How do I get rid of Google Redirect/YellowMoxie? Just today it sprang up
like mad. Every time I opened a screen on Firefox, these spurious links
appeared. When they appeared on a site I maintain, I flipped out because they
have no presence in the online source code and they don’t seem to be corrupting
my local versions.
Your site has always had them, but I just assumed you were making a few extra
bucks. I looked for YellowMoxie online and found Bleeping Computer and their
advice – downloading AdCleaner. It selected for deletion a huge number of files
including some that I might have needed. I let it delete them, but none of the
problem went away although a change in my login set up that I had undone (a
second user) reappeared out of the blue. I feel almost as worried about what
AdCleaner might have done as what I got the original computer thing from.
Please help. I have screen shots of all including your site but I can’t attach
Yeah, I don’t need the attachments. What this sounds like is a classic case of malware.
The reason you’re seeing it on all these different sites including your own (even though you know it’s not actually not on your site) is that it’s on your computer. It’s malware that has installed itself on your computer.
Advertising on Ask Leo!
I don’t have it on my site. I can absolutely tell you that.
I have two different forms of advertising that show up on my site: Google AdSense, and for now Kontera, via text links. Those are it. YellowMoxie or anything like that is not something I’ve ever heard of and certainly not something I’ve ever used.
Full-system backup for protection
Now, there are couple of things that has me a little concerned. One is AdCleaner, I actually have a lot of faith in Bleeping Computer. I think they give pretty good answers in general.
What I wish you would have done is performed a full-system backup, a full-image backup before running that tool.
Any of these kinds of cleanup tools can do a huge amount of work; they can actually make massive changes to your computer. Sometimes, that’s not what you want – but sometimes, you won’t find out until after it’s done.
If you had an image backup taken prior to running this AdCleaner, you would at least be able to restore your computer to the state that it was prior to running the tool.
Sounds like malware
Now, my sense is that, aside from a couple of unexpected things reappearing, AdCleaner is probably not much to worry about. You still have problem, however. That to me means that this isn’t really a benign ad-cleaning situation – it really is malware.
My recommendation is that you do the following:
One: make sure you are running up-to-date anti-virus and anti-spyware tools. Perhaps the same tool if you’re running something like Microsoft Security Essentials.
Make sure that its database is up to date and ready and willing to scan for the absolute latest threats that have been identified.
Run those tools; run a full scan on your machine – not a quick scan, if the software offers that, but run a full scan on your entire machine.
Then go out to malwarebytes.org; download and run their free tool. That tool does capture some things that other tools do not – and in fact, this kind of browser hijacking, click redirection, those kind of things happens to be one of the things that Malwarebytes seems to be particularly good at getting.
So that’s what I would do. Run anti-virus and anti-spyware scans and run Malwarebytes.
(Transcript lightly edited for readability.)
Next from Answercast 86 – How do I avoid ransomware?