Redirect Virus

Discussion in 'Anti-Virus' started by Dick Adams, Dec 9, 2011.

  1. Dick Adams

    Dick Adams Guest

    I use Yahoo's search engine because I refuse to use anything
    associated with Google. All of a sudden when I click on a
    search result, I am "REDIRECTED" to sites completely unrelated
    to my search.

    Is this a virus?
    Is there anyway to turn off REDIRECT?

    Dick Adams, Dec 9, 2011
    1. Advertisements

  2. No, it isn't a virus. However it is most likely a trojan and you'll have to find and
    remove the malware that's redirecting your searches.

    Have you scanned your system with anti malware ?
    David H. Lipman, Dec 9, 2011
    1. Advertisements

  3. Dick Adams

    Dick Adams Guest

    I run SuperAntiSpyWare (just for Cookies) and McAfee before I
    shut down for the day.

    Dick Adams, Dec 10, 2011
  4. Dick Adams

    Shadow Guest

    I also favour Yahoo .... Google has become too intrusive.
    Is there any consistency on where you are redirected to, or
    is it random ? (check the IP, not what the page says)
    Hijackthis is probably the quickest way to find something, but
    does fail sometimes.
    I'd download an iso image from Kaspersky or Avira, etc burn
    it to a CD , boot from it and go over the system.
    Malwarebytes might flag something too.
    Getting rid of the redirect will NOT clean your system ...
    something put it there
    Shadow, Dec 10, 2011
  5. Dick Adams

    ASCII Guest

    How about 'scroogle'?
    What has it missed and did you mention that to the developers?
    ASCII, Dec 10, 2011
  6. Dick Adams

    Shadow Guest

    I'd forgotten about it :)
    Back in the times it was the "rave", a lot of malware searched
    for, and incapacitated it. David Lipman and others could probably tell
    you if any malware still does.
    About once a month, I run a full system scan from linux. I
    then go back to windows, run hijackthis, and put all the safe stuff in
    the ignorelist.
    After that hijackthis is the first thing I run when I feel
    something is "strange". Having an ignorelist usually finds the culprit
    very quickly.
    Shadow, Dec 11, 2011
  7. Dick Adams

    ASCII Guest

    I've never noticed it to be 'inoperative' on my system,
    maybe that tells me there's no such malware present?
    ASCII, Dec 11, 2011
  8. Interesting. I hadn't considered the use of HJT as a snapshot comparison
    tool. I just considered it to be more of a malware relevant information
    dump tool to make a log for analysts. With all of the relevant
    information HJT collects, it probably works quite well that snapshot way
    FromTheRafters, Dec 11, 2011
  9. Dick Adams

    ASCII Guest

    I don't use HJT as an integrity reference
    but as a routine display of relevant registry conditions
    for integrity comparisons there's 'Floke' or 'InCtrl5',
    Either of which allow as thorough uninstall as Revo.
    I used to have an application called 'Snapper' that worked similarly.
    ASCII, Dec 11, 2011
  10. I used InCtrl4 and InCtrl5 before, I've never run HJT.
    FromTheRafters, Dec 11, 2011
  11. Dick Adams

    Dick Adams Guest

    It tends to chage on a daily basis. But it's usually some kind
    of Hollywood URL.
    After reading this, I downloaded Hijackthis. I've yet to
    understand how to interpret it.
    That went right over my head.
    I've been using Malware. Then someone at Dell said multiple
    anti-virus programs can conflict with each other.
    Good point. What we need is a law that says people who
    write viruses and malware should be given .45 caliber
    sexual sterizations to stop them from procreating.

    Dick Adams, Dec 12, 2011

  12. "I've been using Malware. "

    You mean, you have been using Malwarebytes anti malware ?

    Forget what Dell told you. You misinterpreted what Dell said. What is meant is that it
    is contraindicated to have more than one fully installed anti virus application performing
    "On Access" and "On Demand" scanning. You can however have one fully installed anti virus
    application performing "On Access" and "On Demand" scanning and multiple "On Demand"
    scanners. Malwarebytes anti malware in addition to a fully installed anti virus
    application is OK as well as my Multi-AV Scanning Tool.

    Download my Multi-AV from the below URL and run the Trend Micro, Avirta and Sophos
    modules. They are all "On Demand" scanners.
    David H. Lipman, Dec 12, 2011
  13. Dick Adams

    ASCII Guest

    HJT lists certain registry information
    that can be indicative of misbehavior.
    If you try it, you don't have to authorize any actions (deletions)
    plus it gives an explanation as to what certain reg keys do.
    After careful evaluation of hits and their addition to the ignore list,
    it can serve to detect new changes, so I guess I really do
    use it as an integrity checked after all.
    ASCII, Dec 12, 2011
  14. Dick Adams

    ASCII Guest

    There are fora to post your log to
    so that 'experts' can argue over the results.
    Hopefully you'll get some useful advice.
    Personally I get rid of all toolbars and BHOs.
    ASCII, Dec 12, 2011
  15. Dick Adams

    Dick Adams Guest

    How about I post it here?
    Dick Adams, Dec 12, 2011
  16. No, we don't interpret HJT logs here.

    Please perform the scans I indicated or create a post at Malwarebytes.
    David H. Lipman, Dec 12, 2011
  17. Dick Adams

    Shadow Guest

    So do I.
    And in his case, redirects (bogus start pages) and all host
    file entries. Hijackthis does not list the hosts default entry, so no
    harm can come out of it.

    "From the Rafters", you should check it out.

    Download the executable, I believe it's portable. And cheap
    Shadow, Dec 12, 2011
  18. Dick Adams

    Shadow Guest

    Correction .... it keeps the ignore list in the registry, so
    it's not truly portable. Sorry about that one.
    Shadow, Dec 12, 2011
  19. Dick Adams

    ASCII Guest

    You'll likely get some resistance
    from those who have a reluctance to try and interpret it.
    But it's only text and therefore minimal bandwidth so go ahead,
    maybe some 'expert' will spot something obvious.
    ASCII, Dec 12, 2011
  20. Dick Adams

    ASCII Guest

    I use certain HOSTS entries with the newsreader config I have
    so I only check to determine if it's correct.
    Unless you take a deliberate action to 'fix' something
    there's no harm coming in any case.
    ASCII, Dec 12, 2011
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.