Helping people with computers... one answer at a time.
Google Redirect/YellowMoxie sounds like a virus. Time for some step-by-step malware cleaning of the computer.
How do I get rid of Google Redirect/YellowMoxie? Just today it sprang up like mad. Every time I opened a screen on Firefox, these spurious links appeared. When they appeared on a site I maintain, I flipped out because they have no presence in the online source code and they don't seem to be corrupting my local versions.
Your site has always had them, but I just assumed you were making a few extra bucks. I looked for YellowMoxie online and found Bleeping Computer and their advice - downloading AdCleaner. It selected for deletion a huge number of files including some that I might have needed. I let it delete them, but none of the problem went away although a change in my login set up that I had undone (a second user) reappeared out of the blue. I feel almost as worried about what AdCleaner might have done as what I got the original computer thing from. Please help. I have screen shots of all including your site but I can't attach it here.
In this excerpt from Answercast #86, I look at a case where a machine seems to by hijacked by a redirection virus.
Yeah, I don't need the attachments. What this sounds like is a classic case of malware.
The reason you're seeing it on all these different sites including your own (even though you know it's not actually not on your site) is that it's on your computer. It's malware that has installed itself on your computer.
I don't have it on my site. I can absolutely tell you that.
I have two different forms of advertising that show up on my site: Google AdSense, and for now Kontera, via text links. Those are it. YellowMoxie or anything like that is not something I've ever heard of and certainly not something I've ever used.
Now, there are couple of things that has me a little concerned. One is AdCleaner, I actually have a lot of faith in Bleeping Computer. I think they give pretty good answers in general.
What I wish you would have done is performed a full-system backup, a full-image backup before running that tool.
Any of these kinds of cleanup tools can do a huge amount of work; they can actually make massive changes to your computer. Sometimes, that's not what you want - but sometimes, you won't find out until after it's done.
If you had an image backup taken prior to running this AdCleaner, you would at least be able to restore your computer to the state that it was prior to running the tool.
Now, my sense is that, aside from a couple of unexpected things reappearing, AdCleaner is probably not much to worry about. You still have problem, however. That to me means that this isn't really a benign ad-cleaning situation - it really is malware.
My recommendation is that you do the following:
One: make sure you are running up-to-date anti-virus and anti-spyware tools. Perhaps the same tool if you're running something like Microsoft Security Essentials.
Make sure that its database is up to date and ready and willing to scan for the absolute latest threats that have been identified.
Run those tools; run a full scan on your machine - not a quick scan, if the software offers that, but run a full scan on your entire machine.
Then go out to malwarebytes.org; download and run their free tool. That tool does capture some things that other tools do not - and in fact, this kind of browser hijacking, click redirection, those kind of things happens to be one of the things that Malwarebytes seems to be particularly good at getting.
So that's what I would do. Run anti-virus and anti-spyware scans and run
(Transcript lightly edited for readability.)
Next from Answercast 86 - How do I avoid ransomware?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.