Trojan Hijacking Google Adsense

A day before, I was fighting against some Trojans and spywares.

That was probably caused by downloading of some cracks from the internet and my Norton Antivirus did not do enough to stop any intrusion internally.

Anyway, I supposed it was nothing serious. The problem was that the images on all web pages opened by Firefox were changed to some weird advertisements instead; none of the Adsense advertisements were spared.

The creator of the Trojan was quite smart in a way that he replaced all the Adsense advertisements, which certainly would cause huge damages to the webmasters who were trying to make a living through Adsense advertisements.

Most internet users would probably not care about whether the Adsense participants are making money a not. However, the replaced advertisements did consist of pornographic and also very distraction images.

As for me, I did achieve results from Adsense before though things were not going well for now, I really cared a lot about the replacements of the Adsense advertisements on my websites. At least, even though it did not matter since I could not click anything by myself, but the visualisation of the actual Adsense advertisements on my websites were essential somehow to my brain.

I used Spybot Search and Destroy as usual, then followed by Lavasoft Adaware. In my desperation, I tried SpywareBlaster and MindSoft Utilities, which did not show any progress. I rebooted my system in Safe Mode and did a thorough scan using Norton Antivirus but it proved me that the amount of time used were really meaningless.

In fact, Spybot Search and Destroy did detect two unusual spywares, one of them was called “double.click”. I surfed the net to realise there was a Trojan called “Trojan.Qhost.WU” which had been hijacking Google Adsense by redirecting advertisements from Google servers to a rogue server that displays advertisements from a third party.

Check for Trojan.Qhost.WU Infection in your computer:

Go to Start > Run > ping -t pagead2.googlesyndication.com

Result: Pinging pagead.l.google.com [6x.xxx.xxx.xxx] with 32 bytes of data:

If the first digit is a 6, you are not infected. If the first digit is a 9, you are infected with Trojan.Qhost.WU.

After repeating a few times of the scans, the problem was not solved. In the end, I even resorted to reinstall my Firefox. Since it was reaching daylight, I had to give up trying.

I got home after midnight to realise everything was working fine.

Leave a Reply

Your email address will not be published. Required fields are marked *