Jump to content

Browser Redirect Virus/Trojan must be a new variant...

Recommended Posts

I'm looking for the most current how-to guide as in as new as of September 22, 2011 on removing what apparently is the newest variant of the dirty Google Redirect Virus/Trojan that has eluded and absolutely baffled virus and spyware removal programmers for the past few weeks. I've tried multiple programs already to remove this infection which has deployed trojans that have been flagged as "Generic Artemis" by McAfee and .fsharproj was removed at one point. Searching Google doesn't give me the most current information on removing this plague.

Redirect locations that should be added as blacklisted - morsearch.com, bizzclick.com, find-answers-fast.com

Link to post
Share on other sites

Hello crimefighter: :welcome:

If a system of yours is infected, the best thing you can do is deal with it here so other systems do not become infected.

If you think your system is infected, here are the steps needed to get your computer cleaned:

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support


As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start your own topic in the
Malware Removal - HijackThis Logs subforum
so a qualified expert can help you fix any malware related problems/infections you may have.

  • Please read and
    , skipping any steps you are unable to complete. Then post a

  • After posting your new post, make sure under
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    , so that you're alerted when someone has replied to your post.

  • One of the
    there will give you one-on-one assistance when one becomes available.

  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.


    • You may send a Private Message to a Moderator asking for assistance.


Alternatively, as a paying customer, you can contact the help desk at


If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the Add-Reply.png button instead of other ones when you start replying. :)

Link to post
Share on other sites

Does Malwarebytes currently detect what is described here (which was just posted online mere minutes ago...) --


"Malware that sticks to a web browser is no news to anyone, but now, a new threat has been discovered that after infecting Internet Explorer, it drops a piece of spyware onto your Firefox.

With the aid of Bitdefender, MalwareCity identified the virus as being Trojan.Tracur.C. When Internet Explorer users decide to update their Flash Player, the rogue plug-in that compromises the browser also infects Mozilla Firefox by snapping a malicious add-on to it .

Trojan.JS.Redirector.KY monitors all the webpages loaded in Mozilla's browser. Once the unsuspecting internaut types the URL address of a search engine, such as Yahoo, Bing or Google, a piece of Java Script code gets injected into the resulting pages, making sure that the first link points to a malware containing location.

From here on, the infection process continues, victims being subjected to attacks coming from all sorts of threats.

According to Sophos, Trojan.Tracur.C affects Windows platforms and it runs automatically in an attempt to establish a communication channel with a remote server via HTTP. It changes Internet Explorer settings by creating registries such as HKCR\.fsharproj, HKCR\Zghypcxhle, HKCU\Software\Zghypcxhle, HKCU\Software\Classes\Software\Zghypcxhle.

Trojan.JS.Redirector viruses operate by launching an SQL injection attack that inserts JavaScript into the HTML pages they target.They can also be contained in HTML-based email messages which embed the script or malevolent websites which redirect the user to unwanted locations."

Link to post
Share on other sites

After trying several different programs, which ended up being Microsoft Security Essentials being the last one and manual removal of the offending files and sending them here for analysis - it appears Tracur.AF has been defeated and a few more hidden items were found - java/openconnection.ou

Firewall is now set to paranoid mode as I'm not convinced Facebook is safe to use...this can be closed.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.