleupdate file.
d) Reinstall Google Chrome
With a clean install of Chrome, the browser is working normally again, good grief!
sugaki said:
I spent the whole day downloading different malware removers, none of them worked (though they did
kill some trojans that I didn't know were in my computer, whew).
I FINALLY fixed the problem.
My search results in google chrome kept getting redirected to go.go-search.net.
Uninstalling/reinstalling Google Chrome did nothing. Deleting old cache, history, cookies has nothing
to do with redirects because those aren't infections. Mozilla Firefox didn't have the same problem, so I
knew it was a Chrome-specific infection. I tried Gmer, Hitman Pro, Avast, Spybot, Ad-aware,
Malwarebytes, Kapersky's TDSS rootkit remover (found nothing), Kapersky's virus remover,
ComboFix (didn't work on 64-bit Windows 7)... and none of those worked.
The problem it turns out is that Google Chrome doesn't completely uninstall when you uninstall. So
what you need to do is:
a) Uninstall Google Chrome
b) go to C:\Users\USERNAME\AppData\Local\ and find the Google directory. This contains
Googleupdate.exe and some other junk. Delete this whole folder. For "USERNAME" put your own
name. I only found one instance of a google directory, but you might want to search for any other
google-related folders and delete those too.
c) I also went and deleted every single instance of Google Chrome in the Windows registry manually. I
doubt this did the trick, but not sure because I did this along with b) before testing it. Personally I think
the culprit was an infected Googleupdate file.
d) Reinstall Google Chrome
With a clean install of Chrome, the browser is working normally again, good grief!
Hope this helps...
Otherwise these are great sites for scanning.
http://housecall.trendmicro.com/uk/
http://www.bitdefender.com/scan8/ie.html
Kaspersky Labs has created a removal tool called TDSSKiller to remove the Google
Redirect Virus. Follow these steps to download and run it. In some cases, you may
have to run it in Safe Mode with Networking to remove it.
1) Download TDSSKiller, unzip it, and Save it to your desktop.
2) Double-click on TDSSKiller.exe to run. If the program does not run, you may have
to rename it to something like explore.exe, 123.exe, or something else before
running it. The virus is trying to block the program from running, so renaming it will
in some cases allow it to run.
3) Click on the Start button to start a scan and allow it to completely run
4) Allow TDSSKiller to fix any issues it finds and reboot the computer afterward
5) After reboot, try Google and see if the redirect it gone.
For more detailed information on TDSSKiller visit the Kaspersky page
Finally, as an extra precaution, scan your computer with online virus scanner like
Housecall, BitDefender, or eTrust or download and install an antivirus program and
run a complete scan. A list of online scanners is below, some however will only scan
but not remove issues.
Online Virus Checkers
Trend Micro Housecall - will scan and remove threats
The Tradeadexchange pop-up ads are caused by an ad-supported extension for Internet
Explorer, Firefox and Chrome, which is distributed through various monetization
platforms during installation. This malicious browser extensions is typically added when
you install another free software (video recording, download-managers or PDF creators)
that had bundled into their installation this adware program.
Close all open programs and internet browsers , then double-click on the
AdwCleaner icon . If Windows prompts you as to whether or not you wish to
run AdwCleaner, please allow it to run.
Click on the Scan button. AdwCleaner will now start to search for the
Tradeadexchange.com malicious files that may be installed on your
computer.
To remove the Tradeadexchange.com malicious files that were detected in
the previous step, please click on the Clean button.
AdwCleaner will prompt you to save any open files or documents, as the
program will need to reboot the computer. Please do so and then click on the
OK button.
Change your DNS server address in your modem (NOT on Windows or other
devices' network configuration options) by accessing it through a browser, usually
192.168.1.1 is the modem's firmware page address. switch it to the option which
allows you to type in DNS server addresses manually. Find a suitable trustable DNS
server (Google is good 8.8.8.8 and alternative 8.8.4.4). And deny all remote access
to your modem.Generally remote access control is found under 'Advanced' tab. Make
similar changes in connected routers' firmware too (if you are using separate routers
in addition to modem). Uninstall unsafe third-party add ons and applications from
unknown sources, from all your browsing devices. Next time when you install
applications, make sure you are agreeing to the terms of the prospective software
only, usually many additional adwares come bundled with general free applications.
Users 'accept/agree' them, and install them too. And it goes unnoticed. Note that
third party applications can supersede the changes you make. Generally mobile
applications which require permissions to access wifi and browser information can
hack into your modem firmware and make changes.
And please make sure your device is not affected by DNS Changer virus here's more
information about it:International Cyber Ring That Infected Millions of Computers
Dismantled
The below picture shows firmware page of a basic Dlink modem.
Nirvit Rustagi
Written Mar 7
Hi, I'm Bonnie. I'm glad to answer for you. Be similar to other browser
hijackers,tradeadexchange is classified as a typical browser hijacker which can
influence all of your web browsers including Internet Explorer, Mozilla Firefox and
Google Chrome. It not only redirects you to the third party websites but also displays
a lot of annoying pop op ads labeled with Ad by Tradeadexchange. Such browser
hijacker usually supported by advertisements. To completely remove it, please refer
to the following post.
How Can I Remove Tradeadexchange.com From My PC?
The post shows you the detailed steps including
1) How to uninstall unwanted programs from Control Panel?
2) How to remove tradeadexchange extensions from IE/Firefox/Chrome?
3) How to remove tradeadexchange homepage from web browser?
4) How to reset Chrome/Firefox/IE to remove Tradeadexchange.com?
5) How to protect your PC from malware infection?
4.6k Views
Upvote Downvote
Comment
Share
I have been suffering from this problem for some time, and I was sure that my pc and
mobile are not infected.
And I discovered that the ultimate solution for this problem is to reset and reconfig
the router if you are sure that your mobile and pc aren't infected.
Try to connect to another router to make sure that your router is infected.
1.8k Views View Upvotes
Upvote2 Downvote
Comment1
Share
Zola Jones
Hi, you can find whether there are unwanted programs on your computer and
suspected extensions/add-ons on your browser. Uninstall/Remove them if any.
Below are some steps. Hope they can help.
Step 1: Uninstall unwanted or newly added programs.
Start Menu >> Control Panel >> Uninstall a program/Programs and Features
Scroll through the program list and highlight unwanted programs. Then, click
Uninstall
Step 2: Remove IE browser extensions and restore your home page.
Menu/Tools >> Manage add-ons >> Toolbars and Extensions/Search Providers
Tools >> Internet Options >> General >> Home pages >> Use default or rewrite the
one you like
Tools >> Internet Options >> General >> Delete the Cookies/Delete Browsing
History
Right click on IE icon >> Properties >> Shortcut >> Target, and then remove
anything else after "C:\Program Files (x86)\....exe" > > Apply >> OK.
You can learn more details at http://threatremoval.com/best-wa...
6k Views
Upvote Downvote
Comment
Share
3.2k Views
Upvote Downvote
Comment
Share
Anmol Bajaj
Written Sep 11, 2015
Vinayak Dh
Written Jan 29
Recently, some browsers ( especially Chrome and Edge) have been facing this issue.
It is really annoying to see a advertisement site opening every time you click on
webpages.
After trying number of methods to resolve this issue ,I finally found a solution.
1.Uninstall any suspicious programs from your system.
2.Remove 'adblock' , 'adblockPlush' and similar extensions.
3.Clean Temp directory folder.(win+R and type %temp% Enter).
4. Uninstall browser and install it again.
5. Use 'uBlock origin' extension . Its a great tool and way better than any other AdBlocking extensions.
6. Block this site ' http://aka-cdn-ns.adtech.de ' (either editing a host file or you can
do it in 'uBlock Origin' extension
OR
For chrome , >setting>advance>piracy>content setting>JavaScript - Manage
Exceptions> Add' http://aka-cdn-ns.adtech.de ' and choose behavior as Block.
1.9k Views
Upvote Downvote
Comment
Share
Andy Odell
Yolanda
Written Jan 20
My mobile phone and tablet (both Android) were affected by this Malware on the same
day after connecting to a particular router. That pretty much conviced me that the router
was the source of the Malware and not any internet related activity in my device.
This helped me get rid of that Malware:
- Go to 'app info' for the browser you are using
- Click on 'clear data'. This will erase all information stored by your browser including
saved passwords, bookmarks etc. And it will also get rid of the Malware.
I haven't reconnected to that router since then and I've been fine.
\
If you are using Windows 8, press 5 on your keyboard to Enable
Safe Mode with Networking.
Windows will start in Safe Mode with Networking.
https://malwaretips.com/blogs/remove-browser-redirect-virus/