Google redirect Trojan removal

Salinaplanet · ‎08-08-2012

I have followed the previous posts regarding Norton 360 not recognizing an infection with the google redirect Trojan. My Vista Home Premium laptop became infected 4 days ago following my son's surfing on YouTube. The symptoms were that a Google search would first direct you to a generic advertising linked site. A scan with Norton 360 with current definitions didn't locate any malicious malware file.

I didn't use NPE at that time because the infected files weren't located by my Norton 360 software. I turned to a Malwarebytes free version that I had, which scanned and located 2 files. MAB identified them as:

Name: "Trojan.RedirRdll3.Gen"

Files:

Memory Module: C:\Users\John\AppData\Local\Apps\Apple Computer\hbpfdb.dll (Trojan.RedirRdll3.Gen)

Registry Value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Apple Computer (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\John\AppData\Local\Apps\Apple Computer\hbpfdb.dll",CreateInstance -> Quarantined and deleted successfully.

Malwarebytes cleaned and quarantined the 2 files. After rebooting, a MAB full scan found no other instance of the Trojan and my browser search on Google has performed normally. I am wondering if this could be a different google redirect version than the one in the previous thread. My PC isn't a Mac, but I do have Apple ITunes as an app for my son's IPod Touch. Would Apple ITunes or an Apple app (Apple Computer) be an unrecognized avenue in for this Trojan? Could a router be infected? Could the solution be to run a MAB quick scan every day?

It does seem to indicate that a 3rd party malware detector program should be used regularly until Norton 360 is updated for this types of intrusion. Does another user have a similar experience with this particular file infection? I'll undoubtedly become reinfected until a malware definition fix is provided by Norton.

I would appreciate any comments. I have been a Norton Symantec user for 4 years at home and 12 years at work. This is my first community post. The previous redirect thread appears to have been resolved for that variant.

Quads · ‎07-21-2008

Just looks like a variantion of Tracur

Quads

Salinaplanet · ‎08-08-2012

Thanks for your reply. I've used the information to do additional research on Tracur.

There are plenty of ersatz sites that offer to remove the "Trojan.RedirRdll3.gen" that will likely leave you poorer and not cure your problem. I'm hoping most users know these sites will likely install worse problems.

I broke down and purchased to pro version of malwarebytes to turn on real time protection while I try to find the next avenue to take. I have Norton 360. Other users have had some problems with NPE, so I'll try to keep my system intact.

What bugs me is the use of "Apple Computer" in the malicious file names. If I am reinfected I'll likely uninstall Itunes, Bonjour, Safari and Quicktime as these are Apple resource wasters anyhow. Am not likely to afford an IPad for my kid soon.

Just waxing eternal until I am less uncertain deleting the original Trojan entries with MAB will stop the redirects. I've admired your work in other threads. Thanks for now.

Norton 360

Google redirect Trojan removal

Re: Google redirect Trojan removal

Re: Google redirect Trojan removal

Products

Services

Support