-

Jump to content



Photo
- - - - -

Google redirect virus


This topic has been archived. This means that you cannot reply to this topic.
12 replies to this topic

#1 of 13 OFFLINE   DavidBL

DavidBL

    Stunt Coordinator

  • 204 posts
  • Join Date: Apr 19 2002

Posted August 27 2007 - 08:42 AM

Hi HTF computer friends,

I had some relatives in town last week who used my PC and got it infected with all sorts of crud that caused random pop-ups and other adware nasties to take place. I downloaded a tool call SuperSpywareRemove (or something like that) and managed to clean up everything except for one annoyance that is not detected by my Symantec AV or any spyware util I've tried.

The problem is that after doing a Google search and getting the results page, any search return links I click on get redirected to some other irrelevant page. If I click "back" and retry several times, I eventually get to where I wanted to go.

After Googling the Google redirect virus, I discovered that there are several Google hijack issues out there that most apps don't detect, and that the basic procedure for cleaning it out is as follows:

1. Run "Hijackthis!" and post the output to a computer forum.
2. Someone with more computer smarts than me identifies which registry entries, files, etc., are causing the problem and provides instructions on how to remove them.
3. Follow the instructions and then post another "Hijackthis!" log.
4. The smart person from part 2 verifies that the log is now clean.

Rather than joining some new computer forum, I'm wondering if anyone here has any experience with diagnosis and removal of this type of problem and would be willing to work with me via email to get it resolved? The infected computer runs XP Media Center SP1. (when I tried to upgrade to SP2 it broke the drivers that view and capture live TV, which is one of the primary uses for this computer-- but I keep the AV software updated and never had a problem until my guest hosed it up).

Thanks,
David

#2 of 13 OFFLINE   hodedofome

hodedofome

    Stunt Coordinator

  • 236 posts
  • Join Date: Nov 21 2006

Posted August 27 2007 - 10:14 AM

One trick that's been 99% successful for me is to run the spyware scan/removal in safe mode (if you don't know what safe mode is please ask) and that usually removes the pesky ones. You can email my your hijack this log, or you can just paste it here http://www.hijackthis.de/ and it'll tell you what to remove 99% of the time.

#3 of 13 OFFLINE   drobbins

drobbins

    Screenwriter

  • 1,870 posts
  • Join Date: Dec 02 2004

Posted August 27 2007 - 12:08 PM

If you use "system restore" you may be able to restore your computer to a point before your guests arrived.

#4 of 13 OFFLINE   Joe D

Joe D

    Supporting Actor

  • 839 posts
  • Join Date: May 21 1999

Posted August 27 2007 - 12:53 PM

Scroll through your Add/Remove Programs in the Control Panel and check and see if there is any suspicious programs listed in there.

Also, run Spyware Blaster, Spybot Search and Destroy, and Lavasoft Adaware.

#5 of 13 OFFLINE   DavidBL

DavidBL

    Stunt Coordinator

  • 204 posts
  • Join Date: Apr 19 2002

Posted August 27 2007 - 03:17 PM

Hi all,

Thanks for the suggestions. I did have to use safe mode to get rid of some of the original garbage I received. I'll probably use system restore as a last resort but I've been doing a bit of work and projects on this computer so I'd like to try and just clean it first.

Aaron, I'll probably send you an email soon. Thanks for the offer.

David

#6 of 13 OFFLINE   Christian Behrens

Christian Behrens

    Supporting Actor

  • 712 posts
  • Join Date: Mar 02 2000

Posted August 28 2007 - 04:10 AM

Don't use Internet Explorer. Simple and effective mechanism to ward off most of the little buggers.

-Christian
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." (Benjamin Franklin)

#7 of 13 OFFLINE   Kimmo Jaskari

Kimmo Jaskari

    Screenwriter

  • 1,529 posts
  • Join Date: Feb 27 2000

Posted August 29 2007 - 04:30 AM

Yup, simple as that. Some people do want to, though, but I think most just can't be bothered to change it. IE does nothing that the other browsers don't do at least as well.

Firefox seems to be the alternative most people go for, but personally I'm a huge fan of Opera, and can wholeheartedly recommend it. Definitely something to consider. Best security record of any of the top three by far, too.
"If we do happen to step on a mine, Sir, what do we do?"
"Normal procedure, Lieutenant, is to jump 200 feet in the air and scatter oneself over a wide area." -- "BlackAdder 4"

#8 of 13 OFFLINE   hurney

hurney

    Auditioning

  • 1 posts
  • Join Date: Jul 20 2009

Posted July 21 2009 - 12:12 AM

Just a few remarks regarding google redirect virus:

it doesn't matter if you are using Internet Explorer, Mozilla Firefox or any other, trojan will be taking action on any of browsers.
Add/Remove Programs is helpless here, because trojan presence will not be noticed there.
It seems that http://www.computing...rect/26874.html helped tp remove the virus.


#9 of 13 OFFLINE   Brian31

Brian31

    Auditioning

  • 2 posts
  • Join Date: Apr 20 2010

Posted April 20 2010 - 06:31 AM

RE: Problems with google redirecting/language in searches/Google Deutschland

http://www.google.co...519290612&hl=en

by: stealthjunk
I had almost the exact same problem today and none of my anti-spyware programs (SpyBot, AdAware, MalwareBytes, Housecall) could fix it.  Fortunately, I found the solution on another board.  As a little bit of background, viruses sometimes will alter your "hosts" file, which is basically a file that controls the redirecting for your browsers (specifically, this file makes it faster for your computer to convert URLs into the relevant IP addresses by having a shortcut list of IP addresses instead of having to look them up when you type in the URL).

Anyway, enough background, here's what you need to do to fix:

(1) Click START > RUN > and type in "C:windowssystem32driversetchosts"
(2) When prompted, open the HOSTS file in either Notepad or Wordpad
(3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".

If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away.  If not, then this probably isn't the issue, but it's worth a look.

Let me know how it goes -- best of luck!
9 of 16 people found this answer helpful. Did you?
Yes

---------------------
stealthjunk's post on clearing the hosts file extra data worked for me to remove the "go to google deutschland" from the main google webpage.  i first exited all programs and web browsers, then i clicked start > run > type  cmd   (then press enter to get the command console), then type cdwindowssystem32driversetc  (then press enter), then type   edit hosts  (press enter), then scroll down and delete the extra junk except the localhost 127 line (there was like over 50 lines of other hosts in there), then press ALT-F for File then press S to save, then ALT-F then X to exit the editor, now type  exit  (to exit the cmd program).  Now just to be safe i restarted my computer and started my firefox browser and my google homepage was back to normal.  I didnt have to type any of this here, but, I live by the golden rule to do to others as I would want them to do to me, and I'd want someone to confirm how to get rid of that redirect problem, and they sure did, thanks guys!
PS: if you cannot find the hosts file, the virus probably made it hidden and read-only, to undo that, once u get into cdwindowssystem32driversetc folder, type this:  attrib -s -h -r -a hosts  (then press enter), now you can continue with cleaning up the hosts file, and remember it is not a Text file, there is no extension to it, just hosts  (not hosts.txt).
-------------
Brian Stusalitus
04/20/2010


#10 of 13 OFFLINE   seango83

seango83

    Auditioning

  • 1 posts
  • Join Date: Jul 20 2010

Posted July 20 2010 - 08:16 PM

This virus is very bad and can infect host file, dns settings, proxy and other things. This google virus freaked out my brother when he clicked on his companies site and was redirect to a search engine!


I searched on google and we were able to remove this virus by using this Google Redirect Virus Removal guide. this page tells you about dns settings, proxy settings and also a very nice software.


A helpful article on ezinearticles too abt this topic http://ezinearticles...-Fix&id=4573421



#11 of 13 OFFLINE   GlacierMove

GlacierMove

    Auditioning

  • 1 posts
  • Join Date: Jun 13 2011

Posted June 13 2011 - 07:36 AM

This virus does not discriminate based on browser unfortunately. At one point I had several computers that were running different browsers and versions of windows and I still had this problem on all of them. Many of the fixes that I have read might work for a few, but if you are in a situation where you couldn't get help fast enough like me, then the problem can get so out of hand that most directions don't work. I tried everything, and then eventually found some information on the [link deleted by moderator] that did help me get answers.



#12 of 13 OFFLINE   Sam Posten

Sam Posten

    Executive Producer

  • 16,625 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted June 13 2011 - 08:29 AM

I've flagged the post above to be checked out, but I caution anyone else from following that link from a first time poster on an ancient thread bump...


I lost my signature and all I got was this Nutter t-shirt


#13 of 13 OFFLINE   Sam Posten

Sam Posten

    Executive Producer

  • 16,625 posts
  • Join Date: Oct 30 1997
  • Real Name:Sam Posten
  • LocationAberdeen, MD & Navesink, NJ

Posted June 13 2011 - 08:31 AM

Also I'm pretty sure I flaged post #8 about 2 years ago too and it wasn't removed, so YMMV.  Post #9 looks very suspicious too.


I lost my signature and all I got was this Nutter t-shirt