Home Articles Spyware Research Support Scan Now Purchase F.A.Q.

Top Infections:

1.Google Redirected
2.ZeroAccess Rootkit
3.Privitize VPN
4.searchab.com
5.search.conduit.com
6.PremiumPlay Codec-C
7.XP Antispyware 2012
8.BundesPolizei Virus
9.XP Security 2012
10.Home Security Essentials
11.95p.com Search Redirect
12.Security Shield
13.Security Tool
14.Mediashifting.com Search Redirect
15.XP Home Security 2012
16.About Internet Explorer Emergency Mode
17.System Security
18.Vundo Trojan
19.Internet Security Essentials
20.XP Internet Security 2012
About Spyware
Glossary

Latest Detections
Fake Scanner Sites


Google Search Redirects

Scour.com
Shopcompareus.com
savecompare.com
Couponmountain.com

Google Redirect Virus

Alias: Google Redirect Virus, Google Redirect Trojan, Google Re-direct Virus, Google Re-direct Trojan, Google Virus, Google Searches Redirected

Description:

The Google Redirect Virus (also known as Google Redirect Trojan) is a hijacker trojan that redirects Google, Yahoo, Bing, MSN and other search engine search results to various websites (see list below) that are not necessarily related to your search query. Every so often the virus can pretend to scan your computer and find viruses then propose that you buy one of several fake removal tools. This virus does not necessarily redirect all searches, some Google searches go through fine while other Google searches get redirected to advertisement websites or display popup ads.

In some cases, google search redirections can be the result of a ZeroAccess Rootkit. Note that computers infected with ZeroAccess Rootkit are unable to run TDSSKiller. SpyNoMore is capable of removing Zero Access Rootkits and stopping the search redirections.

If your Google searches are being redirected, chances are your computer is infected with the Google Redirect Virus. SpyNoMore safely and effectively removes the Google Redirect Virus.

Below is a list of recent sites that searches can be redirected to on an infected computer. It is important to note that not all the sites below are bad, in fact some are very popular, clean sites, but that the infection on your computer causes redirections to these websites in order to collect traffic revenues. The Google Redirect Virus can hijack user's searches to many websites among which are:

about:blank, 10-directory.com, 63.209.69.107, 67.29.139.153, 7search.com, 95p.com, adorika.com, 9966dh.com, abnow.com, adorika.com, adf.ly, admarketplace.com, alive-finder.com, alltheservices.com, articlemule.org, asklots.com, askthecrew.net, autocompletepro.com, ave99.com, b00kmarks.com, background-sleuth.net, bargainmatch.com, beoo.com, bestdiscountinsurance.com, bestsearchpage.com, bestclicksnow.com, bestmarkstore.com, bestwebchoices.com, bestwebsearch.com, bidsystem.com, secure.bidvertiser.com, blinkx.com, britewallet.com, budgetmatch.net, buzzclick.com, cashrewards.com, celebrity-gossip.net, cheapstuff.com, citysearch.com, clicksor.com (Clicksor), clkads.com, feed.clickbizz.com, compare.us.com, comparedby.us, comparestores.net, coolsearchserver.com, couponmountain.com, digitaltrends.com, easilyfindlocal.com, EasyA-Z.com, everythinghere.com, evoplus.com, expandsearchanswers.com (expand search answers), fastfinder.com, feedsmixer.org (starFeedsMixer), find-quick-results.com, FilesCup.com (FilesCup), findexmark.com, find-answers-fast.com, find-fast-answers.com, finditreport.com, findology.com, finderquery.com, findstuff.com, flurrysearch.com, forless.com, funclipsearch.net, gimmeanswers.org, glimpse.com, google-redirect.com, googlesearchserver.net, get-search-results.com, goingonearth.com, goodsearch.com, gomeo.co.uk, gossipcenter.com, gquestionnaire.com, greatsearchserver.com, greenluo.com, grooveswish.com, guide2faucets.com, happili.com, HelloLocal.com, hooot.com, hyperpromote.com, informationgetter.com, inruo.com, jerseyscatalog.com, juggle.com, k100searches.com, kitchenrenopages.com, kingtopsearch.net, kiseek.com, lawyerinsight.org, letsbuystuff.com, lexolis.com, liutilities.com, livejasmin.com (creative.livejasmin.com popups), local-search-pages.com, localpages.com, localsearchbug.com, lowpriceshopper.com, manufacturersdirectory.com, mediashifting.com, merchantsnearby.com, monstermarketplace.com, mooter.com, multifind24.com, mybestclick.net, mycustomsearch.cn, mydealchoices.com, mydealmatch.com, mylocalhero.com, neatsales.com, neatsearchserver.com (neat search server zeroaccess rootkit), netsearchfinder.com, netshoppers.com, newsdaily7.tv, nexplore.com, njksearch.net, privacycheck.ru, Pulse360.com, qooqle.com, qooqlle.com, questyes.com, quick-search-results.com, quick-suggest.com, redirectsite.net, results5.google.com, safecompare.com, saveandcoupon.com, savecompare.com, savingwithads.com, scour.com, scoursearch.net, search-redirector.com, searchforall.info, searching4all.com, search-netsite.com, search-results.com (int.search-results.com), searchbacon.com, searchcompletion.com, searchdiscovered.com, searchqu.com, searchqualitysites.com, searchnext.com, searchspice.com, shopautoweek.com, shopcompare.net, shopcompareus.com, shopfinded.com, shophornet.com, shopica.com, shopica.com/search, shopzilla.com, socialsurvey2011.info, Social Search Redirect, somesearchsystem.com, startnow.com, startsearcher.com, supergreenadvice.com, supersearchserver.com, TabDiscover.com, tazinga.com (tazinga!), theclickcheck.com, theifinder.com, TheTop10.com, tubedownloader.com, theyellowpages.com, theyellowpagez.com, topdaodrugs.com, toseeka.com, tubedownloader.com, unblock-us.com, us-srch-system.com, vacationsummerbay.com, valueapproved.com, vshare.toolbarhome.com (vShare), vuwl.com, vehiclefind24.com, webplains.net, weeklycontestwinner.org, weeklyusa-winner.com, webshoppinghelper.com, webresults6.org, yellowmoxie.com, yellowise.com, ylwbook.addresses.com, youfindmore.com, youporn.com.

:: Download SpyNoMore now to scan your PC ::



Please note that SpyNoMore free scan shows you the results but removal requires that you purchase an activation code. Also note that the SpyNoMore scan may not specifically show 'Google Redirect Virus', as many trojans are known to cause Google search redirections. So you may see 'Trojan' in the scan results instead of 'Google Redirect Virus'.

Threat type:

Search Hijacker - A Search Hijacker redirects your Google, Yahoo, Bing and other search engine search results to unfamiliar websites. Search Hijacker infections are usually the result of a malware infection. Takes control of your browser's default search engine. The search results may not necessarily be the best fit as those usually come from paid advertisements, as issued to you by the Hijacker authors. Search hijackers prevent you from changing your browser's default search engine, and they tend to slow down PC performance.

Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly normally via malware programs, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs.


Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer and / or to protect your privacy.

Detection:
SpyNoMore removes Google Redirect Virus: Yes

Threat risk: High Risk
Remove Google Redirect Virus, Google Redirect Virus Remover
Very dangerous malware. Can log user's keyboard activity and take snapshots of the user's screen. Uses stealth installation and removal is very difficult. Category includes spyware programs, adware programs and trojans.

Symptoms:

Google search results yield wrong or irrelevant results.

Yahoo and other search engine search results yield wrong or irrelevant results.

Popup messages claiming that your computer is infected.

Installation of fake antivirus / antispyware programs without user consent.

Existing Antivirus / Antispyware programs may cease to function.

Antivirus / Antispyware websites may become blocked.

Browser redirection to fake antispyware websites.

When you search using google, yahoo or bing, you get a message saying "The document has moved, redirecting.." or you see a spinning wheel labeled "Loading...".

Clicking on a link may yield the message "Internet Communications Shield has blocked access to an internal site"



Google Redirect Virus Signature Details: The following information includes some of the standard signatures associated with this spyware threat. Please do not attempt to manually remove these items from your computer; Removing these items incorrectly or partially can cause your computer to experience critical errors, prevent your computer from restarting or cause loss of Internet connectivity. Should you be infected with Google Redirect Virus, you can clean your computer by downloading SpyNoMore now.

Running Process Signatures:
AppData\dwm.exe
AppData\microsoft\conhost.exe
Xwk.exe
Xwo.exe
Xzagua.exe
GProton.exe
C:\WINDOWS\Xzagua.exe
C:\Windows\kr_done1
C:\Windows\System32\kr_done1
C:\Windows\System32\kr_done1
%Temp%\kr_done1
C:\Windows\System32\consrv.dll <-- this is a hidden file


File Signatures:
N/A

Registered Dll (Dynamic Link Library) Signatures:
N/A

Folder Signatures:
N/A

Registry Signatures:
HKLM\SOFTWARE\Microsoft\kr_done1

SpyNoMore Collected Residual File Signatures:
N/A


See Also:
Privacy Center
Antivirus Pro 2009
System Security 2009
WinPC Antivirus
Personal Antivirus
Spyware Protector 2009
lo-find.com
offer-provider.com
ix-find.com
co-mix-site.com

Spyware Removal Home | Support | F.A.Q. | Spyware Removal Database | Privacy Policy | Site Map
Copyright © 2005-2012 Illysoft LLC