Thursday 24 January 2013

Livesearchnow redirect virus - removal guide

Livesearchnow redirect has been a topic of conversation in technical support forums and security related websites recently. The problem isn't new but unfortunately it seems that more and more computers become plagued by this pesky redirect malware. So, I thought I would shed a little light on this topic as well.

Here's the problem, when clicking on Google or other search results, users get redirected through http://click.livesearchnow.com to random landing pages, sponsored search results or simply web pages filled with ads. This happens regardless of a web browser or search engine. While it can be a very persistent infection, most of the time, redirects happen at random. Sometimes users get the right websites and sometimes they get the http://click.livesearchnow.com. Landing pages are rarely the same as well. Please note that the click.livesearchnow domain itself is not malicious. From a technical point of view, it's a tracking domain. It is used to identify and qualify traffic sent by an advertising network partners. It's a very common practice, tracking domains are used by all big internet players and there's nothing wrong about that.



While most users use Google to find information on the internet, some of them blame Google, saying that they are infected with the Google redirect virus rather then livesearchnow virus. Of course, Google has nothing to do with those redirects and can’t be held responsible because it yields correct results.

Livesearchnow redirect virus is not the same for everyone. If you get sent to click.livesearchnow.com and then to random web pages, then your computer may be infected with Pihar, ZeroAccess/Sirefef rootkit, Tracur, DNS changing malware or even potentially unwanted programs (PUPs). Any of these can be the culprit. That's why removal procedures are usually slightly different. For example, let's say your computer is infected with Pihar or ZeroAccess rootkits. These rootkits maliciously intercepts HTTP requests and redirects victims to spammy or malicious websites that are controlled by cyber crooks. Or if they do not have their own advertising platforms, cyber crooks tend to abuse existing ones, such as http://click.livesearchnow.com.

Pretty much the same can be said about DNS changing malware, except that normally cyber criminals using DNS changer virus have to maintain their own ad networks in order to effectively monetize traffic. Typically, a few web servers would be enough to run a medium size ad network and fulfill their customers' needs. Needless to say, ad networks that are controlled either by malware authors themselves or cyber crooks who simply rent malware are very dangerous. They can serve malware without any problems only if they get paid for that. No ethics, no ad control.

Potentially unwanted programs, including malicious web browser extensions are also used to redirect victims to http://click.livesearchnow.com. Actually, they become very popular lately, due to their low cost and detection rates. PUPs, malicious web browser extensions and browser helper objects can be very difficult to remove and they may even hide behind more obvious infections, such as Trojan horses and computer worms.

Removing Livesearchnow redirect virus isn't that difficult; some people recommend letting a security expert to do it. However, I'm pretty sure guys that you will be able to remove it yourselves, using the right tools. If you your machine is infected with a rootkit, you will have to use anti-rookit utility because some anti-malware products can't handle certain rootkits, for example ZeroAccess. If it's the DNS changer, Spyware Doctor or any other popular malware removal tool will definitely remove it. You may have to restore certain system settings manually after the removal, though. And finally, if it's a malicious add-on, you will have to remove it yourself. Antivirus programs rarely detect and remove potentially harmful add-ons. So, to remove this virus from your computer, please follow the removal instructions below.

Going forward, avoid warez software, unknown adult sites and other sketchy websites. Keep your anti-malware software up to date and fully active at all times. Do you have something to say about removing the Livesearchnow virus? Post your comment or question below. Good luck and be safe online!


Livesearchnow redirect virus removal instructions:

1. First of all, scan your computer for malicious software. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.





2. Reset the Hosts file back to the default. To reset the Hosts file back to the default automatically, download Microsoft Fix it utility, run the file and then follow the steps in the Fix it wizard.

3. Flush DNS cache.

A. Go to Start->Run (or WinKey+R) and type in "cmd" without quotes.


B. At the command prompt, please type "ipconfig /flushdns" without quotes and hit Enter.


4. If the problem persists, please read this web document and follow the steps carefully: http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html

Share this information with your friends:

No comments:

Post a Comment