Search This Blog

Monday, March 28, 2011

Google Redirect Virus

It seems my laptop has caught the Google Redirect Virus.
Sometimes when I click on a link in google, I end up with an advertisment.
Sometimes (rarely) AVG anti virus will block the actual page that is about to come up but it does not find the actual redirect virus.
Luckilly it has not leaked into virtual box so my "new" machine is uninfected.
Personal backup
I also have been trying out various backup programs and one called "Personal Backup" is on my computer and I can not get rid of it.

http://fixredirectvirus.org/?hop=lsgifts  - Costs money.  No idea if it is real or a scam  The conspiracy theorest inside me suggests that it was written by the same team that wrote the virus in the first place.
Apparantly this virus is not a virus but something that simply changes some settings on my computer and is therefore difficult for AVG to remove.
So what are those settings.?

http://www.ehow.com/how_5842581_remove-google-redirect-virus.html
suggests removing TDSSserv.sys and
http://www.bleepingcomputer.com/startups/tdssserv.sys-23624.html
agrees

So the objective now is to remove it and WHO to TRUST???
http://www.liutilities.com/products/campaigns/affiliate/cb/offer/bleeping/rb/
registrybooster  - Costs money
http://softwareindustryreport.com/report/registry-booster.html

http://www.brighthub.com/internet/google/articles/66090.aspx


28-03-2011 Called AVG spoke to Renold.  He is sending me an email with instructions on analysing the computer and I will have to email back a file.
11-4-2011
The AVG guy never got back to me - slacko.
The problem seems to have been resolved by disabeling XULRunner 1.9.1
It is described as a Mozilla Run time package.
BTW, using  Firefox 3.6.16.
It woudl appear thatthe current version of firefox is 4.0
Time for a reinstall.
14-04-2011
Downloaded Firefox 4.0
Using Control panel>add remove programs> un installed firefox.
Installed Firefox 4.0
Lo and behold when I check the add ins there is XULRunner.
So the uninstall does not remove all traces.
Un installed Firefox 4.0
From
http://kb.mozillazine.org/Uninstalling_firefox
Deleted the Firefox Installation directory located here, by default: C:\Program files\Mozilla Firefox


Deleted C:\Documents and Settings\\Local Settings\Application Data\Mozilla\Firefox

Delete all C:\WINDOWS\Prefetch\FIREFOX* files


The Firefox uninstall will leave behind some Windows registry entries, which can be cleaned up using Windows regedit or a 3rd party registry cleaner. Normally, these extra entries are harmless, and it is not necessary to remove them. Note: registry editing is a potentially hazardous undertaking!.


Why bother having an uninstaller that does not actually un install.

So tried Simnet uninstaller
http://www.simnetsoftware.com/products/simnet-uninstaller.html
Ran it and told it to uninstall firefox 4.0.  It seems to just run the firefox uninstaller.  Hardly seems worth the trouble.  Although I am not sure whether the C:\Documents and Settings\\Local Settings\Application Data\Mozilla\Firefox had come back of not because it was not there are Simnet was run.

Lets check with regedit.
from http://www.tweakguides.com/Firefox_3.html
5. To remove all Firefox profile data, delete the following directories if they still exist:

In Windows XP:
\Documents and Settings\[username]\Application Data\Mozilla
\Documents and Settings\[Username]\Local Settings\Application Data\Mozilla
In Windows Vista and 7:
\Users\[username]\AppData\Local\Mozilla
\Users\[username]\AppData\Roaming\Mozilla\
This will ensure that all remaining custom data relating to your profile, any cached files, any files relating to installed extensions and themes for Firefox, will all be removed from your system.
6. Find and remove all of the major Firefox/Mozilla-related entries in the Windows Registry. Using the Windows Registry Editor (Start>Run>Regedit), delete any of the following keys if they exist - that is, right click on their name in the left pane of Registry Editor and select Delete:
[HKEY_CLASSES_ROOT\FirefoxHTML] - Not present
[HKEY_CLASSES_ROOT\FirefoxURL\] - Not present
[HKEY_CURRENT_USER\Software\Classes\Applications\firefox.exe] - Not present
HKEY_CURRENT_USER\Software\Mozilla] - Present - Deleted it
[HKEY_CURRENT_USER\Software\MozillaPlugins] - Not present
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla] - Present - Deleted it
[HKEY_LOCAL_MACHINE\SOFTWARE\mozilla.org] - Present - Deleted it
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins] - Present - Deleted it
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla] - Not present
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla.org] - Not present
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins] - Not present
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML] - Not present[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL] - Not present



Note: If you also have Mozilla Thunderbird or any other Mozilla products installed, make sure to only delete entries/folders which specifically relate directly to Firefox by name. If you're not confident with using the Registry Editor, see the Windows Registry chapter of the TweakGuides Tweaking Companion for more detailed instructions.

So you wonder what the uninstaller actually does.  Given this is 2011 you would have thought it could look through the registry and delete anything called firefox.

Reinstalled firefox4.0 and wow finally no reference to XULrunner.

No comments:

Post a Comment