Alert - Google redirect virus

begreen Posted By begreen, Dec 3, 2011 at 5:00 PM

  1. begreen

    begreen
    Mooderator 2.
    NULL
    
    Staff Member

    Nov 18, 2005
    61,607
    7,878
    Loc:
    South Puget Sound, WA
    My son called me the other night. I could tell by the tone in his voice something was up. His computer was infected, badly. He's a gamer and an artist, always looking for new pictures of mythical beasts, etc. to draw. I brought his computer home and took a look at it yesterday. What I found was disturbing. A couple years ago I posted my concerns about when the next generation of viruses/trojans were coming. Over the years I've watched the complexity and sophistication of these attacks grow. Well folks, they are here and they are every bit as serious as I feared.

    The latest generation installs almost instantly as a rootkit. It makes itself an uber-administrator of the computer and takes over the Internet Browser without you knowing (though sometimes it will be slower). Behind the scenes it is redirecting every time you search using all the popular search engines and showing you a slightly different page. So when you go shopping or looking for stove pictures, or other items you are on a spoofed page usually with links that are copies of the original pages, but with infected files when you click on a picture or ad. All along it is setting itself up for a larger attack. When it happens you will get the infamous fake virus alert that is made to look like a Windows system dialog, with prompts to secure the computer. My son had seen these in the past and within a couple seconds he closed the dialog and pulled the ethernet cable. But it was too late. The program had already deeply embedded itself in the root of the drive and set up its own admin account. All shortcut links were gone, all desktop wiped, access to any files on any drive blocked. All virus and firewall programs shut down and blocked from opening. And even more sophisticated, it watched for everything every time the computer boots including from a linux disk and blocks all known virus checker, rootkit fixes, etc.. I suspect today I will be starting over with a low level formatting his drive.

    I won't bore you all with the number of door and places I have found this program in on his hard drive. This is simply to alert Windows users that there is a new level of attack being mounted and the tools out there that should be protecting your systems are failing. There are some simple things that will help. A hardware firewall, a secure login (don't let the machine boot up without an alphanumeric + alt keys login), a good quality, always updated, malware program set to a high protection. And a very vigilant eye for the unusual. My Win7 system and wife's laptop remain secure, mostly because we don't go to the websites that young men go to and they are setup with current security measure. But I won't be surprised if they come knocking at our door.

    Unfortunately, most Windows systems used in homes and a lot of businesses are not very secure or well protected. I fear that as this spreads we are going to see a major impact on our society. And the sophistication just keeps getting better. I am computer agnostic and have been on Windows, Amiga and Mac systems since 1986. This is not a sales pitch, but if you have been thinking about a new computer, this would be a good time to consider a Mac. So far they are off these demons' radar. Hard to say for how long though. This is cyber war folks, don't take it lightly.
     
  2. 343amc

    343amc
    Feeling the Heat 2.
    NULL
    

    Nov 23, 2005
    375
    181
    Loc:
    West Michigan
    Good post. It may be time to haul the old OS 3.9 Amiga 1200 out of retirement. :)

    Probably only a matter of time before Mac and Linux becomes a target, though those require a lot more thought for the virus authors than a Windoze machine.
     
  3. jtakeman

    jtakeman
    Minister of Fire 2.
    NULL
    

    Dec 30, 2008
    13,496
    1,572
    Loc:
    Northwestern CT.
    Was the PC protected with a anti virus/spyware package?
     
  4. begreen

    begreen
    Mooderator 2.
    NULL
    
    Staff Member

    Nov 18, 2005
    61,607
    7,878
    Loc:
    South Puget Sound, WA
    Yes, multiple protections actually. (SpyBot S/D, McAfee, Comcast protection + win firewall and malware detection). But not kept fully up to date and the system had no password protection. All were disabled when I got to the machine. There are blocks where I have never seen them before. For example, I can't do any dos commands in safe mode. I'm doing one last task. If this doesn't fix it, it'll be the nuke it route next, ie: low level format.
     
  5. Frozen Canuck

    Frozen Canuck
    Minister of Fire 2.
    NULL
    

    Dec 14, 2009
    858
    100
    Loc:
    North central Alberta, Canada
    The above is the #1 reason we have been on Macs exclusively for over a decade now. All that windows virus sh!t that I used to fight with almost every time one of the kids went online has vanished. Doubt very much that we will ever go back to a windows based system.....ever. Just not worth the grief as the Mac can give us everything we want & virtually none of the agony. Happy play time with that computer BG, just so glad it's not me. Been there, done that & I have no interest whatsoever in a T shirt. I would however wish to get a refund on all the days of my life I wasted working on a bug in a windows system....fat chance.
     
  6. begreen

    begreen
    Mooderator 2.
    NULL
    
    Staff Member

    Nov 18, 2005
    61,607
    7,878
    Loc:
    South Puget Sound, WA
    Fact is I have also wasted several days with Mac bugs over the years too. 10.6.3 had a doozy of an OpenGL crasher. Nobody's perfect.
     
  7. oldspark

    oldspark
    Guest 2.
    NULL
    

    Not sure but I think I had that twice on my work computer and had to send it in. Not sure why some people seem to have fun doing things like this.
     
  8. PapaDave

    PapaDave
    Minister of Fire 2.
    NULL
    

    Feb 23, 2008
    5,740
    2,220
    Loc:
    Northern MI - in the mitten
    Knock wood.....but so far no problems running Linux systems for the past several years. I'm waiting.
    Seems as though more people dislike MS, or it's just easier to write these things for a windows system.
    AVG has a root kit scanner. How do you know if it's working............just because it says it is?
    I have 7 on this drive, and Linux on another (ssd), and I'm the ONLY one allowed to touch it simply because I've had to deal with just the sort of thing BeGreen is right now.
    "No PapaDave laptop for you".
     
  9. begreen

    begreen
    Mooderator 2.
    NULL
    
    Staff Member

    Nov 18, 2005
    61,607
    7,878
    Loc:
    South Puget Sound, WA
    I think it is more of a bang for the buck deal. It's the price of being popular. They can infect 20,000 linux systems, 100,000 Mac systems or 800 million Windows systems. Guess where they are heading?
     
  10. Frozen Canuck

    Frozen Canuck
    Minister of Fire 2.
    NULL
    

    Dec 14, 2009
    858
    100
    Loc:
    North central Alberta, Canada
    For sure on that last post BG in their world it's all about being the one who crashed the big boy, that's MS. Sorry if I sounded snide, it's just that I hated every minute of bug chasing I ever did as I knew they were busy on the next version while I was working on fixing the grief of the previous one. It finally came down to me admiting to myself that they were better at building them than I was at finding & fixing them. Apparanently they are also better than the folks who write code for virus protection software as well.
     
  11. begreen

    begreen
    Mooderator 2.
    NULL
    
    Staff Member

    Nov 18, 2005
    61,607
    7,878
    Loc:
    South Puget Sound, WA
    Performing low level format to the drive as I type.
     
  12. ISeeDeadBTUs

    ISeeDeadBTUs
    Guest 2.
    NULL
    

    When they start catching the bastards, loping their hands off at the wrist and requiring restitution, the small timers would abandon this abominal practice.
     
  13. smoke show

    smoke show
    Guest 2.
    NULL
    

    Thanks, now I'm afraid to use my computer. :lol:
     
  14. mayhem

    mayhem
    Minister of Fire 2.
    NULL
    

    May 8, 2007
    1,938
    4
    Loc:
    Peru, MA
    There's the problem right there and its endemic of virtually all the systems I see with infections. The user neglects their own protection and always figures they'll update it tomorrow, or worse...turns it off willingly because its annoying or slows their system down or something.

    I've been seeing infections that do what you describe for a few years now...even including the inhibition of safe mode cmd prompt commands...its not that safe mode has been affected, the script screws with the executable commands.

    I've pretty much stopped putting massive efforts into virus/malware repair. Do your best to do a data backup and nuke it. No matter how hard you try it always has a hook somewhere thats undocumented or you just can't find and you almost always get a phone call within the next 2-4 weeks for the same problem.

    Don't forget to also write protect your hosts and lmhosts files. Easy pickins on most wintel machines to setup a redirector that most people will never find.
     
  15. oilstinks

    oilstinks
    Feeling the Heat 2.
    NULL
    

    Jan 25, 2008
    459
    1
    Loc:
    western NC
    i got it a while back. really annoying
     
  16. schlot

    schlot
    Minister of Fire 2.
    NULL
    

    Nov 21, 2011
    771
    490
    Loc:
    Iowa
    I got a re-direct a couple times. Not a big deal once you learn how to handle it, but learning the first time is frustrating. AVG and Malwarebytes are on my system and keep it clean. Both are free too!
     
  17. Hass

    Hass
    Minister of Fire 2.
    NULL
    

    Mar 20, 2011
    529
    11
    Loc:
    Alabama, NY
    If you have a good redirect virus, it WILL NOT be detected by AVG, norton's deep cleaning program, avast mcafee or any other virus detection.
    The easiest way to get rid of it if you don't know what you're doing is go on a computer forum and ask for help. They'll usually want you to start out with a "hijack this" log... Then advise you from there.
    It's an absolute pain in the rump to get rid of.
    Definitely easiest to just format and start over.

    People commonly call it the google redirect virus but it's actually not just google, nor has anything to do with google. It's any search engine.
     
  18. schlot

    schlot
    Minister of Fire 2.
    NULL
    

    Nov 21, 2011
    771
    490
    Loc:
    Iowa
    True. It was fun to find out how to get rid of it, and like you said, it affected more than google. The way I found it was by looking on some forums than run AVG in administrator mode. Took two or three pulls of the software to remove it too.
     
  19. Battenkiller

    Battenkiller
    Minister of Fire 2.
    NULL
    

    Nov 26, 2009
    3,740
    18
    Loc:
    Just Outside the Blue Line
    Sounds like one of these malware devices has a hold of my wife's computer. I have never seen such a sluggish pig. I think she's getting a new Mac Book Pro for Christmas, I'm tired of listening to her whine about it.

    I have never had any kind of problem with these things on my iMac. However, I've been toying with installing a version of Windows on it because there are a few boat design programs I want to play with that only run on Windows. Will I be in danger of having my hard drive infected if I put Windows on it?
     
  20. begreen

    begreen
    Mooderator 2.
    NULL
    
    Staff Member

    Nov 18, 2005
    61,607
    7,878
    Loc:
    South Puget Sound, WA
    Good question. I don't think that it would affect the Mac partition because the programing for the memory resident trojan would be useless in the world of Mac OS, but I could be wrong.
     
  21. begreen

    begreen
    Mooderator 2.
    NULL
    
    Staff Member

    Nov 18, 2005
    61,607
    7,878
    Loc:
    South Puget Sound, WA
    Hass is correct. I would not be complacent, it could be still infected. Try booting in safe mode and see if there is an admin account you have not control over.
     
  22. pastera

    pastera
    Feeling the Heat 2.
    NULL
    

    Sep 8, 2008
    336
    19
    Loc:
    SE Mass
    I normally dont boot a suspect drive - boot from a live linux disk or emergency boot cd and scan

    http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/


    having rebuilt family members computers several times because of refusal to follow even basic precautions I now tell them I have to wipe it so just buy a new one - Not going to invest several hours of work if they won't change their ways...


    Aaron
     
  23. Dakotas Dad

    Dakotas Dad
    Minister of Fire 2.
    NULL
    

    Mar 19, 2009
    1,463
    188
    Loc:
    Central Kentucky
    Wife and I are both tech savvy and IT people. We started the "third times a charm" view several years ago, when a 4 day trip home to her family turned into a 72 hour full court press computer rescue mission.

    We have a friend with like 7 e-machines in her basement, every year or so, she gets cooties so bad it's unbelievable, and we got tired of rebuilding boxes for her. just told her how to reformat.. that's to much trouble, so she just buys another crappy machine every so often and runs it 'till it's full of crap. rinse, repeat.
     
  24. gpcollen1

    gpcollen1
    Minister of Fire 2.
    NULL
    

    Oct 4, 2007
    2,027
    11
    Loc:
    Western CT
    That was true before Apple gained market share. Once the fish are big enough to provide food to eat, they get fished!
     
  25. Jags

    Jags
    Moderate Moderator 2.
    NULL
    
    Staff Member

    Aug 2, 2006
    17,314
    5,965
    Loc:
    Northern IL
    Ding, ding, ding.

    I take an overview of the infection and decide on which will take less time. Flushing out the virus, or flushing the drive.
     

Share This Page