Trojan.Redirector

Trojan.Redirector is a serious computer infection that enters computers with an intention of setting proxy on the Internet Explorer browser and then showing irritating advertisements, banners, and pop-ups. According to specialists at pcthreat.com, this Trojan might even replace the search results provided by popular search engines, e.g. Google and Yahoo! with unreliable search results (usually sponsored search results) in order to redirect traffic. There is, of course, a particular reason why this computer infection acts like that. It is very likely that it works like this to help cyber criminals to earn some money from online advertising. Of course, users do not get anything good from that. They just see a bunch of irritating commercials, they might notice such a message as Waiting for proxy tunnel in the status bar of the default browser, and, finally, the search tool they use might need more time to display the search results. Research has shown that Trojan.Redirector is quite an old infection, but it is still prevalent. It seems that it has already infected 900 000 IPs worldwide, so the presence of irritating ads on your screen might really indicate that there is Trojan.Redirector hiding on your computer. It is especially true if you cannot find an ad-supported application responsible for the presence of these ads on your computer.

In order to be able to redirect traffic, Trojan.Redirector makes several changes on the infected computer. It has been found that it, first of all, changes the Value data of the Value AutoConfigURL which can be found by following this path [HKLM/HKCU]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS. If it has already changed the Value data, e.g. it might enter the URL http://wpad.com.gr/server.pac there, you will notice changes in the Local Area Network (LAN) Settings panel too. You will see the URL from the Value data in the Address line. On top of that, two options Automatically detect settings and Use automatic configuration script will be enabled. Of course, Trojan.Redirector does not need to get your permission to carry out those modifications.

At first glance, it might seem to be easy to uncheck boxes and delete the Address line in the Local Area Network (LAN) Settings panel; however, it is not true. Even though you change those settings, Trojan.Redirector will set its own settings after the computer restart again. In order to be able to reset proxy with every system restart, it creates its own Task in the Tasks folder %WINDIR%\System32\Tasks or %WINDIR%\Tasks, depending on the version of your Windows OS. In addition, scripts reset.txt and update.txt are placed in %COMMONPROGRAMFILES(x86)% and %COMMONPROGRAMFILES%. The infected computer starts with those scripts every time. Speaking generally, Trojan.Redirector acts like this to ensure its persistence on the system.

All these banners, pop-up ads, and sponsored search results which you will see if you keep Trojan.Redirector on your computer are not only very irritating, but might also be dangerous. It has been found that these ads look quite harmless; however, in reality, they might redirect you to bad web pages quickly. Therefore, you should hurry to remove this Trojan from the system and, in the meantime, ignore those advertisements.

It is always a bad idea to allow a Trojan infection to enter the computer. It has been found that they might find different ways to enter systems, but they always do that secretly. In the case of Trojan.Redirector, it seems that it might take the name of a seemingly reliable application, e.g. WinRAR 5.2 msi and WinRAR 5.11 Final, which explains why so many users do not know that they have allowed Trojan.Redirector to enter their computers. Trojans are those infections that are really hard to prevent from entering computers, so we suggest that you install a security tool to protect your PC from future dangers instead of trying to protect the computer yourself.

Trojan.Redirector has to be erased from the system as soon as possible. Unfortunately, it will not be very easy to get rid of it because it has made several important modifications the second it has entered the computer. Below-provided instructions should help you to erase this infection manually; however, if you still find it too hard to do that, you should delete it automatically. Use SpyHunter if you want to delete Trojan.Redirector and ALL other threats from your PC.

Delete Trojan.Redirector

1. Open the File Explorer.
2. Open %COMMONPROGRAMFILES(x86)% or %COMMONPROGRAMFILES%.
3. Find and delete reset.txt and update.txt files.
4. Go to %WINDIR%\System32\Tasks or %WINDIR%\Tasks.
5. Remove the task that has Adobe Flash in its name, e.g. Adobe Flash Scheduler or Adobe Flash Update.
6. Close Explorer and tap Win+R simultaneously.
7. Type regedit.exe in the box and click OK.
8. Open HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS.
9. Locate the AutoConfigURL Value, right-click on it, and select Modify.
10. Delete the Value data field.
11. Move to HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS.
12. Repeat 9th and 10th steps.