1 2 Previous Next 14 Replies Latest reply: Sep 30, 2011 9:51 AM by Hayton RSS

    SiteAdvisor Source of Google Redirect Virus?

      For the last 3 or 4 weeks, I have had a problem when I use Google search in Internet Explorer.  When I clicked on a link from a search results page, I was invariably taken to a different (but related) website.  So, for example, if I would try to go to a Wikipedia page in the search results, I would find myself directed to a newspaper website article about the same topic.  I tried to solve this problem by using Malwarebytes, with no success.  Then I disabled SiteAdvisor, which worked for a bit.  Then the problem came back.  Finally, I uninstalled McAfee entirely from my computer.  The Google redirect problem was immediately solved.  Now my Google searches work perfectly and are not hijacked.  I reinstalled McAfee, but left out the SiteAdvisor and things are working great so far.  I'm no expert, but it appears that a Google redirect virus has somehow infected McAfee, particularly the SiteAdvisor component.  Has this happened to anyone else?

        • 1. Re: SiteAdvisor Source of Google Redirect Virus?



          I got this same google redirect virus today. I tried to use my McAfee total protection to scan the harddisk and found 4 files were effected. McAfee autoremoved those files. But the virus was there. I used Malwarebytes to scan and found the virus in regeidt /HOME_CLASSES_ROOT/.fsharproj. After Malwarebytes removed the virus. Everything runs fine. But after reboot, the virus came back again. Does anyone know how to remove this virus? Thanks.

          • 2. Re: SiteAdvisor Source of Google Redirect Virus?

            Can you make a note of the names and locations of the files which are being detected and quarantined by McAfee, and also of the name of any virus, trojan, PUP or other malware that is being detected by McAfee or Malwearebytes, and post them here?

            • 3. Re: SiteAdvisor Source of Google Redirect Virus?

              @Hayton, I wonder if these incidents are related or purely coincidental



              • 4. Re: SiteAdvisor Source of Google Redirect Virus?

                Hi Hayton,


                I have figured out the virus file -- explorerwin32.dll. Those files detected and quarantined by McAfee were not related with this google redirect virus. Although I tried to use McAfee and Norton to scan my whole system, both could not detect this virus. I used Malwarebyte to scan my system and it could report the virus in regedit,





                Malwarebyte could remove these setting from register. But every reboot, these setting would come back automatically. Until I installed unhackme and used it to scan my PC. It did find this virus file -- explorerwin32.dll. After I removed it, my browser worked fine now.

                • 5. Re: SiteAdvisor Source of Google Redirect Virus?

                  The only other place I've seen explorerwin32.dll mentioned is on baidu.com, in a post from 2008. That post mentioned a virus called Novarg B - which is also known as MyDoom. That's a known virus and McAfee will detect it.


                  The .fsharproj entries in your registry would seem to be from a Trojan infection. If the registry entries reappear you may have a rootkit infection, and in that case you will need to ask for assistance from one of the specialist forums.

                  • 6. Re: SiteAdvisor Source of Google Redirect Virus?

                    Hi Hayton,


                    Although I fixed the google redirect issue after I removed exploerewin32.dll, I got another issue in google search by using firefox. When I opened google.com through my firefox (3.6.22), moved the mouse to the search frame and clicked it, then the background color of the search frame will be changed from white to light blue. After that, the words (I think it may be light blue too) which I filled in could not be displayed. But I could see them after I highlight them. I clicked search button, google.com had feedback based on what I filled in.


                    I opened the IE8 in the same PC, it got the same issue. But the words which I filled in was displayed in black color, I could see them. I opened my antoher PC, it did not have such issue when I search something through google.com, the frame background color was white.


                    Do you know whether this was still caused by some virus because I did not fully remove them? Thank you.

                    • 7. Re: SiteAdvisor Source of Google Redirect Virus?

                      I don't know what caused the colour in the search frame to change to light blue. If it were only Firefox I would have said check the browser settings, but it happens in IE as well? Strange. Check to see whether you have any new add-ons or Browser Helper Objects. Resetting the browser options to default settings is possible in IE, and perhaps possible in Firefox. I've never had to do it, so I don't know if it will cure the problem.

                      • 8. Re: SiteAdvisor Source of Google Redirect Virus?

                        Thank you for your reply, Hayton.


                        Yesterday my McAfee suddently reported it detetected one virus file -- DirectxTrayTray.dll. It was under \All Users\Application Data\. I did scan this suspected file wiht McAfee and Norton when I found the exploerewin32.dll under \username\Local Setting\Application Data\Microsoft\Internet Explorer. Both anti-virus software did not reported anything.


                        Now the browser search frame issue was gone. Thanks.

                        • 9. Re: SiteAdvisor Source of Google Redirect Virus?

                          Now I have the name of that dll I know what this is. It's a Trojan, recently detected by McAfee.


                          See http://home.mcafee.com/virusinfo/virusprofile.aspx?key=591601#none for the details.


                          Possibly the McAfee scan did not completely remove it. The removal instructions are as follows -

                          Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

                          1.Disable System Restore .

                          2.Update to current engine and DAT files for detection and removal.

                          3.Run a complete system scan.

                          Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

                          General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.



                          Message was edited by: Hayton on 26/09/11 19:23:22 IST
                          1 2 Previous Next