Home
Articles
Spyware Research
Support
Scan Now
Purchase
F.A.Q.
Top Infections: About SpywareGlossary Latest Detections Fake Scanner Sites Google Search Redirects Scour.com Shopcompareus.com savecompare.com Couponmountain.com ![]() |
Google Redirect VirusAlias: Google Redirect Virus, Google Redirect Trojan, Google Re-direct Virus, Google Re-direct Trojan, Google Virus, Google Searches Redirected
Description: The Google Redirect Virus (also known as Google Redirect Trojan) is a hijacker trojan that redirects Google, Yahoo, Bing, MSN and other search engine search results to various websites (see list below) that are not necessarily related to your search query. Every so often the virus can pretend to scan your computer and find viruses then propose that you buy one of several fake removal tools. This virus does not necessarily redirect all searches, some Google searches go through fine while other Google searches get redirected to advertisement websites or display popup ads. In some cases, google search redirections can be the result of a ZeroAccess Rootkit. Note that computers infected with ZeroAccess Rootkit are unable to run TDSSKiller. SpyNoMore is capable of removing Zero Access Rootkits and stopping the search redirections. If your Google searches are being redirected, chances are your computer is infected with the Google Redirect Virus. SpyNoMore safely and effectively removes the Google Redirect Virus. Below is a list of recent sites that searches can be redirected to on an infected computer. It is important to note that not all the sites below are bad, in fact some are very popular, clean sites, but that the infection on your computer causes redirections to these websites in order to collect traffic revenues. The Google Redirect Virus can hijack user's searches to many websites among which are: about:blank, 10-directory.com, 63.209.69.107, 67.29.139.153, 7search.com, 95p.com, adorika.com, 9966dh.com, abnow.com, adorika.com, adf.ly, admarketplace.com, alive-finder.com, alltheservices.com, articlemule.org, asklots.com, askthecrew.net, autocompletepro.com, ave99.com, b00kmarks.com, background-sleuth.net, bargainmatch.com, beoo.com, bestdiscountinsurance.com, bestsearchpage.com, bestclicksnow.com, bestmarkstore.com, bestwebchoices.com, bestwebsearch.com, bidsystem.com, secure.bidvertiser.com, blinkx.com, britewallet.com, budgetmatch.net, buzzclick.com, cashrewards.com, celebrity-gossip.net, cheapstuff.com, citysearch.com, clicksor.com (Clicksor), clkads.com, feed.clickbizz.com, compare.us.com, comparedby.us, comparestores.net, coolsearchserver.com, couponmountain.com, digitaltrends.com, easilyfindlocal.com, EasyA-Z.com, everythinghere.com, evoplus.com, expandsearchanswers.com (expand search answers), fastfinder.com, feedsmixer.org (starFeedsMixer), find-quick-results.com, FilesCup.com (FilesCup), findexmark.com, find-answers-fast.com, find-fast-answers.com, finditreport.com, findology.com, finderquery.com, findstuff.com, flurrysearch.com, forless.com, funclipsearch.net, gimmeanswers.org, glimpse.com, google-redirect.com, googlesearchserver.net, get-search-results.com, goingonearth.com, goodsearch.com, gomeo.co.uk, gossipcenter.com, gquestionnaire.com, greatsearchserver.com, greenluo.com, grooveswish.com, guide2faucets.com, happili.com, HelloLocal.com, hooot.com, hyperpromote.com, informationgetter.com, inruo.com, jerseyscatalog.com, juggle.com, k100searches.com, kitchenrenopages.com, kingtopsearch.net, kiseek.com, lawyerinsight.org, letsbuystuff.com, lexolis.com, liutilities.com, livejasmin.com (creative.livejasmin.com popups), local-search-pages.com, localpages.com, localsearchbug.com, lowpriceshopper.com, manufacturersdirectory.com, mediashifting.com, merchantsnearby.com, monstermarketplace.com, mooter.com, multifind24.com, mybestclick.net, mycustomsearch.cn, mydealchoices.com, mydealmatch.com, mylocalhero.com, neatsales.com, neatsearchserver.com (neat search server zeroaccess rootkit), netsearchfinder.com, netshoppers.com, newsdaily7.tv, nexplore.com, njksearch.net, privacycheck.ru, Pulse360.com, qooqle.com, qooqlle.com, questyes.com, quick-search-results.com, quick-suggest.com, redirectsite.net, results5.google.com, safecompare.com, saveandcoupon.com, savecompare.com, savingwithads.com, scour.com, scoursearch.net, search-redirector.com, searchforall.info, searching4all.com, search-netsite.com, search-results.com (int.search-results.com), searchbacon.com, searchcompletion.com, searchdiscovered.com, searchqu.com, searchqualitysites.com, searchnext.com, searchspice.com, shopautoweek.com, shopcompare.net, shopcompareus.com, shopfinded.com, shophornet.com, shopica.com, shopica.com/search, shopzilla.com, socialsurvey2011.info, Social Search Redirect, somesearchsystem.com, startnow.com, startsearcher.com, supergreenadvice.com, supersearchserver.com, TabDiscover.com, tazinga.com (tazinga!), theclickcheck.com, theifinder.com, TheTop10.com, tubedownloader.com, theyellowpages.com, theyellowpagez.com, topdaodrugs.com, toseeka.com, tubedownloader.com, unblock-us.com, us-srch-system.com, vacationsummerbay.com, valueapproved.com, vshare.toolbarhome.com (vShare), vuwl.com, vehiclefind24.com, webplains.net, weeklycontestwinner.org, weeklyusa-winner.com, webshoppinghelper.com, webresults6.org, yellowmoxie.com, yellowise.com, ylwbook.addresses.com, youfindmore.com, youporn.com.:: Download SpyNoMore now to scan your PC :: Please note that SpyNoMore free scan shows you the results but removal requires that you purchase an activation code. Also note that the SpyNoMore scan may not specifically show 'Google Redirect Virus', as many trojans are known to cause Google search redirections. So you may see 'Trojan' in the scan results instead of 'Google Redirect Virus'. Threat type: Search Hijacker - A Search Hijacker redirects your Google, Yahoo, Bing and other search engine search results to unfamiliar websites. Search Hijacker infections are usually the result of a malware infection. Takes control of your browser's default search engine. The search results may not necessarily be the best fit as those usually come from paid advertisements, as issued to you by the Hijacker authors. Search hijackers prevent you from changing your browser's default search engine, and they tend to slow down PC performance. Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly normally via malware programs, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs. Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer and / or to protect your privacy. Detection: SpyNoMore removes Google Redirect Virus: Yes Threat risk: High Risk Very dangerous malware. Can log user's keyboard activity and take snapshots of the user's screen. Uses stealth installation and removal is very difficult. Category includes spyware programs, adware programs and trojans. Symptoms: Google search results yield wrong or irrelevant results. Yahoo and other search engine search results yield wrong or irrelevant results. Popup messages claiming that your computer is infected. Installation of fake antivirus / antispyware programs without user consent. Existing Antivirus / Antispyware programs may cease to function. Antivirus / Antispyware websites may become blocked. Browser redirection to fake antispyware websites. When you search using google, yahoo or bing, you get a message saying "The document has moved, redirecting.." or you see a spinning wheel labeled "Loading...". Clicking on a link may yield the message "Internet Communications Shield has blocked access to an internal site" Running Process Signatures: AppData\dwm.exe
AppData\microsoft\conhost.exe Xwk.exe Xwo.exe Xzagua.exe GProton.exe C:\WINDOWS\Xzagua.exe C:\Windows\kr_done1 C:\Windows\System32\kr_done1 C:\Windows\System32\kr_done1 %Temp%\kr_done1 C:\Windows\System32\consrv.dll <-- this is a hidden file File Signatures: N/A Registered Dll (Dynamic Link Library) Signatures: N/A Folder Signatures: N/A Registry Signatures: HKLM\SOFTWARE\Microsoft\kr_done1 SpyNoMore Collected Residual File Signatures: N/A
| ||||||||||
|
||||