Google redirect virus (1 Viewer)

[DavidBL]

Hi HTF computer friends,

I had some relatives in town last week who used my PC and got it infected with all sorts of crud that caused random pop-ups and other adware nasties to take place. I downloaded a tool call SuperSpywareRemove (or something like that) and managed to clean up everything except for one annoyance that is not detected by my Symantec AV or any spyware util I've tried.

The problem is that after doing a Google search and getting the results page, any search return links I click on get redirected to some other irrelevant page. If I click "back" and retry several times, I eventually get to where I wanted to go.

After Googling the Google redirect virus, I discovered that there are several Google hijack issues out there that most apps don't detect, and that the basic procedure for cleaning it out is as follows:

1. Run "Hijackthis!" and post the output to a computer forum.
2. Someone with more computer smarts than me identifies which registry entries, files, etc., are causing the problem and provides instructions on how to remove them.
3. Follow the instructions and then post another "Hijackthis!" log.
4. The smart person from part 2 verifies that the log is now clean.

Rather than joining some new computer forum, I'm wondering if anyone here has any experience with diagnosis and removal of this type of problem and would be willing to work with me via email to get it resolved? The infected computer runs XP Media Center SP1. (when I tried to upgrade to SP2 it broke the drivers that view and capture live TV, which is one of the primary uses for this computer-- but I keep the AV software updated and never had a problem until my guest hosed it up).

Thanks,
David

 

[hodedofome]

One trick that's been 99% successful for me is to run the spyware scan/removal in safe mode (if you don't know what safe mode is please ask) and that usually removes the pesky ones. You can email my your hijack this log, or you can just paste it here http://www.hijackthis.de/ and it'll tell you what to remove 99% of the time.

 

[drobbins]

If you use "system restore" you may be able to restore your computer to a point before your guests arrived.

 

[Joe D]

Scroll through your Add/Remove Programs in the Control Panel and check and see if there is any suspicious programs listed in there.

Also, run Spyware Blaster, Spybot Search and Destroy, and Lavasoft Adaware.

 

[DavidBL]

Hi all,

Thanks for the suggestions. I did have to use safe mode to get rid of some of the original garbage I received. I'll probably use system restore as a last resort but I've been doing a bit of work and projects on this computer so I'd like to try and just clean it first.

Aaron, I'll probably send you an email soon. Thanks for the offer.

David

 

[Christian Behrens]

Don't use Internet Explorer. Simple and effective mechanism to ward off most of the little buggers.

-Christian

 

[Kimmo Jaskari]

Yup, simple as that. Some people do want to, though, but I think most just can't be bothered to change it. IE does nothing that the other browsers don't do at least as well.

Firefox seems to be the alternative most people go for, but personally I'm a huge fan of Opera, and can wholeheartedly recommend it. Definitely something to consider. Best security record of any of the top three by far, too.

 

[hurney]

Just a few remarks regarding google redirect virus:

it doesn't matter if you are using Internet Explorer, Mozilla Firefox or any other, trojan will be taking action on any of browsers.
Add/Remove Programs is helpless here, because trojan presence will not be noticed there.
It seems that http://www.computing.net/answers/security/google-redirect/26874.html helped tp remove the virus.

 

[Brian31]

RE: Problems with google redirecting/language in searches/Google Deutschland

http://www.google.com/support/forum/p/Web+Search/thread?tid=6df7e15519290612&hl=en

by: stealthjunk
I had almost the exact same problem today and none of my anti-spyware programs (SpyBot, AdAware, MalwareBytes, Housecall) could fix it. Fortunately, I found the solution on another board. As a little bit of background, viruses sometimes will alter your "hosts" file, which is basically a file that controls the redirecting for your browsers (specifically, this file makes it faster for your computer to convert URLs into the relevant IP addresses by having a shortcut list of IP addresses instead of having to look them up when you type in the URL).

Anyway, enough background, here's what you need to do to fix:

(1) Click START > RUN > and type in "C:windowssystem32driversetchosts"
(2) When prompted, open the HOSTS file in either Notepad or Wordpad
(3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".

If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away. If not, then this probably isn't the issue, but it's worth a look.

Let me know how it goes -- best of luck!
9 of 16 people found this answer helpful. Did you?
Yes

---------------------
stealthjunk's post on clearing the hosts file extra data worked for me to remove the "go to google deutschland" from the main google webpage. i first exited all programs and web browsers, then i clicked start > run > type cmd (then press enter to get the command console), then type cdwindowssystem32driversetc (then press enter), then type edit hosts (press enter), then scroll down and delete the extra junk except the localhost 127 line (there was like over 50 lines of other hosts in there), then press ALT-F for File then press S to save, then ALT-F then X to exit the editor, now type exit (to exit the cmd program). Now just to be safe i restarted my computer and started my firefox browser and my google homepage was back to normal. I didnt have to type any of this here, but, I live by the golden rule to do to others as I would want them to do to me, and I'd want someone to confirm how to get rid of that redirect problem, and they sure did, thanks guys!
PS: if you cannot find the hosts file, the virus probably made it hidden and read-only, to undo that, once u get into cdwindowssystem32driversetc folder, type this: attrib -s -h -r -a hosts (then press enter), now you can continue with cleaning up the hosts file, and remember it is not a Text file, there is no extension to it, just hosts (not hosts.txt).
-------------
Brian Stusalitus
04/20/2010

 

[seango83]

This virus is very bad and can infect host file, dns settings, proxy and other things. This google virus freaked out my brother when he clicked on his companies site and was redirect to a search engine!


I searched on google and we were able to remove this virus by using this Google Redirect Virus Removal guide. this page tells you about dns settings, proxy settings and also a very nice software.


A helpful article on ezinearticles too abt this topic http://ezinearticles.com/?Get-Rid-of-Google-Redirect-Virus---Easy-Fix&id=4573421

 

[GlacierMove]

This virus does not discriminate based on browser unfortunately. At one point I had several computers that were running different browsers and versions of windows and I still had this problem on all of them. Many of the fixes that I have read might work for a few, but if you are in a situation where you couldn't get help fast enough like me, then the problem can get so out of hand that most directions don't work. I tried everything, and then eventually found some information on the [link deleted by moderator] that did help me get answers.

 

[Sam Posten]

I've flagged the post above to be checked out, but I caution anyone else from following that link from a first time poster on an ancient thread bump...

 

[Sam Posten]

Also I'm pretty sure I flaged post #8 about 2 years ago too and it wasn't removed, so YMMV. Post #9 looks very suspicious too.