Goored is an abbreviation for (malicious) Google Redirects although redirects have been noticed in other search engines like Yahoo as well. Firefox users who have been hit with a Goored infection will notice that some of their searches are redirected to other websites. This usually happens when they click on a search result in Google but might also happen without them doing anything (which means pages are opened automatically). The Google redirect seems to use the user’s searches to redirect to other websites and it especially seems to happen often when searching for items that can be bought online like computer equipment, household items and basically anything that is sold online.
The cause of this search redirect in Google seems to be a Firefox add-on / plugin that gets installed without the user’s consent and that does no appear in the list of installed add-ons / plugins. It is not clear how the add-on is installed other than that it is done automatically without the user’s consent.
The Google redirects make use of Javascript and a first temporary fix is to disable JavaScript in the Firefox web browser to stop the redirects. This can be done in Tools > Options > Content tab by unchecking Enable JavaScript. This is also a good indicator if the computer has been infected with Goored. If the redirects stop it is Goored. If they continue it is something else.
The easiest way to clean Goored is by using the GooredFix tool that can be downloaded here. This tool should be executed as an administrator and Firefox needs to be closed before it is executed.
To execute the tool as an administrator right-click it and select Run as administrator from the menu. The program will automatically scan the Firefox directories and the Registry entries of the web browser. It will furthermore clean offending add-ons if they are discovered and write a log file to the computer desktop.
The developer of GooredFix has provided the following description of the program:
The infection is indeed a Firefox plugin, but is hidden from your plugins list. It works by checking the url bar for things like *google* *yahoo* etc, and then inserting an external Javascript file into the header of each search page. The external javascript file monitors links on the search results page and as soon as you click one it changes it so that it points to wherever it likes…
GooredFix deleted the registry entry and folder, and then when Firefox next starts it removes the plugin from its cache and loading point as the registry is no longer there.[There are also new variants that use] the “XUL Cache” extension to do redirects
Users should restart Firefox after the cleanup and perform a few searches in Google with JavaScript enabled to see if the problem persists or if GooredFix has removed the offending add-on.
Related posts:
- Another Fix For Unauthorized Google Redirects [Security]
- Use Splitlink for Firefox to check for Redirects
- Yahoo Redirect Remover
- Google Sharing Proxy [Firefox]
- Firefox Keyword Searches
- Control Javascript Events in Firefox
- How To Stop Automatic Plugin Installations In Firefox
- How To Uninstall Windows Presentation Foundation Plugin In Firefox
hmm, it’s only one among the many reasons why google redirects. In most cases it’s caused by rootkits not by the plugin. Anyway thanks for this great suggestion.
hak01 you are right but before you start looking for rootkits you should consider the obvious, especially if it is only happening in Firefox and not in other web browsers.I will publish another cause today.
Martin, this fix seems to have worked for me. It was very easy, GooredFix took only a few seconds to run. Thank you very much!
just found your page, haven’t been able to try the fix yet.
i first noticed the redirect in firefox friday, saturday it started to happen in ie too. will this fix take care of both issues?
thank you
Nope only for Firefox. you might want to check out the other solution that I posted a day later http://www.ghacks.net/2010/01/15/another-fix-for-unauthorized-google-redirects-security/