Jump to content

Possible infection - redirector.gvt1.com


Recommended Posts

Greetings everyone!

Thank you very much for keeping this forum, to assist people like me. I'm pretty paranoid about computer security, so I've decided to create this topic after malwarebytes showed me some suspicious events. 

The event was an outbound connection from firefox, it logged 3 of these connection attempts right after each other. I checked my logs, and these were the only ones that happened in a long time (except from some skype related in and outbound connections, but I guess that's normal since it seems to be a peer to peer program, and I keep it running most of the time to communicate).
Malwarebytes blocked them and they haven't returned so far. I've googled what is this, and the results weren't really promising. Even though the domain appears to be owned by google, people claimed it can be signs of a serious infection, that's why I want to make sure nothing shady lurks on my computer. 

My PC is protected by the payed versions of:
- malwarebytes
- Eset nod32
And I also have spybot search&destory installed, along with adwcleaner. 

I've ran deepscans with all of them using administrator privileges, but nothing showed up.
P.S.: during this event firefox and chrome was open, but my active window was chrome not firefox. Firefox was just running in the background with a few tabs. None of my browsers have plugins, except Firefox with adblocker. The settings also seem to be fine without tampering.

The suspicious event (I apologize about the language, I could not find where to set it to english inside the program)

-Napló adatai-
Védelmi esemény dátuma: 2017. 03. 30.
Védelmi esemény időpontja: 12:43
Rendszergazda: Igen

-Szoftver adatai-
Összetevők verziója: 1.0.75
Frissítési csomag verziója: 1.0.1627
Licenc: Premium

Operációs rendszer: Windows 10
Processzor: x64
Fájlrendszer: NTFS
Felhasználó: System

-Blokkolt webhely részletei-
Káros webhely: 1
, , Blokkolva, [-1], [-1],0.0.0

-Webhely adatai-
Tartomány: redirector.gvt1.com
Port: [55218]
Típus: Kimenő
Fájl: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

I've attached the Farbar recovery scan tool logs to the post. 
Thank you very much if someone can assist me in this matter. 





Edited by miekiemoes
Attachements deleted per user request.
Link to post
Share on other sites

Just woke up this morning with this infection.  Normally don't run AV software other than Windows defender.  Turned my computer on this morning and opened my firefox and my browser was clearly hijacked.  Voice going "Critical alert from Microsoft" etc etc, unclosable log-in/sign-up credential pop up and fake alert boxes, crashing plugins, unclosable browser window. 

Used Chrome to grab MBAM and the scan showed nothing, but it was constantly blocking a website redirect from redirector.gvt1.com for 5 minutes or so before it went silent.  Scan report immediately after showed nothing.  A restart and a firefox browser reset later, I tried opening firefox without MBAM running, and there was no redirect.  Opened up MBAM and a repeat scan showed nothing, but a few minutes later, it blocked two more redirect attempts.  Definitely still lurking around.

Link to post
Share on other sites

Sounds like it means that MBAM is updating its database to be able to detect and remove the browser hijacker that it is already responding to in order to block activity for, but unable to find and remove at this time.  Malware is constantly evolving to avoid detection, and anti malware is constantly evolving in parallel to combat it.

Link to post
Share on other sites

Thank you very much miekiemoses for taking the time to look into this. You helped my paranoia a bit with this :D
I wish everyone a nice day!

Dangaard: I'm no expert, but I'm not sure you have the same problem as me. In my case the computer showed no sign of infection or weird behaviour at all. However your's seem to behave infected. I think you should start a topic to make sure  you get proper help in case there are really malicious stuff lurking there. 
I followed this topic to create mine: 


Link to post
Share on other sites

o_O  huh.  I guess I had a one time website redirect which corresponded to a new MBAM false positive?  I'll wait it out, see if it happens again when I disable MBAM.  If nothing happens, no harm no foul I suppose.  If it happens again then I can investigate further.

Link to post
Share on other sites

  • 9 months later...

I guess this is new. I am not using a PC, I am using an Android. I do not use chrome, nor do I update it as I don't use it at all, ever.

I too have kinks to .gvt1.com I just got them, not from a security alert, but because Facebook was updating.(ALL Auto updates on my accouns accept AntiV and Firewall, are off, but Facebook keeps creeping it's foot in the door so to speak.




At or around sametime above traffic, the only background traffic was,





Hope this helps the right people.

Link to post
Share on other sites

  • 4 weeks later...

Just wanted to add to this. I just was trying to update a new android phone, the essential. The update kept failing so I pulled up my firewall and Pi-Hole logs(DNS level ad-blocker), the phone kept trying to query "redirector.gvt1.com" on update. This was an android system update. This being a brand new phone, minutes out of the box, I took took to the web to look into it and arrived here after parsing through a bunch of misinformation, it seems. It is still unclear to me what or why it needs to contact this address, but it wasn't until I white-listed the address that I was able to perform the update. It's easy enough to see it was coming from the phones IP/Mac. It doesn't appear to me to be linked to any mal-ware. Just thought I would throw some more info into the information pool.


Link to post
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.