Also known as the "goored" infection, this is a Firefox hijacker that targets a variety of search engines:
Google, Yahoo, Msn, AOL and Ask.
Usually, the first sign of infection is that upon starting Firefox, you receive a notification that "1 new Add-on has been installed", although you did not knowingly install anything. When using any of the above search engines, you may notice that during the search you see names like zfsearch.com, v1.adwarefeed.com flash past in your status bar, as depicted here with a Google search:
Search results appear normal, and hovering over the links shows the legitimate sites. However, after clicking the links, you are directed to other sites. Again, if you check the status bar, you will see the fake domain names that are directing you to these sites.
These domain names are different for each search engine, and some of the common ones are these:
Google - goougly.com, clickfraudmanager, v1.adwarefeed.com
Yahoo - a.l.yimg
MSN - msnooze.com
Ask - wzeu.ask.com
The following removal guide should be followed if and only if you are experiencing these symptoms. It is highly recommended that you post to our Malware Removal and Spyware Removal after following this guide so that we can make sure this and any other infections have been removed.
There are many other infections that cause redirects as well, so if GooredFix doesn't solve your problem please post to our Malware Removal forum for assistance.
Please read Malware how-to guides information before following any of our guides.
This is a self-help guide. Use at your own risk.
================
Step 1:
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear.
Step 2:
We recommend that you now post a HijackThis log to our Malware Removal Forum to complete the cleaning process.
>> Malware and Spyware Cleaning Guide (to be completed before posting a log) <<
Please include the results of the GooredFix log as well, so that we can see what had been removed. The log can also be found on your Desktop, entitled GooredLog.txt.
Please post any questions or comments about this guide as a reply to this topic. Any further Malware problems should be posted in the Malware Removal and Spyware Removal forum.