Learn what the common spin-offs of the YouTube redirect virus are, how they work, why they are on the rise, and how to stay off the bad guys’ hook.
- What is the YouTube redirect virus?
- Automated removal of YouTube redirect virus
- YouTube redirect virus removal for Android
- Restore web browser settings to their original defaults
What is the YouTube redirect virus?
The more popular an online service is, the more likely it is that ill-minded individuals out there will try to exploit it. The rationale behind this correlation is as clear as crystal: criminals think of large user audiences as a way to stretch the potential of their attacks. It comes as no surprise that YouTube, the world’s most visited video sharing platform, is constantly in the crosshairs of scammers and malware operators. The root cause of many security and privacy issues around it is referred to as the YouTube redirect virus.
Let’s put aside the “virus” part of this denomination for now and go over the classic form of abuse in this ecosystem. Crooks often piggyback the good reputation of this service to cloak clickbait frauds that lead to malicious sites. In a widely encountered variant of this stratagem, threat actors run ad campaigns on Google in which a sponsored link at the very top of the search engine results pages (SERPs) looks just like the legitimate youtube.com page, but with a caveat.
Whereas the tricky entry includes the right domain name as well as extra attributes you’ll encounter in a typical online advertisement, such as a brief description and several links to top-rated videos at the moment, it redirects an unsuspecting user to a sketchy place instead of the intended website. The catch is that the correct URL is appended with a series of strings (see screenshot below) that route the connection over to a tech support scam. The landing page harbors pop-up alerts that mimic the protection routine of Windows Defender or another well-known security service and state that the computer has dangerous malware or that the operating system has been blocked due to the suspicious activity. To sort things out, the victim is instructed to either install a pseudo-antivirus or contact impostors portraying themselves as Microsoft technicians. In the former case, the scareware will ask for paid registration. In the latter, the fraudster will request remote access to the PC via a TeamViewer session, which entails serious privacy problems, identity theft, and further brainwashing aimed at wheedling out a payment for imaginary “cleaning” assistance.
|Name||YouTube redirect virus|
|Threat Category||Browser hijacker, online scam|
|Symptoms||Browser redirects, unwanted pop-up ads, fraudulent permission requests, browser slowdown|
|Distribution techniques||Malicious software bundles, ads on social networks, search engine poisoning, hacked websites|
|Damage||Intrusive ads, unauthorized changes of browsing preferences, Internet activity tracking|
|Removal||Scan your PC with Combo Cleaner for Windows to detect all files related to YouTube redirect virus. Free scan determines if your system is infected. To get rid of the threat, you need to purchase the full version of the anti-malware tool.
This scheme has spawned quite a few derivatives over time. The original link may come in an email rather than rely on search engine ad chicanery. Also, the destination can be a credential phishing spot masqueraded as a SharePoint sign-in page or similar. While the malefactors’ methods and objectives vary, the inner workings of the YouTube redirect are the same. It all comes down to hiding unsafe links behind the facade of the streaming media giant’s domain name. This way, email gateways and trusted security tools might let the peril through, and what’s worse, users have no idea that the legit-looking link is going to get them in trouble. An important remark in this context is that the tactic doesn’t involve viruses at its initial stage. It’s a matter of social engineering plus loopholes in YouTube’s implementation of redirect URLs.
There is a scenario that does hinge on malicious code, though. It results in rerouting a victim to a specific channel every time they open the YouTube app on a smartphone or tablet. The key to pulling off this trickery is to trojanize the user’s existing application by means of a rogue update, or to orchestrate a malvertising plot and dupe them into installing a booby-trapped variant. On a computer, this style of attack is implemented by setting the unwanted YouTube channel’s page as the victim’s default search engine, homepage, or new tab page. Foul play like that always revolves around adware, such as a browser hijacker, that quietly infiltrates the system as part of a software bundle. Whilst the catalyst for this predicament actually lives up to the name “YouTube redirect virus”, the situation is less common than the previously described hoax. Its goal is to crank up views or taint the reputation of a competing video blogger.
Yet another manifestation of this phenomenon combines social engineering and malware distribution under the same umbrella. It leverages online ads or emails to serve links that contain deliberate typos, for instance, “yuotube.com”. Some people won’t notice the difference with the naked eye and run the risk of clicking this object. The fun part is that the rerouting process may bring the user to the correct page in the end, but first it resolves interstitial domains that host drive-by malware downloads. This way, the computer gets infected along the way and the victim remains clueless about it because they ultimately end up on the genuine youtube.com.
To recap, sometimes what users call the “YouTube redirect virus” isn’t really a virus per se. It can be a fusion of deceit, black hat SEO, and algorithmic imperfections skillfully harnessed by threat actors. And yet, in some cases harmful code sets the redirect activity in motion. If you are experiencing strange browser behavior related to YouTube, it’s a good idea to take a few precautions to stay on the safe side. Make sure your system has no malicious programs and your web surfing settings have not been changed behind your back. The following instructions will help.
Use Combo Cleaner for Windows to remove YouTube redirect virus
When faced with malware like YouTube redirect virus, one of the best shortcuts in terms of removal is to use Combo Cleaner, a lightweight and incredibly effective application with PC security and optimization features under the hood. It detects and thoroughly deletes threats while giving you insights into the overall health of your computer.
This program’s protection power spans modules that forestall all known types of malware, including ransomware and browser hijackers, and take your online security to the next level by blocking phishing sites and other suspicious web pages. Follow these simple steps to eliminate the infection for good:
1. Download Combo Cleaner installer.
Combo Cleaner scans your PC with no strings attached, but you’ll have to buy its fully functional version to remove the threats it detects. The disk optimization tools that find large files and duplicates are free to use.
2. Open the CCSetup.exe file to get started. Several subsequent screens will allow you to make initial customizations so that the program works exactly as you need from the get-go.
3. The installation will be followed by an update of malware signatures. Once this process is through, click the Start Scan button in the left-hand sidebar.
4. Combo Cleaner will then check system locations that are most often polluted by Windows malware. The first scan can take a while to finish.
5. Combo Cleaner will display a system tray notification as soon as the scan is over. Click the Resolve found threats button to view the results.
6. The scan summary shows the names and types of the detected threats as well as their statuses and locations. Click the Remove all threats button and follow further on-screen prompts to get rid of these items.
Use Control Panel to get rid of YouTube redirect virus
• Open up the Control Panel from your Start menu in Windows. Depending on the OS build, select Uninstall a program (Windows 10, 7 and Vista) or Add or Remove Programs (Windows 8).
• To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find an unfamiliar, suspicious entry under the Name column, click Uninstall and follow further directions to get the removal done.
YouTube redirect virus removal for Android
Here’s a walkthrough to sort out the YouTube redirect virus issue on an Android device, which might also be a target in this malvertising campaign. Keep in mind, though, that uninstall attempts in regular mode may be futile due to the mechanics of this persistent infection. Therefore, you need to perform the procedure in safe mode. Go ahead and do the following:
• Press and hold the Power button. Then, tap and hold the Power off option on the screen. Doing so will boot your device into safe mode.
• Android will ask you to confirm that you’d like to enter safe mode. Tap OK on the dialog.
• You will now see the Safe mode inscription at the bottom left of your screen. Go to Settings and choose Apps.
• Scroll down the list of applications, focusing on the ones that were installed recently. Find YouTube redirect virus or another sketchy entry with a different name that could as well be the culprit.
• Select the misbehaving app and tap Uninstall.
• Confirm removal on the relevant dialog box and reboot your device. By default, Android will get you back into regular mode. You should now be good to go – the YouTube redirect virus won’t be triggering any redirects or irritating popups anymore.
Restore web browser settings to their original defaults
In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the YouTube redirect virus .
Reset Google Chrome
• Open Chrome, expand the Customize and control Google Chrome menu and choose Settings.
• Click Advanced in the sidebar, scroll down to Reset and clean up, and select this option.
• Click Restore settings to their original defaults.
• Finally, confirm the restoration by clicking Reset settings on the warning message.
• Restart Chrome.
Reset Mozilla Firefox
• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can click on the Open menu icon in the top right-hand part of the browser window, then select the Help option and proceed to Troubleshooting Information.
• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it.
• Follow subsequent directions to reset Firefox to its original settings.
• Restart the browser.
Reset Internet Explorer
• Select Internet options under IE’s Tools (Alt+X).
• Proceed by clicking on Advanced tab, then select Reset.
• To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled.
• Reboot the machine to fully implement the fix.
• Go to the Safari menu and select Preferences.
• When on the Preferences screen, select the Privacy tab and hit the Manage Website Data button.
• Click the Remove All button to purge all website data. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc. If you aren’t okay with this, proceed to the next step.
• Safari also allows deleting data for specific sites rather than all sites in general. To use this option, select the unwanted site in the ‘Manage Website Data’ list and click Remove. Then, click Done.
• Click the Develop menu in the Finder bar and select Empty Caches.
• Finally, expand the History menu from the Finder bar and click Clear History.
• Make sure all history is selected on the dialog that will appear and click Clear History to get rid of cookies and other potentially unwanted data.
• Restart Safari.
Revise your security status
Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.