Is it possible that the latest updates to the core engines of the Windows operating system have made it even more vulnerable to attacks from both malware and spyware that reside on the Internet? It’s likely that drive by exploits have been responsible for the rise in the number of strings that make part of the family; win.32.googleredirectivirus. This is a lucrative niche for the malware creators to invest their time in however and it’s not a surprise that so many people become infected. If you read the latest virus bulletin index shows some of the reports that support this statement.

You must not take the Google redirect virus for granted!

This above statement is something that every Windows user should pay attention to. Why? Because what can start off as a simple browser hijacker can quickly turn into a root kit with key logging activities that reside in the Kernel32.dll files. For the average user, this means they are hard to remove, and can often stay undetected for a long time. The main issue with traditional anti-virus software is that its heuristics engine is primitive and actually does a very poor job of detecting virus like activity. This mean it relies upon its database of definitions which don’t always include the ‘0-day’ viruses that you hear so much about.

Remember, there are dozens of guides out there on removing it. Removing malware’s google redirect removal guide has plenty of useful information and step by step instructions. This can assist when you’re dealing with a root based system virus that shows no signs of stopping. Remember, the registry is the weak point and the ‘HKLM’ directory is somewhere that should always be protected and ensured to deal against the likes of threats that occur from a typical browser hijacker.

A typical lifecycle of the browser hijacker starts in the appdata folder and often changes to a deeper root location, typically the pre-caching folders are the main targets since they reside in the system memory at start-up and are typically non-volatile in terms of system mount points. This is why a root kit can stay resident in a Window system for a lot of time. Of course, tools such as sysinternals system monitor can expose these constant system hook accesses and show the end user that there is in fact a lot of activity that is coming from unknown executable files. You often spot these in both appdata, system32 and temp folders and generally the names are rather peculiar and will end in strange characters. Are the Russian hackers behind this originally? Of course it’s possible, but too many strings exist nowadays so keeping track is something of a tricky situation to say the least.

Gavin – Tech Analyst