Viruses That Interfere With Google Results Open Internet Explorer Ads

Go.google.com

The Go.google.com Redirects virus is, according to the Darfuns website, one of the most prevalent and quickly spreading pieces of malware on the Internet. According to Darfuns, it is a browser-based hijacker that attacks Internet Explorer or Firefox and redirects them to fake websites containing Google Adsense, banner, gambling or pornographic advertising. Malicious websites include clearask, web-analytics.google, brittaniasearch and go.google.The virus can also prevent you from downloading files from the Internet. It will display error messages such as 'Setup files are corrupted,' 'Can't open page' or 'Invalid application.'

Troj_qhost.gc

Troj_qhost.gc is a trojan virus that hijacks Google's Adsense text advertisements and replaces them. Adsense ads adjust according to your search. A malicious ad may leave the entire ad intact but alter the URL to redirect you to a dangerous website. According to TrendLabs, the virus modifies your computer's hosts file, prevents you from connecting to Adsense advertisements and redirects your browser to another Internet protocol (IP) address that serves third-party gambling and pornography advertisements.

Nameless Malware

Seeded Google searches and hijacked ads also occur due to unnamed viruses and malicious code in hacked websites. Discovered by Sunbelt Software, this hidden intruder often forwards to a .cn domain with a hidden frame. Within the frame, a JavaScript takes over. It permits redirection and installation of the malware on your system without your knowledge. According to TrendLabs, Japanese forums, blogs and bulletin boards (bbs) are heavily advertising the malicious domains.This particular problem is relatively easy to avoid. Make sure all software patches are up to date. Never click on a link that appears to have gibberish in the address. For instance, if you search for a video game and receive a link that appears as luxxrijkew.cn/330.html--even if it is .com--don't click it. The link should always appear to make sense. Set your browser and computer to ask permission before installing anything. Always use good, up-to-date anti-virus software.

Troj_ffsearch.a

A hacked website may contain malware, browser exploits (malicious code that tries to change your browser settings) and viruses at the same time. The virus troj_ffsearch.a is most commonly encountered on a hacked site with this combination and redirects your browser to malicious websites. This virus derives its name from ffsearcher.com, one of the websites used in the scam.Ffsearch may also download in the background while you are visiting another malicious website. According to TrendLabs, this version 'attaches an NTFS Alternate Data Stream (ADS) to a legitimate system file.' The virus deletes its executable file to prevent detection and removal. It monitors your activities and redirects Google searches to the website found in the Trojan's configuration file.There are two other versions of the virus. One hijacks your browser, changes your start page and redirects searches to a third-party search engine. The other, according to TrendLabs, downloads a list of URLs and generates fake clicks on ads in a hidden Internet Explorer window.

Zefarch

According to Symantec, this virus is a serious security threat. Once executed, the Trojan copies itself as a .dll file in the Windows directory, a Mozilla Firefox Extension, and an Internet Explorer Browser Helper Object. It also creates a registry entry causing it to restart daily. It protects itself and recreates the registry entry if you delete it. Zefarch watches for Google searches and inserts a JavaScript from zfsearch.com. It may also redirect you to potentially malicious sites or insert code into web pages.

Trojan_advatrix

Your computer may get Advatrix by installing programs or visiting a website with malicious code. It installs itself in ProgramFiles\WinBudget and creates files and registry subkeys. When Internet Explorer runs, the Trojan attempts to modify your browser security, contacts an external website and temporarily disables MS security patches. Each time you conduct a search, the virus visits Adsandads.com to download targeted advertising. It can also use JavaScript to replace advertising images. According to Symantec, Advatrix can download remote files and update itself.