Preventing - Google Redirect Virus ?

Discussion in 'other anti-malware software' started by JosephB, Dec 8, 2011.

Thread Status:
Not open for further replies.
  1. JosephB

    JosephB Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    310
    I was recently got my pc infected with a Google Redirect Virus (by browsing the Internet via IE) which also had the side effect of slowing down my pc with network location awareness service termination errors. Luckily, I had a recent backup image before the virus infection and restored it and was back in business.

    Question:
    Has anyone tested to determine which security pgms would have prevented the virus from infecting the pc in the first place ? Especially, was wondering if I had sandboxie or defensewall or comodo (or KIS) would this virus been stopped from being installed ?
    .... I want to install a security pgm that will prevent something like this again in the future.

    ... P.S. From my investigations, I think that others refer to the Google Redirect Virus as RootKit Virus going by either the names of TDL3, TDSS or Alureon
     
    Last edited: Dec 8, 2011
  2. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    the tdl4 rootkit(i guess this is what you are talking about)is always mutating so the AV companies cannot catch it all the time. use the tdl4 remover (kaspersky tool)and then something to isolate the unknown software.. ;)
     
  3. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA

    Hello,

    Next time, please...PREVENTION ! Once the rootkit has infected your system and patched Windows drivers, even after removal with any tools [TDSSKiller, etc.] I wouldn't trust that computer anymore. I would rather use DBAN and “nuke” that HDD with zeros [0] and 1's to be sure nothing is lurking on my computer HDD. I wouldn't even trust on a simple reformat with the Windows CD/DVD.

    To not get infected by this rootkit again, Force/Sandbox your browser [if using the paid version of SBIE]; in regards to DW [if you had it installed before the rootkit infection], it should've prevented this form happening as long as the browser was running as Untrusted.

    Thirdly, Comodo FW with D+ and execution control set to Untrusted should have alerted you before this rootkit being executed.

    Lastly, make sure you have the latest versions of Adobe Acrobat Reader, Adobe Flash Player, Jave SE Runtime Environment and also Windows and Office updated to the latest service pack and all the hotfixes installed.


    Regards.
     
  4. JosephB

    JosephB Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    310
    tipo,Zyrtec,

    Thanks for advice and info !

    Zyrtec,
    That is why, once, I realized that it was a rootkit I decided to do a complete drive restore from my backup Full Disk Image (which includes mbr) that was made before getting infected.
    ... Shouldn't this method be safe enough to trust the computer again ?
     
Loading...
Thread Status:
Not open for further replies.