After entering a search term into Google the results are shown, as you would expect, and I then click on a returned result to visit that website. Sometimes the selected website is loaded but, more frequently, all action seems to pause and then the address bar shows “www.com.au”. After that, the address changes to something else and a totally unexpected website opens. The new website usually has some loose association with my search In an attempt to combat this problem I purchased and loaded a security program, and when this didn’t solve the problem I paid to have technical support associated with the security program operate my computer remotely. However, nothing has fixed the problem. Using Mozilla Firefox instead of Internet Explorer does not make any difference. The computer is running Windows XP.

From your description of the problem it sounds like your computer has been infected with malware which is hijacking your internet browsing sessions. When such malware is installed on the computer it usually attempts to redirect your web browsing attempts to other sites, occasionally with malicious intent. For example, if you are attempting to visit your bank’s website it may try to redirect you to a fake bank website (unknown to you) where you then enter your logon details which can be captured by the party which has installed the malware on your computer, thus compromising your internet banking details.

You have mentioned that in an attempt to combat the problem you installed security software on your computer. As you have not provided the exact name of the software this does concern me, particularly since you paid for follow-up technical support where they remotely controlled your computer. As you may have read in previous columns, there are quite a few fake security products on the market at the moment. These are disguised as legitimate products but actually just install more malware and malicious software on your computer, potentially compromising your data and the integrity of your computer even further. Recently there has even been a trend of users receiving phone calls at home from people who purport to be from Microsoft or “Windows” advising that their computers have been infected with a virus and offer to sell software to clean the infection for a cost, which requires them to remotely access your computer and potentially compromise the data on your computer. While it is entirely possible that the security software installed on your computer is legitimate, without knowing the name it is difficult for me to make this determination. I would suggest that you take the name of the security software and do some research on the internet to determine whether it is legitimate. If the software is from a big name developer such as Symantec or McAfee then you should be safe, but just double check that the software is actually from such a developer (and the remote technical support was also provided by the developer) rather than a third-party which is attempting to pass themselves off as a big company in order to gain credibility.

If the security software that you have installed is legitimate, then it does not seem particularly effective at removing the threat on your computer. This is further emphasised since the remote technical support which you purchased was obviously unable to remove the threat either. Therefore, we should look at using some other software to see whether they would be more successful. I suggest that you uninstall the current security software and then download and install Microsoft Security Essentials (www.microsoft.com/security_essentials). This is a free antivirus and antimalware package provided by Microsoft which is quite effective at detecting and removing infections from your computer. Once this has been installed, conduct a complete scan of your computer to see whether it can detect and remove the infections. After it has completed, restart your computer and then check whether you still suffer redirections when visiting particular websites.

Should you find that the infections are not removed then two other utilities which you can try are Ad-Aware SE Free (www.lavasoft.com) and Spybot Search & Destroy (www.safer-networking.org). These two utilities have been around for quite a while and are good at removing malware from an infected computer. As a rule of thumb, in the case of removing spyware from computers it is always good to scan the computer using a few different utilities (such as the two mentioned above) as it is quite difficult for any one utility to detect all possible threats, just given the number of infections which are in the wild. Since the above anti-malware scanners are just scanners, and do not run in the background with a “real-time scanner” (like many antivirus products) it is safe to have them installed on your computer at the same time. However, it is not recommended to have multiple antivirus products installed simultaneously since they generally do have real-time scanners, which monitor and scan files being read and written on-demand, and running several such products at the same time can cause conflicts, together with a significant degradation in system performance.

By this stage you have likely run the antimalware utilities. If you find that the problem continues then you will need to backup all of your data, format the hard drive and clean reinstall Windows since it is clear that you will be unable to easily remove the infection from the computer. Likewise, if you determine that the security product installed on your computer is not legitimate then it is extremely important that you also complete a clean reinstallation of Windows as it is completely unknown what other things may have been installed or done to your computer as a result of the installation of the illegitimate security software. However, you should ask yourself the question as to whether you want to do a reinstallation in any case. From reading previous columns you may recall that whenever a computer has been infected with a virus or malware I recommend a clean reinstallation, rather than attempting to clean the system. This is because you can never be completely certain that using a removal tool will actually remove all traces of that infection from your computer, even if it appears to have removed all the components. As a result, you can never totally trust the computer again until you are completely certain that the threats have been removed by doing a clean reinstallation of Windows. Considering that many conduct sensitive transactions on their computer, such as internet banking and online shopping, having trust in the computer is important and by having an infection this trust has been significantly compromised.

Before finishing, there are a few other aspects relating to your question that should be discussed. In particular, at the beginning of this answer I referred to the possibility that when the computer has been hijacked and redirects you to different websites it is possible that you will be directed to, for example, a fake bank website when you attempt to visit your actual bank. If this can occur, without your knowledge, the obvious question is how do you know that this has happened? Fortunately this is fairly easy to determine if you know where to look. All bank websites (and other sites which deal with secure information) should have a secure certificate. This encrypts the data between your computer and the server (such as the bank) to ensure that if someone is spying on the network traffic they cannot see the actual data (such as usernames, passwords, credit card numbers) being transmitted since it is all encrypted. Secure certificates also allow you to check the website address, since certificates are issued against a particular website address. While the address which appears in the browser address bar could potentially be forged, the address which a certificate is issued against must be the actual address of a website. Therefore, if a malicious party manages to forge the address in the browser bar then viewing the address on the certificate will show the actual address of the site. For example, if you go to www.dropbox.com (the popular cloud-based file storage service) you will see the site redirects to www.dropbox.com (the secure site). In the address bar there should be a padlock icon, indicating the site is secure. If you click the padlock it will show you more information about the certificate, mainly the address against which the certificate was issued – dropbox.com. Since that matches the site we intended to visit, all seems legitimate.

In the case of high-security websites, such as banks, they generally go one step further and implement an extended validation (EV) secure certificate. While normal secure certificates just encrypt the connection between the client and server (plus gives some rudimentary checks regarding the website address legitimacy) an EV certificate validates the identity of the other party. For example, if you visit www.comsec.com.au you will notice that a green bar appears with the name of the party which operates the website – Commonwealth Securities Limited. This is useful because if you were not conscientious enough to check the website address which a normal secure certificate was issued against then a malicious person could setup a fake bank website with a normal secure certificate issued against the address of that malicious site. From the user’s perspective, unless you checked the details of that certificate (and saw the dodgy website address for which the certificate was issued) then all could seem legitimate. In contrast, when a website is issued an EV certificate they need to go through a huge amount of identity verification, so when you see an EV certificate, with the organisation’s name, you know that you are connected to a legitimate website.

However, don’t be concerned that every website you visit doesn’t have an EV certificate. These are generally only used for high-security sites where identity validation is highly desirable, mainly because the process to be issued with an EV certificate is very lengthy and involved since it requires the organisation to provide their identity to the certificate authority (the organisation who issues the EV certificate). Furthermore, EV certificates are very expensive compared with a standard secure certificate and therefore are generally only economical for a big company where the benefits of an EV certificate are substantial for themselves and their customers. Most secure websites you visit will just have a standard secure certificate which is perfectly fine for most cases. Of course, in all cases be aware that having a secure certificate does not say anything about the legitimacy of the content on the website – anyone who pays money can be issued with a secure certificate, so always make sure that you check the content of the website is sound and don’t assume that because it’s got a secure certificate that the content is legitimate.