1. Welcome Hearth.com Guests and Visitors - Please enjoy our forums!
    Hearth.com GOLD Sponsors who help bring the site content to you:
    Hearthstone Soapstone and Cast-Iron stoves( Wood, Gas or Pellet Stoves and Inserts)
    Caluwe - Passion for Fire and Water ( Pellet and Wood Hydronic and Space Heating)

Alert - Google redirect virus

Post in 'DIY and General non-hearth advice' started by begreen, Dec 3, 2011.

  1. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    46,531
    Loc:
    South Puget Sound, WA
    My son called me the other night. I could tell by the tone in his voice something was up. His computer was infected, badly. He's a gamer and an artist, always looking for new pictures of mythical beasts, etc. to draw. I brought his computer home and took a look at it yesterday. What I found was disturbing. A couple years ago I posted my concerns about when the next generation of viruses/trojans were coming. Over the years I've watched the complexity and sophistication of these attacks grow. Well folks, they are here and they are every bit as serious as I feared.

    The latest generation installs almost instantly as a rootkit. It makes itself an uber-administrator of the computer and takes over the Internet Browser without you knowing (though sometimes it will be slower). Behind the scenes it is redirecting every time you search using all the popular search engines and showing you a slightly different page. So when you go shopping or looking for stove pictures, or other items you are on a spoofed page usually with links that are copies of the original pages, but with infected files when you click on a picture or ad. All along it is setting itself up for a larger attack. When it happens you will get the infamous fake virus alert that is made to look like a Windows system dialog, with prompts to secure the computer. My son had seen these in the past and within a couple seconds he closed the dialog and pulled the ethernet cable. But it was too late. The program had already deeply embedded itself in the root of the drive and set up its own admin account. All shortcut links were gone, all desktop wiped, access to any files on any drive blocked. All virus and firewall programs shut down and blocked from opening. And even more sophisticated, it watched for everything every time the computer boots including from a linux disk and blocks all known virus checker, rootkit fixes, etc.. I suspect today I will be starting over with a low level formatting his drive.

    I won't bore you all with the number of door and places I have found this program in on his hard drive. This is simply to alert Windows users that there is a new level of attack being mounted and the tools out there that should be protecting your systems are failing. There are some simple things that will help. A hardware firewall, a secure login (don't let the machine boot up without an alphanumeric + alt keys login), a good quality, always updated, malware program set to a high protection. And a very vigilant eye for the unusual. My Win7 system and wife's laptop remain secure, mostly because we don't go to the websites that young men go to and they are setup with current security measure. But I won't be surprised if they come knocking at our door.

    Unfortunately, most Windows systems used in homes and a lot of businesses are not very secure or well protected. I fear that as this spreads we are going to see a major impact on our society. And the sophistication just keeps getting better. I am computer agnostic and have been on Windows, Amiga and Mac systems since 1986. This is not a sales pitch, but if you have been thinking about a new computer, this would be a good time to consider a Mac. So far they are off these demons' radar. Hard to say for how long though. This is cyber war folks, don't take it lightly.

    Helpful Sponsor Ads!





  2. 343amc

    343amc Feeling the Heat

    Joined:
    Nov 23, 2005
    Messages:
    376
    Loc:
    West Michigan
    Good post. It may be time to haul the old OS 3.9 Amiga 1200 out of retirement. :)

    Probably only a matter of time before Mac and Linux becomes a target, though those require a lot more thought for the virus authors than a Windoze machine.
  3. jtakeman

    jtakeman Minister of Fire

    Joined:
    Dec 30, 2008
    Messages:
    13,582
    Loc:
    Northwestern CT.
    Was the PC protected with a anti virus/spyware package?
  4. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    46,531
    Loc:
    South Puget Sound, WA
    Yes, multiple protections actually. (SpyBot S/D, McAfee, Comcast protection + win firewall and malware detection). But not kept fully up to date and the system had no password protection. All were disabled when I got to the machine. There are blocks where I have never seen them before. For example, I can't do any dos commands in safe mode. I'm doing one last task. If this doesn't fix it, it'll be the nuke it route next, ie: low level format.
  5. Frozen Canuck

    Frozen Canuck Minister of Fire

    Joined:
    Dec 14, 2009
    Messages:
    863
    Loc:
    North central Alberta, Canada
    The above is the #1 reason we have been on Macs exclusively for over a decade now. All that windows virus sh!t that I used to fight with almost every time one of the kids went online has vanished. Doubt very much that we will ever go back to a windows based system.....ever. Just not worth the grief as the Mac can give us everything we want & virtually none of the agony. Happy play time with that computer BG, just so glad it's not me. Been there, done that & I have no interest whatsoever in a T shirt. I would however wish to get a refund on all the days of my life I wasted working on a bug in a windows system....fat chance.
  6. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    46,531
    Loc:
    South Puget Sound, WA
    Fact is I have also wasted several days with Mac bugs over the years too. 10.6.3 had a doozy of an OpenGL crasher. Nobody's perfect.
  7. oldspark

    oldspark Guest

    Not sure but I think I had that twice on my work computer and had to send it in. Not sure why some people seem to have fun doing things like this.
  8. PapaDave

    PapaDave Minister of Fire

    Joined:
    Feb 23, 2008
    Messages:
    5,740
    Loc:
    Northern MI - in the mitten
    Knock wood.....but so far no problems running Linux systems for the past several years. I'm waiting.
    Seems as though more people dislike MS, or it's just easier to write these things for a windows system.
    AVG has a root kit scanner. How do you know if it's working............just because it says it is?
    I have 7 on this drive, and Linux on another (ssd), and I'm the ONLY one allowed to touch it simply because I've had to deal with just the sort of thing BeGreen is right now.
    "No PapaDave laptop for you".
  9. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    46,531
    Loc:
    South Puget Sound, WA
    I think it is more of a bang for the buck deal. It's the price of being popular. They can infect 20,000 linux systems, 100,000 Mac systems or 800 million Windows systems. Guess where they are heading?
  10. Frozen Canuck

    Frozen Canuck Minister of Fire

    Joined:
    Dec 14, 2009
    Messages:
    863
    Loc:
    North central Alberta, Canada
    For sure on that last post BG in their world it's all about being the one who crashed the big boy, that's MS. Sorry if I sounded snide, it's just that I hated every minute of bug chasing I ever did as I knew they were busy on the next version while I was working on fixing the grief of the previous one. It finally came down to me admiting to myself that they were better at building them than I was at finding & fixing them. Apparanently they are also better than the folks who write code for virus protection software as well.
  11. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    46,531
    Loc:
    South Puget Sound, WA
    Performing low level format to the drive as I type.
  12. ISeeDeadBTUs

    ISeeDeadBTUs Guest

    When they start catching the bastards, loping their hands off at the wrist and requiring restitution, the small timers would abandon this abominal practice.
  13. smoke show

    smoke show Guest

    Thanks, now I'm afraid to use my computer. :lol:
  14. mayhem

    mayhem Minister of Fire

    Joined:
    May 8, 2007
    Messages:
    1,938
    Loc:
    Peru, MA
    There's the problem right there and its endemic of virtually all the systems I see with infections. The user neglects their own protection and always figures they'll update it tomorrow, or worse...turns it off willingly because its annoying or slows their system down or something.

    I've been seeing infections that do what you describe for a few years now...even including the inhibition of safe mode cmd prompt commands...its not that safe mode has been affected, the script screws with the executable commands.

    I've pretty much stopped putting massive efforts into virus/malware repair. Do your best to do a data backup and nuke it. No matter how hard you try it always has a hook somewhere thats undocumented or you just can't find and you almost always get a phone call within the next 2-4 weeks for the same problem.

    Don't forget to also write protect your hosts and lmhosts files. Easy pickins on most wintel machines to setup a redirector that most people will never find.
  15. oilstinks

    oilstinks Feeling the Heat

    Joined:
    Jan 25, 2008
    Messages:
    457
    Loc:
    western NC
    i got it a while back. really annoying
  16. schlot

    schlot Minister of Fire

    Joined:
    Nov 21, 2011
    Messages:
    771
    Loc:
    Iowa
    I got a re-direct a couple times. Not a big deal once you learn how to handle it, but learning the first time is frustrating. AVG and Malwarebytes are on my system and keep it clean. Both are free too!
  17. Hass

    Hass Minister of Fire

    Joined:
    Mar 20, 2011
    Messages:
    529
    Loc:
    Alabama, NY
    If you have a good redirect virus, it WILL NOT be detected by AVG, norton's deep cleaning program, avast mcafee or any other virus detection.
    The easiest way to get rid of it if you don't know what you're doing is go on a computer forum and ask for help. They'll usually want you to start out with a "hijack this" log... Then advise you from there.
    It's an absolute pain in the rump to get rid of.
    Definitely easiest to just format and start over.

    People commonly call it the google redirect virus but it's actually not just google, nor has anything to do with google. It's any search engine.
  18. schlot

    schlot Minister of Fire

    Joined:
    Nov 21, 2011
    Messages:
    771
    Loc:
    Iowa
    True. It was fun to find out how to get rid of it, and like you said, it affected more than google. The way I found it was by looking on some forums than run AVG in administrator mode. Took two or three pulls of the software to remove it too.
  19. Battenkiller

    Battenkiller Minister of Fire

    Joined:
    Nov 26, 2009
    Messages:
    3,732
    Loc:
    Just Outside the Blue Line
    Sounds like one of these malware devices has a hold of my wife's computer. I have never seen such a sluggish pig. I think she's getting a new Mac Book Pro for Christmas, I'm tired of listening to her whine about it.

    I have never had any kind of problem with these things on my iMac. However, I've been toying with installing a version of Windows on it because there are a few boat design programs I want to play with that only run on Windows. Will I be in danger of having my hard drive infected if I put Windows on it?
  20. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    46,531
    Loc:
    South Puget Sound, WA
    Good question. I don't think that it would affect the Mac partition because the programing for the memory resident trojan would be useless in the world of Mac OS, but I could be wrong.
  21. begreen

    begreen Mooderator Staff Member

    Joined:
    Nov 18, 2005
    Messages:
    46,531
    Loc:
    South Puget Sound, WA
    Hass is correct. I would not be complacent, it could be still infected. Try booting in safe mode and see if there is an admin account you have not control over.
  22. pastera

    pastera Feeling the Heat

    Joined:
    Sep 8, 2008
    Messages:
    289
    Loc:
    SE Mass
    I normally dont boot a suspect drive - boot from a live linux disk or emergency boot cd and scan

    http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/


    having rebuilt family members computers several times because of refusal to follow even basic precautions I now tell them I have to wipe it so just buy a new one - Not going to invest several hours of work if they won't change their ways...


    Aaron
  23. Dakotas Dad

    Dakotas Dad Minister of Fire

    Joined:
    Mar 19, 2009
    Messages:
    1,343
    Loc:
    Central Kentucky
    Wife and I are both tech savvy and IT people. We started the "third times a charm" view several years ago, when a 4 day trip home to her family turned into a 72 hour full court press computer rescue mission.

    We have a friend with like 7 e-machines in her basement, every year or so, she gets cooties so bad it's unbelievable, and we got tired of rebuilding boxes for her. just told her how to reformat.. that's to much trouble, so she just buys another crappy machine every so often and runs it 'till it's full of crap. rinse, repeat.
  24. gpcollen1

    gpcollen1 Minister of Fire

    Joined:
    Oct 4, 2007
    Messages:
    2,026
    Loc:
    Western CT
    That was true before Apple gained market share. Once the fish are big enough to provide food to eat, they get fished!
  25. Jags

    Jags Moderate Moderator Staff Member

    Joined:
    Aug 2, 2006
    Messages:
    14,732
    Loc:
    Northern IL
    Ding, ding, ding.

    I take an overview of the infection and decide on which will take less time. Flushing out the virus, or flushing the drive.

Share This Page