Takeaway: Consultant Bob Eisenhardt recounts his frustrating experience trying to track down and get rid of a client’s search-redirect virus. Here’s how he finally ditched it.
Ever go to Reno, Nevada? Well, if you have not, there is a terrific little virus making its way around the net that instantly takes you there from your search engine. About a month ago, one of my accounts in Manhattan reported that something was re-directing searches to odd websites, one of them coming up as SEARCH RENO. I tested the search on-site and it was indeed true.
All of the standard defense protocols such as a scan with MalwareBytes and ComboFix came up clean. Although the bug is commonly referred to as TDSS, the software fix that a co-consultant I work with totally trusted, TDSSKiller, came up equally clean. This was a surprise.
Sophos has a rootkit killer that also found no infections. ComboFix came up empty handed as did Gmer. Having thus exhausted the standard solutions, I was mightily frustrated.
Further research led me to a persistent link that indicated a services search for RANDOM.EXE running. It was not running on my client’s system. The random.exe link also advertises a paid software product to remove the virus, with a live chat concurrent with somebody (probably in India). I ignored that option instantly. (I have come to believe that some blogs pose question and answers by the same user under different names, an ingenious idea for the uninitiated to download an infected product.)
So where does this one come from? The redirect URL takes users to the IP address 63.209.69.107.
read more...........http://www.techrepublic.com/blog/security/battling-the-google-redirect-virus/8860?utm_source=dlvr.it&utm_medium=twitter