Google Hijack - Search results are redirected

TipsMake.com - "Google Hijack" - something is becoming more and more popular today. Users of Google search engines may complain about their search being redirected to unwanted pages, no matter which browser you use.

Google Hijack - Search results are redirected Picture 1

This happens when the system is infected with one of the following viruses: Trojan Win32 / Daonol.A / B, Trojan.JSRedir / Trojan.Gumblar, Win32.Alureon, Win32.Olmarik, Trojan.generic, TDSS rootkits, Backdoor .Tidserv! .Inf.

Some TDSS rootkit TDL3 variants also infect the system driver, such as iaStor.sys, atapi.sys, iastorv.sys, cdrom.sys , .

Symptom:

1. Clicking on the link of a Google search result will redirect to a random page.
2. Disabled tools like cmd and regedit, or running cmd or regedit can reset Explorer.
3. The message is displayed as a popup with the error ' DCOM server protocol launcher server terminated '.

Solution:

Old variants that attacked critical data of HKLMsoftwaremicrosoftwindows ntcurrentversiondrivers32 key such as Trojan.JSRedir, Daonol and Gumblar can be removed easily using MalwareBytes. However, recent variations, particularly the TDSS / TDL3 variant that MBAM cannot remove, can be used by TDSSKiller. Therefore, we recommend that users should always use TDSSKiller.

Download TDSSKiller, extract and run the file TDSSKiller.exe

Only attack FireFox:

Google search results that are redirected only affect Firefox browsers without affecting Internet Explorer.

Other attackers only focus on Firefox. Search results are redirected through domains like resultsad2.doubleclicker.net, goored, zfsearch.com and goougly.com, googlesearchserver.net, 66.230.188. * And other unwanted search results are displayed. .

Some of their variants also point attacks to Chrome.

Solution:

Jpshortstuff malware programmer has created a tool that can solve this problem. Users just need to download GooredFix.exe to your computer and use it.

When running this file, you need to close all Firefox windows, then double-click the executable file or right-click and select " Run As Administrator ".

If the problem is not resolved, you can use ComboFix, and ask a Virus & Spyware question and attach ComboFix records because other infections can also cause the search appliance to change directions. Recently, there is an infection patching one of the ' ws2_32.dll ' and ' user32.dll ' files where you need to replace the file to block redirection.