Friday, July 30, 2010

Google search is not working properly, what could be wrong?

It has recently come to my attention that there are numerous variants of malware known as TDSS, (the family name of simialr rootkits) that will subtly take over your computer. I have so far seen 2 infected computers. As a result, I have done extensive research and want to alert you to the earliest and most common signs of this type of infection. So far, the exact origins of infections are unknown, but it is probably getting in as a drive-by download from an infected website that the victim visits. Once infected, the files and services installed by TDSS will be hidden, but there are early symptoms that the TDSS infection may display. These symptoms include:
  1. Google or other search engine result links will be redirected to unrelated sites. When you search through Google or other search engines and click on one of the search results, instead of going to the correct page you will instead be redirected to an advertisement or a page containing additional drive-by download viruses and malware. Some of the domains you are redirected to may be legitimate companies, but also may contain affiliate links that are dangerous. This is usually the earliest sign of infection.
  2. The inability to run various programs including but not limited to: updates to your anti-virus program, Windows or Microsoft Updates, anti-malware programs, etc. When you attempt to run certain programs, you will not receive an error, but they simply will not start. It does this so that you cannot launch anti-virus and anti-malware programs that may help you remove this infection.
  3. The inability to access various sites. TDSS is known to block access to many computer help and security sites.
  4. Web browsing may be slower than normal.

These TDSS rootkit variants are intrusive infections that eventually take over your machine and it is very difficult to remove. The reason it is so difficult to remove is that it runs resident in normal Windows AND in safe mode. Also, the variants keep changing daily or even more often, so that what worked yesterday to remove it on one machine may not work today on another machine. Another issue is that the available tools for removing rootkits often come without instructions or have such complex instructions that the average user is unable to use them, or may use them incorrectly causing permanent damage to the system that could be unrecoverable and lead to data loss. If victims continue to follow the re-directed search engine results, additional malware infections will occur that may result in not being able to do anything on the computer.

Keep in mind that there is no single product that is guaranteed to be able to identify and resolve every case of malware infection that exists, as each version or variant can change several times a day. This email is not intended to alarm you but to raise your awareness so that you will know as early as possible that your machine has been infected and can seek help. As always, feel free to contact me with any questions.


Sandy Coulter

http://www.geekmeup.com/

2 comments:

  1. This has happened to my home desktop computer. How can I fix this?

    ReplyDelete
  2. If you have a recent full backup you can restore your computer to that time, but you will lose any data created between the time of the backup and now. If not, it is probably best to contact a computer professional in your area for assistance.

    ReplyDelete