Trojan.Redirector

Posted by Lisa Blanc on September 14, 2016

What is Trojan.Redirector?

Trojan.Redirector is an application designed to generate advertising revenue for its developers. Unlike adware programs or other advertising-supported software, it is a malicious program that installs itself without the user’s permission. Our researchers found out that it can display unreliable advertising content while you are using google.com or different search engines on the Internet Explorer browser. Apparently, the malware can replace original results with advertising. To make matters worse, this Trojan tries to hide its presence on the system, so it might be hard to notice that something is wrong. However, if you suspect that this threat might have settled on your computer, we advise you to read the article and learn about it in more detail. Also, since this is a serious threat and it is crucial to get rid of it before anything bad happens, we are adding removal instructions below the article.test

Where does Trojan.Redirector come from?

Users might install Trojan.Redirector while downloading software installers from untrustworthy sources, e.g. torrent or other unreliable file-sharing web pages. Apparently, the malware’s creators could be using an application called Advanced Installer to modify legitimate setup files. Therefore, the modified installer file could belong to popular legitimate programs, such as Connectify, WinRAR, and other. If you recall installing any software recently, probably you downloaded a malicious setup file and allowed the malware to enter accidentally.

How does Trojan.Redirector work?

Its primary task is to redirect traffic while you are using one of the popular search engines, such as Yahoo or Google and switch original results. As a consequence, the user might receive modified results which could be injected with advertisements from Trojan.Redirector’s third-party partners. The ads could be shown as pop-ups, banners, links, and so on. We should also warn users that such advertisements might promote malicious content. To provide you with an example, the ads could redirect you to web pages that distribute different Trojan applications, viruses, or other infections.

The malicious program manages to do so by modifying particular entries in the Registry editor. There is a specific value name called AutoConfigURL. Trojan.Redirector replaces its value data with a URL address that redirects the traffic while surfing through the malware’s creators server. What’s more, the threat is capable of even more as it can update itself, connect to the Internet, or auto-start with the Windows operating system without any permission. It might be hard to notice that it is running too since its tasks in the %WINDIR%\Tasks and %WINDIR%\System32\Tasks could be named as Adobe Flash Update, Scheduler, and so on.

How to delete Trojan.Redirector?

You could erase Trojan.Redirector manually with the removal steps available below, but since it might be too difficult, you may want to use a legitimate antimalware tool. This might be a good idea, since you may not know if there are any other threats on the system. Fortunately, with the security tool users can not only eliminate the Trojan but also detect and erase other possible malicious software on the computer. If you are not sure what tool to use, you could try our recommended software. In case, you want to ask anything about the deletion part or the malicious program itself, feel free to leave us a comment below or reach us via social media.

Remove Trojan.Redirector

  1. Press Windows Key+E to open the Explorer.
  2. Locate these directories separately:
    %COMMONPROGRAMFILES(x86)%
    %COMMONPROGRAMFILES%
  3. Find data titled as reset.txt and update.txt, right-click such files and select Delete.
  4. Navigate to these locations:
    %WINDIR%\System32\Tasks
    %WINDIR%\Tasks
  5. Find and right-click to erase files that have “Adobe Flash” words in their title, e.g. Adobe Flash Scheduler, Adobe Flash Update, etc.
  6. Close the Explorer and press Windows Key+R to launch the RUN.
  7. Type regedit and press Enter.
  8. Find these paths:
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
  9. Locate value names titled as AutoConfigURL, right-click them separately and select Modify.
  10. Delete their value data and press OK.
  11. Close the Explorer and empty Recycle bin.
100% FREE spyware scan and
tested removal of Trojan.Redirector*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *