Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

How To Remove clickfraudmanager, adwarefeed, zfsearch Firefox Redirect


  • Please log in to reply

#1
jpshortstuff

jpshortstuff

    Member

  • Member
  • PipPipPip
  • 119 posts
This guide pertains to the removal of search engine redirects through domains like clickfraudmanager, v1.adwarefeed.com, ad4.doubleclick.net, google.goored, goougly.com, zfsearch.com and others.

Also known as the "goored" infection, this is a Firefox hijacker that targets a variety of search engines:
Google, Yahoo, Msn, AOL and Ask.

Usually, the first sign of infection is that upon starting Firefox, you receive a notification that "1 new Add-on has been installed", although you did not knowingly install anything. When using any of the above search engines, you may notice that during the search you see names like zfsearch.com, v1.adwarefeed.com flash past in your status bar, as depicted here with a Google search:
Posted Image

Search results appear normal, and hovering over the links shows the legitimate sites. However, after clicking the links, you are directed to other sites. Again, if you check the status bar, you will see the fake domain names that are directing you to these sites.

Posted Image
Posted Image

These domain names are different for each search engine, and some of the common ones are these:
Google - goougly.com, clickfraudmanager, v1.adwarefeed.com
Yahoo - a.l.yimg
MSN - msnooze.com
Ask - wzeu.ask.com

The following removal guide should be followed if and only if you are experiencing these symptoms. It is highly recommended that you post to our Malware Removal and Spyware Removal after following this guide so that we can make sure this and any other infections have been removed.

There are many other infections that cause redirects as well, so if GooredFix doesn't solve your problem please post to our Malware Removal forum for assistance.

Please read Malware how-to guides information before following any of our guides.

This is a self-help guide. Use at your own risk.

================

Step 1:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear.

Step 2:

We recommend that you now post a HijackThis log to our Malware Removal Forum to complete the cleaning process.
>> Malware and Spyware Cleaning Guide (to be completed before posting a log) <<

Please include the results of the GooredFix log as well, so that we can see what had been removed. The log can also be found on your Desktop, entitled GooredLog.txt.

Please post any questions or comments about this guide as a reply to this topic. Any further Malware problems should be posted in the Malware Removal and Spyware Removal forum.
  • 0

#2
jpshortstuff

jpshortstuff

    Member

  • Member
  • PipPipPip
  • 119 posts
Updated guide to use latest version of GooredFix.
  • 0

#3
p12op4n3

p12op4n3

    Member

  • Member
  • PipPip
  • 29 posts
Hi, i was wondering if this type of virus has anything to do with identity theft/bank details, as i do a fair bit of internet shopping, although i have not yet come across this type of virus yet thankfully.
Also on the topic as a generalisation where and how do viruses start? Is it anything to do with the antivirus companies- creating a need for their product?
thanx
  • 0

#4
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts

Hi, i was wondering if this type of virus has anything to do with identity theft/bank details, as i do a fair bit of internet shopping, although i have not yet come across this type of virus yet thankfully.

The infection mainly redirects you to specific sites in an attempt for you to view whatever advertising is shown there. Also, those sites that you are redirected to can have other malware associated with them.

Also on the topic as a generalisation where and how do viruses start? Is it anything to do with the antivirus companies- creating a need for their product?

Most infections today are about stealing your identity, banking details or goading you into purchasing rogue products with the intent of removing malware. I highly doubt that any legitimate anti-virus company would be actively pursuing the path of creating infections. The work we do here and at other malware removal sites often assists anti-virus companies in providing consumer protection that is needed today and in the future.
  • 0

#5
p12op4n3

p12op4n3

    Member

  • Member
  • PipPip
  • 29 posts
Sorry, i did not mean that in an offensive way.
My train of thought was to question the purpose of creating a virus or if they can be created in another means. I was not implying that anyone here had ill intentions. Purposes often revolve around money so it was just a speculation on whether an antivirus company might want to do a thing like that and asking if you/others thought there was any logic/truth in that. Im sorry if i caused offence as i only meant it as a question.
  • 0

#6
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
No offence taken. :)

I just wanted to point out that infections these days are mainly around gaining access to personal information etc in an effort to take advantage of a person's financial status. It would be a legitimate anti-virus company's downfall if ever such an infection was traced back to them as being the creator of such code. The topic of anti-virus companies doing that type of thing has been around for years and I highly doubt that there is any truth in it.
  • 0

#7
p12op4n3

p12op4n3

    Member

  • Member
  • PipPip
  • 29 posts
:) thanx
Lol I hadnt thought of the tracing possibilty. How would you go about doing that? Iv heard its to do with your IP? can anyone trace the route of an item (virus,text,video,image etc) with a little know how?
I only asked because like you say the topic comes up, unless you know a bit about things it can seem feesable.
Thanx
  • 0

#8
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
This is not the topic that this issue should be discussed, so I won't take this any further than to add that you may be surprised what and how things can be traced. Maybe you would like to start a topic in this forum for some serious discussion between members about tracing abilities and computer forensics.
  • 0

#9
phammo

phammo

    New Member

  • Member
  • Pip
  • 2 posts
removed log
  • 0

#10
jpshortstuff

jpshortstuff

    Member

  • Member
  • PipPipPip
  • 119 posts
That log looks clean, but you ran the tool twice by the looks of things:
---------- Old Logs ----------
GooredFix[17.30.02_23-09-2009].txt


For that section of the log to be showing, it means that GooredFix has previously found and removed something, so I think its safe to say GooredFix was successful in removing the problem :)
  • 0

#11
phammo

phammo

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

thanks for getting back so quickly.

I'm still getting the same redirecting problem with google search results in firefox. Do you know of any similar viruses/solutions?
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post an OTListIt log in THAT forum.
  • 0

#13
downloadx

downloadx

    New Member

  • Member
  • Pip
  • 1 posts

Hi,

thanks for getting back so quickly.

I'm still getting the same redirecting problem with google search results in firefox. Do you know of any similar viruses/solutions?


I'm also still getting these problems. Goored did not find or remove any registry entry according to the logs.

Here's info on the problem:
I got this 6 months ago on my other PC and completely cleaned it back to new. But this time it's different, what worked last time no longer works. I was able to remove 90% of the problems with Malwarebytes, but not this one. I tried almost a dozen antivirus and anti spyware programs.

Reinstalling Firefox won't work. I noticed that there is a persistent profile (a horrible security decision) and other persistent data that don't get uninstalled. Deleting the profiles which contain extensions, etc.. does not work. In fact, I believe something is reinstalling the extension each time and it isn't part of the Firefox install but is possibly triggered by Firefox's startup. Possibly something in the registry or a background/startup tool that does this.

Workarounds that do work:
* When using google, never click on a lick to use it. Right click and copy the link to your clipboard and paste it into the url. This always works.
* Use Chrome or some other browser.

Any ideas on what will fix the redirect trojan this time? Reinstalling firefox doesn't work, there's something persistent I can't find.
  • 0

#14
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post an OTListIt log in THAT forum.
  • 0

#15
mastajon

mastajon

    New Member

  • Member
  • Pip
  • 3 posts
removed log
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured