Helping people with computers... one answer at a time.

Google Redirect/YellowMoxie sounds like a virus. Time for some step-by-step malware cleaning of the computer.

How do I get rid of Google Redirect/YellowMoxie? Just today it sprang up like mad. Every time I opened a screen on Firefox, these spurious links appeared. When they appeared on a site I maintain, I flipped out because they have no presence in the online source code and they don't seem to be corrupting my local versions.

Your site has always had them, but I just assumed you were making a few extra bucks. I looked for YellowMoxie online and found Bleeping Computer and their advice - downloading AdCleaner. It selected for deletion a huge number of files including some that I might have needed. I let it delete them, but none of the problem went away although a change in my login set up that I had undone (a second user) reappeared out of the blue. I feel almost as worried about what AdCleaner might have done as what I got the original computer thing from. Please help. I have screen shots of all including your site but I can't attach it here.

In this excerpt from Answercast #86, I look at a case where a machine seems to by hijacked by a redirection virus.

Google Redirect/YellowMoxie

Yeah, I don't need the attachments. What this sounds like is a classic case of malware.

The reason you're seeing it on all these different sites including your own (even though you know it's not actually not on your site) is that it's on your computer. It's malware that has installed itself on your computer.

Advertising on Ask Leo!

I don't have it on my site. I can absolutely tell you that.

I have two different forms of advertising that show up on my site: Google AdSense, and for now Kontera, via text links. Those are it. YellowMoxie or anything like that is not something I've ever heard of and certainly not something I've ever used.

Full-system backup for protection

Now, there are couple of things that has me a little concerned. One is AdCleaner, I actually have a lot of faith in Bleeping Computer. I think they give pretty good answers in general.

What I wish you would have done is performed a full-system backup, a full-image backup before running that tool.

Any of these kinds of cleanup tools can do a huge amount of work; they can actually make massive changes to your computer. Sometimes, that's not what you want - but sometimes, you won't find out until after it's done.

If you had an image backup taken prior to running this AdCleaner, you would at least be able to restore your computer to the state that it was prior to running the tool.

Sounds like malware

Now, my sense is that, aside from a couple of unexpected things reappearing, AdCleaner is probably not much to worry about. You still have problem, however. That to me means that this isn't really a benign ad-cleaning situation - it really is malware.

My recommendation is that you do the following:

  • One: make sure you are running up-to-date anti-virus and anti-spyware tools. Perhaps the same tool if you're running something like Microsoft Security Essentials.

  • Make sure that its database is up to date and ready and willing to scan for the absolute latest threats that have been identified.

  • Run those tools; run a full scan on your machine - not a quick scan, if the software offers that, but run a full scan on your entire machine.

  • Then go out to malwarebytes.org; download and run their free tool. That tool does capture some things that other tools do not - and in fact, this kind of browser hijacking, click redirection, those kind of things happens to be one of the things that Malwarebytes seems to be particularly good at getting.

So that's what I would do. Run anti-virus and anti-spyware scans and run Malwarebytes.

(Transcript lightly edited for readability.)

Next from Answercast 86 - How do I avoid ransomware?

Article C6231 - January 10, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Bill
January 11, 2013 12:37 PM

I think I understood Leo's answer but the question was Greek to me - and I don't speak Greek.

Mark J
January 11, 2013 1:29 PM

@Bill
I think you mean Geek, not Greek ;-)

Jackie
April 15, 2013 12:54 AM

4/15/13 I have the same Redirect/Yellow Moxie virus. Imitsearch is also involved. Frequently Internet Explorer also says something about the program has caused IE to close. I have just tried 16 link clicks where IE10 had a problem 4 times & Imitsearch tried to redirect 12 times. Never got to any productive site. I have run MS Security Essentials, Super AntiSpyware, Malwarebytes anti-malware, Spybot, Threatfire & Rkill. Not only does it not clear the problem but it does not find anything. Any other programs to suggest for removing the problem?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.