Help, my Google search has strange results!

This is one of the more frequent things I hear from folks. You type a search request into your favorite search engine, but the results are all unrelated to the actual query. And there are lots of obviously bad sites showing up in the search results. Short and simple, you’ve got malware.

A while back I came across an article written by Rorschach112 called How To Fix Google Redirects – and all the steps/tools outlined in that post are very effective at resolving a lot of the Google redirect problems that I have had to deal with. So I thought I should post a link in case you’re the type of person who likes to fix-it-yourself.

How to fix Google Redirects, aka Win32/Olmarik, Rootkit.Win32.TDSS.u, Win32/Alureon.F, Backdoor.Tidserv!.inf

This infection hijacks your browsers to divert search engines to malware sites. Another symptom is getting the error message “DCOM server protocol launcher server terminated”. It is important that you do not try fix this infection manually, or to let your anti-virus program do it, as it can result in an unbootable machine if removed badly. This guide is designed to remove the infection easily and effectively, with no side-effects.

Rorschach112 goes on to describe step-by-step what you’ll need to do. He includes links to the specialized tools you’ll need and provides screenshots of what to expect along the way. It’s a simple straight-forward self-help document. So if you’re search results aren’t what you expect, give it a try.

So how did I get infected with this stuff?

I found the article above while researching the Backdoor.TidServ infection that Symantec found on someone’s computer. As it turns out this particular virus had originated back in 2008 and has morphed quite a few times and is still actively affecting machines. It uses various techniques to trick a user into installing the virus.

Some of the infection methods involve posting links in blog comments, or web forums that point to sites which have been hacked via SQL injection. By exploiting weaknesses in database security a malware author can insert code into a web form which can alter the contents of a website, often without the web site owner becoming aware until well after the damage has been done and the site visitors have been infected. This is sometimes referred to as a drive-by infection, because the visitor to the site may innocently stumble upon a site that has been hacked in such a manner and not be aware the they’ve picked up a virus until much later when they try to search for something.

Other methods of infection involve peer to peer file sharing services. The majority of traffic on these file sharing services is from people trying to obtain pirated/illegal software and keygens or cracks to unlock software for free. The malware authors often post their wares with names of popular search items and just sit back and wait for folks to download, install and infect themselves.

So why do virus writers do it?
Well, the answer is quite simple really. Money.

By redirecting your search results to sites of their choosing they can trick you into visiting sites which have a pay-per-click kickback to whomever referred the visitor to the site. If a virus writer could infect and refer 1,000,000 people it adds up quickly.

Even more profitable are the pay-per-install programs. There are companies which offer affiliates a small fee from sales of their software. Symantec studies found one software in their research that paid referrers $0.15 per install. That may not sound like much, but if a person controlled 200,000 machines with a backdoor trojan and told them all to install that piece of software it’s a quick $30,000.

Be safe out there, and as always, if you need anything I’m here to help!
-Erik

Leave a Comment

So you think you have a virus?


Is your computer running especially slow?
Are your search results hijacked?
Are you getting pop ups?

It seems like a never ending battle at times. Malware (malicious software) keeps changing and finding ways to infect your computer. The first thing you’ll need to do is get rid of the malware, the next step is taking the preventative measures to make sure you don’t keep getting hit.

Getting rid of the virus…
Most folks already have a desktop antivirus solution in place. If not, then I recommended a couple free antivirus programs earlier. The important thing is to make sure whatever antivirus software you have is updated and set to scan on-access, also called real-time scanning. Outdated antivirus software is worse than no antivirus because it gives you a false sense of protection. So the first step is to update your antivirus software and run a full scan.

A second opinion…
Often times, the first thing a virus does to your system is disable your installed antivirus, so an online scan would be helpful in those situations. Online scanners are nice because they are always up to date. Also, the different software vendors look for different threats, so if you have McAfee or Symantec installed, you can run the TrendMicro, Eset, or Kaspersky scans to be sure your local antivirus didn’t miss anything.

Here are a few links to different online virus scanners to help you get a second opinion.


TrendMicro Housecall
http://housecall.trendmicro.com/

Kaspersky Online Scan
http://www.kaspersky.com/virusscanner


ESET online scan
http://www.eset.com/onlinescan/

Keep in mind that running an online scan can often take a long time, so plan to run the scan overnight, or when you’ll be away from the computer for a number of hours. Also remember that online scanning is a reactive process. Nothing beats the peace-of-mind you get by having updated desktop protection running full-time and keeping you safe.

Staying protected…
In an earlier article I wrote that choosing a desktop protection solution can be as easy as using whatever comes pre-installed on your computer by the manufacturer, whatever is on sale at the local bulk warehouse store, or whatever your friends and family use and recommend. I even posted a few of my recommendations

But be careful and do not install more than one antivirus software because they can conflict with each other, slowing down your computer and possibly leaving you unprotected as they fight over who gets to scan your files.

If you get a pop-up virus warning that isn’t from your installed antivirus software, then you’ve already been infected by a rogue program. Give me a call. I’m here to help.

Leave a Comment

Tis the season, the computer virus season.

Be careful what you click...
Hey, it’s me again, happy holidays! Last time I posted a few recommendations for security software. The feedback I received was great, I am glad you found the blog post useful. My goal is to keep providing helpful information for you.

Now is the time of year the virus writers are taking full advantage of all the holiday e-cards being sent. So please use caution when clicking links in email. Take the time to verify that you know and trust the sender, and be sure that the link you are about to click is from a reputable site.

For example, a recent spam email I got was from Halmark-Greeting, notice there was only one “l” in Hallmark. Some junk mail is easy to spot due to typos, either intentional or not, but others are more difficult to spot.

Here’s a tool I use and recommend to help check out web links:
McAfee Site Advisor McAfee Site Advisor

“SiteAdvisor software adds safety ratings to your browser and search engine results.”

So, first you need to download and install the Site Advisor tool from McAfee. Then, anytime you search, (using google, yahoo, bing, etc.), the results will have a Site Advisor icon to indicate whether the link is good, bad, or unknown. It’s really that simple. So instead of clicking a link in an email… just copy/paste it into your favorite search engine and let Site Advisor… um, advise you. 🙂

If you have any questions or comments, please let me know. I’m here to help.
-Erik

Leave a Comment

How are you staying protected?

Here’s a simple checklist for you:

  • Practice safe computing procedures
  • Keep all your software updated
  • Install anti-virus software on every computer
  • Install anti-malware software on every computer
  • Install a personal firewall on every computer
  • Backup often
  • Have a recovery plan in place

Safe Computing Practices

This basically means that you need to be careful, and use common sense. Don’t open unknown attachments, install unknown programs, use P2P file sharing, and things like that. It only takes a few seconds to click on something… and hours and perhaps days to recover from the damage.

Software Updates

In a previous blog I mentioned Secunia as one of the good guys out there helping to keep your software updated. It’s important to update all your software on a regular basis. That includes Windows, Office, Adobe, Java, Anti-virus, Anti-spyware, and anything else you can think of. Malware programmers are always looking for holes into your computer and unpatched software is a prime target. Out of date protection is worse than no protection because it lulls you into a false sense of security.

Anti-virus

There are lots of good anti-virus programs, so choose one that you like and stick with that. Here are a couple links to some free anti-virus programs that I’ve used and recommended. Just remember to only install one anti-virus. Having multiples can cause conflicts and render both useless leaving you exposed.

Avira Antivir Personal

MS Security Essentials

Anti-Malware

This one is easy for me to recommend. I’ve used it and it’s tried and tested to be one of the best.

Malwarebytes Anti-Malware

Firewall

At a minimum you should be running the built in Windows Firewall. But it’s recommended that you install a personal firewall as well. The Windows firewall blocks incoming ports preventing the bad guys from getting into your computer. A personal firewall also blocks outgoing ports which helps to prevent malware from “phoning home” and downloading more malware onto your computer. Here are a couple links for personal firewalls.

Online Armor

Outpost Firewall

Backup

There are many different backup solutions available today: from manually burning CDs/DVDs of your photos, to using software to copy important files to external USB storage, and even using scheduled backups to online storage. The important thing is to backup early and backup often. You never know when disaster may strike so always keep a copy of your important files.

Recovery

Recovery is as simple as reversing your backup plan, or at least it should be. Again, you can only recover what you’ve already backed up. If you’ve used backup software to save your files to external media, CDs/DVDs/USB storage, etc, then make sure to store a copy of that software along with your media.

I hope that this checklist helps to outline the steps to staying protected on the internet. The only truly safe and secure computer is one that is not connected to the internet and unplugged from the wall. Of course it may be safe but it’s not very useful. 🙂

As always, if you have any questions or comments feel free to contact me.
Be safe out there,
Erik

Comments (2)