I got this same google redirect virus today. I tried to use my McAfee total protection to scan the harddisk and found 4 files were effected. McAfee autoremoved those files. But the virus was there. I used Malwarebytes to scan and found the virus in regeidt /HOME_CLASSES_ROOT/.fsharproj. After Malwarebytes removed the virus. Everything runs fine. But after reboot, the virus came back again. Does anyone know how to remove this virus? Thanks.
I have figured out the virus file -- explorerwin32.dll. Those files detected and quarantined by McAfee were not related with this google redirect virus. Although I tried to use McAfee and Norton to scan my whole system, both could not detect this virus. I used Malwarebyte to scan my system and it could report the virus in regedit,
Malwarebyte could remove these setting from register. But every reboot, these setting would come back automatically. Until I installed unhackme and used it to scan my PC. It did find this virus file -- explorerwin32.dll. After I removed it, my browser worked fine now.
The only other place I've seen explorerwin32.dll mentioned is on baidu.com, in a post from 2008. That post mentioned a virus called Novarg B - which is also known as MyDoom. That's a known virus and McAfee will detect it.
The .fsharproj entries in your registry would seem to be from a Trojan infection. If the registry entries reappear you may have a rootkit infection, and in that case you will need to ask for assistance from one of the specialist forums.
Although I fixed the google redirect issue after I removed exploerewin32.dll, I got another issue in google search by using firefox. When I opened google.com through my firefox (3.6.22), moved the mouse to the search frame and clicked it, then the background color of the search frame will be changed from white to light blue. After that, the words (I think it may be light blue too) which I filled in could not be displayed. But I could see them after I highlight them. I clicked search button, google.com had feedback based on what I filled in.
I opened the IE8 in the same PC, it got the same issue. But the words which I filled in was displayed in black color, I could see them. I opened my antoher PC, it did not have such issue when I search something through google.com, the frame background color was white.
Do you know whether this was still caused by some virus because I did not fully remove them? Thank you.
I don't know what caused the colour in the search frame to change to light blue. If it were only Firefox I would have said check the browser settings, but it happens in IE as well? Strange. Check to see whether you have any new add-ons or Browser Helper Objects. Resetting the browser options to default settings is possible in IE, and perhaps possible in Firefox. I've never had to do it, so I don't know if it will cure the problem.
Thank you for your reply, Hayton.
Yesterday my McAfee suddently reported it detetected one virus file -- DirectxTrayTray.dll. It was under \All Users\Application Data\. I did scan this suspected file wiht McAfee and Norton when I found the exploerewin32.dll under \username\Local Setting\Application Data\Microsoft\Internet Explorer. Both anti-virus software did not reported anything.
Now the browser search frame issue was gone. Thanks.
Now I have the name of that dll I know what this is. It's a Trojan, recently detected by McAfee.
See http://home.mcafee.com/virusinfo/virusprofile.aspx?key=591601#none for the details.
Possibly the McAfee scan did not completely remove it. The removal instructions are as follows -
Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:
2.Update to current engine and DAT files for detection and removal.
3.Run a complete system scan.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.