Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I get rid of Google Redirect/YellowMoxie?

How do I get rid of Google Redirect/YellowMoxie? Just today it sprang up
like mad. Every time I opened a screen on Firefox, these spurious links
appeared. When they appeared on a site I maintain, I flipped out because they
have no presence in the online source code and they don’t seem to be corrupting
my local versions.

Your site has always had them, but I just assumed you were making a few extra
bucks. I looked for YellowMoxie online and found Bleeping Computer and their
advice – downloading AdCleaner. It selected for deletion a huge number of files
including some that I might have needed. I let it delete them, but none of the
problem went away although a change in my login set up that I had undone (a
second user) reappeared out of the blue. I feel almost as worried about what
AdCleaner might have done as what I got the original computer thing from.
Please help. I have screen shots of all including your site but I can’t attach
it here.

In this excerpt from
Answercast #86
, I look at a case where a machine seems to by hijacked by a
redirection virus.

]]>

Google Redirect/YellowMoxie

Yeah, I don’t need the attachments. What this sounds like is a classic case of malware.

The reason you’re seeing it on all these different sites including your own (even though you know it’s not actually not on your site) is that it’s on your computer. It’s malware that has installed itself on your computer.

Advertising on Ask Leo!

I don’t have it on my site. I can absolutely tell you that.

I have two different forms of advertising that show up on my site: Google AdSense, and for now Kontera, via text links. Those are it. YellowMoxie or anything like that is not something I’ve ever heard of and certainly not something I’ve ever used.

Full-system backup for protection

Now, there are couple of things that has me a little concerned. One is AdCleaner, I actually have a lot of faith in Bleeping Computer. I think they give pretty good answers in general.

What I wish you would have done is performed a full-system backup, a full-image backup before running that tool.

Any of these kinds of cleanup tools can do a huge amount of work; they can actually make massive changes to your computer. Sometimes, that’s not what you want – but sometimes, you won’t find out until after it’s done.

If you had an image backup taken prior to running this AdCleaner, you would at least be able to restore your computer to the state that it was prior to running the tool.

Sounds like malware

Now, my sense is that, aside from a couple of unexpected things reappearing, AdCleaner is probably not much to worry about. You still have problem, however. That to me means that this isn’t really a benign ad-cleaning situation – it really is malware.

My recommendation is that you do the following:

  • One: make sure you are running up-to-date anti-virus and anti-spyware tools. Perhaps the same tool if you’re running something like Microsoft Security Essentials.

  • Make sure that its database is up to date and ready and willing to scan for the absolute latest threats that have been identified.

  • Run those tools; run a full scan on your machine – not a quick scan, if the software offers that, but run a full scan on your entire machine.

  • Then go out to malwarebytes.org; download and run their free tool. That tool does capture some things that other tools do not – and in fact, this kind of browser hijacking, click redirection, those kind of things happens to be one of the things that Malwarebytes seems to be particularly good at getting.

So that’s what I would do. Run anti-virus and anti-spyware scans and run Malwarebytes.

(Transcript lightly edited for readability.)

Next from Answercast 86 – How do I avoid ransomware?

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

3 comments on “How do I get rid of Google Redirect/YellowMoxie?”

  1. 4/15/13 I have the same Redirect/Yellow Moxie virus. Imitsearch is also involved. Frequently Internet Explorer also says something about the program has caused IE to close. I have just tried 16 link clicks where IE10 had a problem 4 times & Imitsearch tried to redirect 12 times. Never got to any productive site. I have run MS Security Essentials, Super AntiSpyware, Malwarebytes anti-malware, Spybot, Threatfire & Rkill. Not only does it not clear the problem but it does not find anything. Any other programs to suggest for removing the problem?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.