virus/trojan using adsense.

Forum Moderators: martinibuster

Message Too Old, No Replies

virus/trojan using adsense.

cool1g

8:56 pm on Apr 18, 2007 (gmt 0)

i'm wondering if anyone has seen this virus/trojan before - i just got it last night somehow :(

anyway, what the virus/trojan does is that after you do a normal google search, it at first gives you the normal results. then, after about a 2 second delay, it forwards you to a google results page that has been run through a 'adsense for search' search box for that search phrase. what i think they are doing is somehow capturing the search phrase and then submitting it via a form through this person's 'search for adsense' search box. hence, the results you see are the ones just like you see if you put the search for adsense box on your pages and search in that manner. i've already reported this jerk to google.

however, i cannot find any reference to this hijack on the net - i figured that a adsense forum might have some people who have seen it or heard of it and know how to get it off.

thanks!

jatar_k

10:35 pm on Apr 18, 2007 (gmt 0)

sounds more like spyware than an actual virus

pretty common for spyware to bait and switch ads, search boxes, form portions

fun for the whole family

try running adaware or spybot, those two are solid

also watch alot of anti spyware programs are actually spyware, nice eh?

cool1g

10:56 pm on Apr 18, 2007 (gmt 0)

this appears to be a new one...can not find any reference to it on the spyware/malware boards yet.

really google is the one getting hurt the most as instead of getting 100% of the revenue from the clicks on their main page, they are sharing it with with whoever has figured out how to replace google's ads with ads with their own pub ID. but regardless its something that was forcefully installed on my computer without my consent so that alone sucks.

jatar_k

11:07 pm on Apr 18, 2007 (gmt 0)

have you tried to remove it using adaware or some other yet?

this isn't as uncommon as you might think, I've seen a few that do the same, or similar.

cmendla

11:42 am on Apr 19, 2007 (gmt 0)

Have you tried the same search from a different machine? That would help confirm if your machine is really infected or not.

If you use spybot, enable the advanced tools and look at the browser helpers, active x and startup using the tools. there is a slide out tab on the right that will give any known info about the processes. Be careful what you delete as you could kill your system or some of your apps.

justageek

2:59 pm on Apr 19, 2007 (gmt 0)

really google is the one getting hurt the most as instead of getting 100% of the revenue from the clicks on their main page, they are sharing it

I have't seen this one yet. But...the best, or worst depending on how you look at it, is the one I had a few months ago.

It replaced the Google click through URL for the ads on the SERP with the REAL client URL. Looks like they used the &q or &adurl var to do it. Pretty slick way to stop all advertising revenue from making its way to Google.

JAG