Home Theater Forum › Home Theater Forum › Other Diversions › Computers and HTPC › Google redirect virus
New Posts  All Forums:Forum Nav:

Google redirect virus

post #1 of 11
8/27/07 at 1:42pm
Thread Starter 
Hi HTF computer friends,

I had some relatives in town last week who used my PC and got it infected with all sorts of crud that caused random pop-ups and other adware nasties to take place. I downloaded a tool call SuperSpywareRemove (or something like that) and managed to clean up everything except for one annoyance that is not detected by my Symantec AV or any spyware util I've tried.

The problem is that after doing a Google search and getting the results page, any search return links I click on get redirected to some other irrelevant page. If I click "back" and retry several times, I eventually get to where I wanted to go.

After Googling the Google redirect virus, I discovered that there are several Google hijack issues out there that most apps don't detect, and that the basic procedure for cleaning it out is as follows:

1. Run "Hijackthis!" and post the output to a computer forum.
2. Someone with more computer smarts than me identifies which registry entries, files, etc., are causing the problem and provides instructions on how to remove them.
3. Follow the instructions and then post another "Hijackthis!" log.
4. The smart person from part 2 verifies that the log is now clean.

Rather than joining some new computer forum, I'm wondering if anyone here has any experience with diagnosis and removal of this type of problem and would be willing to work with me via email to get it resolved? The infected computer runs XP Media Center SP1. (when I tried to upgrade to SP2 it broke the drivers that view and capture live TV, which is one of the primary uses for this computer-- but I keep the AV software updated and never had a problem until my guest hosed it up).

Thanks,
David
Reply
post #2 of 11
8/27/07 at 3:14pm

Re: Google redirect virus

One trick that's been 99% successful for me is to run the spyware scan/removal in safe mode (if you don't know what safe mode is please ask) and that usually removes the pesky ones. You can email my your hijack this log, or you can just paste it here http://www.hijackthis.de/ and it'll tell you what to remove 99% of the time.
Reply
post #3 of 11
8/27/07 at 5:08pm

Re: Google redirect virus

If you use "system restore" you may be able to restore your computer to a point before your guests arrived.
Reply
post #4 of 11
8/27/07 at 5:53pm

Re: Google redirect virus

Scroll through your Add/Remove Programs in the Control Panel and check and see if there is any suspicious programs listed in there.

Also, run Spyware Blaster, Spybot Search and Destroy, and Lavasoft Adaware.
Reply
post #5 of 11
8/27/07 at 8:17pm
Thread Starter 

Re: Google redirect virus

Hi all,

Thanks for the suggestions. I did have to use safe mode to get rid of some of the original garbage I received. I'll probably use system restore as a last resort but I've been doing a bit of work and projects on this computer so I'd like to try and just clean it first.

Aaron, I'll probably send you an email soon. Thanks for the offer.

David
Reply
post #6 of 11
8/28/07 at 9:10am

Re: Google redirect virus

Don't use Internet Explorer. Simple and effective mechanism to ward off most of the little buggers.

-Christian
Reply
post #7 of 11
8/29/07 at 9:30am

Re: Google redirect virus

Yup, simple as that. Some people do want to, though, but I think most just can't be bothered to change it. IE does nothing that the other browsers don't do at least as well.

Firefox seems to be the alternative most people go for, but personally I'm a huge fan of Opera, and can wholeheartedly recommend it. Definitely something to consider. Best security record of any of the top three by far, too.
Reply
post #8 of 11
7/21/09 at 5:12am
Just a few remarks regarding google redirect virus:

it doesn't matter if you are using Internet Explorer, Mozilla Firefox or any other, trojan will be taking action on any of browsers.
Add/Remove Programs is helpless here, because trojan presence will not be noticed there.
It seems that http://www.computing.net/answers/security/google-redirect/26874.html helped tp remove the virus.
Reply
post #9 of 11
4/20/10 at 11:31am
RE: Problems with google redirecting/language in searches/Google Deutschland

http://www.google.com/support/forum/p/Web+Search/thread?tid=6df7e15519290612&hl=en

by: stealthjunk
I had almost the exact same problem today and none of my anti-spyware programs (SpyBot, AdAware, MalwareBytes, Housecall) could fix it.  Fortunately, I found the solution on another board.  As a little bit of background, viruses sometimes will alter your "hosts" file, which is basically a file that controls the redirecting for your browsers (specifically, this file makes it faster for your computer to convert URLs into the relevant IP addresses by having a shortcut list of IP addresses instead of having to look them up when you type in the URL).

Anyway, enough background, here's what you need to do to fix:

(1) Click START > RUN > and type in "C:\windows\system32\drivers\etc\hosts"
(2) When prompted, open the HOSTS file in either Notepad or Wordpad
(3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".

If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away.  If not, then this probably isn't the issue, but it's worth a look.

Let me know how it goes -- best of luck!
9 of 16 people found this answer helpful. Did you?
Yes

---------------------
stealthjunk's post on clearing the hosts file extra data worked for me to remove the "go to google deutschland" from the main google webpage.  i first exited all programs and web browsers, then i clicked start > run > type  cmd   (then press enter to get the command console), then type cd\windows\system32\drivers\etc  (then press enter), then type   edit hosts  (press enter), then scroll down and delete the extra junk except the localhost 127 line (there was like over 50 lines of other hosts in there), then press ALT-F for File then press S to save, then ALT-F then X to exit the editor, now type  exit  (to exit the cmd program).  Now just to be safe i restarted my computer and started my firefox browser and my google homepage was back to normal.  I didnt have to type any of this here, but, I live by the golden rule to do to others as I would want them to do to me, and I'd want someone to confirm how to get rid of that redirect problem, and they sure did, thanks guys!
PS: if you cannot find the hosts file, the virus probably made it hidden and read-only, to undo that, once u get into cd\windows\system32\drivers\etc folder, type this:  attrib -s -h -r -a hosts  (then press enter), now you can continue with cleaning up the hosts file, and remember it is not a Text file, there is no extension to it, just hosts  (not hosts.txt).
-------------
Brian Stusalitus
04/20/2010
Reply
post #10 of 11
6/13/11 at 1:29pm

I've flagged the post above to be checked out, but I caution anyone else from following that link from a first time poster on an ancient thread bump...

Reply
post #11 of 11
6/13/11 at 1:31pm

Also I'm pretty sure I flaged post #8 about 2 years ago too and it wasn't removed, so YMMV.  Post #9 looks very suspicious too.

Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Computers and HTPC
Home Theater Forum › Home Theater Forum › Other Diversions › Computers and HTPC › Google redirect virus