Skip to main content

Search Results Look Weird? You Might Be Infected

By June 14, 2016March 2nd, 2023Blog, Technology News

search_results_look_weirdHave you been noticing “strange” search results when you’re surfing the web? Have your search results been taking longer than usual to appear? You may have been infected by a new, very clever bit of malware known as Redirector.Paco.

There are actually two flavors of this malicious software, the key differences between them is that one version sets up a proxy server on your local machine to serve the phony search results, while the other routes your search inquiry through a server that the hackers control, elsewhere on the ‘net.

In both cases, what you get are search results generated by the hackers’ custom search engine. They do this because they’re spring boarding off of Google’s Adsense For Search, which is used by legitimate website owners, worldwide. If you’ve ever used the search bar on any website you’ve visited, you’ve seen Adsense for Search. The site owner makes money when you click on the search results generated by the search bar on their site.

In this case, the hackers have co-opted that process and display their search results, so every time you think you’re doing a search on Google, Yahoo, or Bing, they are making money with each link you click on the search results page. Unfortunately, the malware is notoriously well-designed, spoofing certificates such that once it’s installed, your computer has no idea that anything is amiss.

To date, the malware has infected nearly a million computers worldwide by hiding in modified versions of installers for popular programs like YouTube Downloader, WinRAR, KMSPico, and Stardock’s Start8.

Depending on which version is installed on your machine, you may notice that your search results take significantly longer than they used to, in order to display. If that’s the case, pay close attention to your browser’s status bar. You may see something like, “downloading proxy script,” or “waiting for proxy tunnel.” If so, then you’ve been infected.

So far, there aren’t many antivirus programs or anti-malware suites that can remove this for you, but rest assured that updates are coming, now that this latest threat has been identified. If you’d rather not wait, and want to take action now, give one of our knowledgeable team members a call. We can inspect the machines on your network and determine whether or not you’ve been impacted.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.