Team Chevelle banner

browser redirecting trojan

3K views 13 replies 9 participants last post by  Mike 
#1 ·
Grr, this thing is driving me nuts. It hijacks the links in a Google search and redirects the browser to random websites. I've run McAfee and a few other spyware programs but it persists. CWShredder didn't touch it either. Any ideas? This is on XP, and occurs in IE, Firefox, and Safari.
 
#3 ·
yeah, I ran that, but it just gives me a list of running processes. I'm not expert enough to tell which one is the baddy.
 
#4 ·
Use malwarebytes antimalware from malwarebytes.org to get rid of it.

Internet explorer won't take you there, though - download firefox first and use firefox instead until you get it cleaned up. My guess is you'll like firefox better and keep using it, too....
 
#5 ·
As Andy stated in his question it's happening with IE, Firefox, and Safari. So downloading Firefox isn't a cureall for browser ills, never has been. Why wouldn't Internet Explorer get you there? My Internet Explorer gets me there just fine. Just love it when someone jumps at a chance to bash IE for no legitimate reason.

Grr, this thing is driving me nuts. It hijacks the links in a Google search and redirects the browser to random websites. I've run McAfee and a few other spyware programs but it persists. CWShredder didn't touch it either. Any ideas? This is on XP, and occurs in IE, Firefox, and Safari.
Frustrating isn't it? Kind of like people hijacking threads with nothing pertinent to say about the subject.

It's hard to know exactly what program is causing your problems but it may be a new variant of *coolwebsearch* that deflects programs like CWShredder. I found info on it listed at http://www.majorgeeks.com/download4113.html with a download link to remove it. Again, not knowing exactly what the virus is it could be a long trial-and-error procedure to get rid of it.

A poster on another forum was having the same problem, Google search links being redirected elsewhere and claims to have found a fix at somplace called VundoFix from http://vundofix.atribune.org/. The infected file was ocfrrbc.dll in his system32 folder.

Hope something here gets you in the right direction.
 
#6 ·
Dale,

I had the same or a similar trojan. IE would not take me there, the trojan redirects you. However, Firefox and Netscape both took me to the correct place because the trojan didn't seem to care about the other browsers or they somehow weren't affected. I wasn't even bashing IE, just stating the fact that it won't take you there. You don't have the trojan, which is why yours works just fine.

I didn't see his note that it occurs on the other browsers also. That tells me it probably changed his DNS settings.

Andy, get to your local area connection, right-click and hit properties. Go to Internet Protocol (TCP/IP) and select properties. There are one or two IP addresses there for "preferred dns settings". Likely the trojan changed these settings - it should either be to "automatically select" (if it is, then this is NOT the problem) or it should be specific settings for your network, depending on how things are set up. If you don't know, your internet service provider should be able to confirm.

Once you get the settings correct, your internet redirect will probably be OK, but it will likely return if you don't get rid of the core trojan/virus - antimalware I mentioned earlier is excellent.
 
#8 ·
It hijacks the links in a Google search and redirects the browser to random websites.
What kind of random website?

I ask because the way that Google is set up the results of your search could include an "AdWare" page or pages.

An AdWare page is one that is set up to include a vast array of commonly searched "words" and keep you clicking to generate income, not answer your question.

It is not a redirect page. It is not a malware, etc. It is a direct link in the search results. The page will often show up as a rudimentary web page, although they often show up as professionally built sites with good information and with numerous links to the exact or similar "words"

AdWare sites are sites that the publisher sets up "to be searched" by Google. Google returns searches by word match and popularity, so one of these AdWare sites that gets a lot of traffic will show up high in the ranks. High ranks equal "good info" in a Google search, even though it's not.

When you click on an AdWare page, Google pays them. If you click another link, Google pays them again, and again, and again...every time you click on a link within the site.

Why? Because the AdWare page fools Google into believing that it provides a direct link to the site you were hoping to get to.

Who pays for it? The site that is a paid advertiser.

A good AdWare page can generate $100K a month in revenue, at .001 of a cent at a time.

Google's analytics seek out those AdWare pages and blocks them... eventually.

Unfortunately their owners can resurrect them in short order.

What you can do.

Don't use Google
Read the link before you click.
If you arrive at a generic or B/S page go back
 
#9 ·
Found another possible source of your problem.

Java applets embedded in websites.

Seems there was a security issue, a short while back, with Java. It allowed a Java based applet to be embedded into a website that would auto-run.

It could cause a redirect or run other apps on your computer.

If you visited a website with an embedded app, it would run. Once you left that website it would not leave any trace.

To fix, install the latest version of JAVA, which eliminates the issue. The Windows version was published a short while back and the Mac version was just added.

http://support.apple.com/kb/HT3581 (via software update)

http://www.java.com/en/download/manual.jsp
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top