Google Redirect Virus

Create a Post
MabSadie2

MabSadie2

PFG, Picture Framing God
Joined
Jul 22, 2008
Posts
5,829
Loc
Bozeman, Montana
.....is the most tenacious, frustrating virus ever! How do you get rid of this? Malware, Viper, Spyware doctor have all cleared my XP Security Tool Virus, and yet I still cannot use the search engines, which started happening a few days before the XP thingy happened.

The Google Redirect Virus is the one where you can search Google or Yahoo and get a list of results, but every link on that list takes you to a generic page with a list of carp you can buy.

I can't effectively use my internet. You can only imagine how this has ruined my week.
 
I have a feeling it has to do with the Hosts file and sure enough I found this online:

"(1) Click START > RUN > and type in "C:\windows\system32\drivers\etc\hosts"(2) When prompted, open the HOSTS file in either Notepad or Wordpad
(3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".


If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away. If not, then this probably isn't the issue, but it's worth a look."

And:

"Alright, if the hosts fix didn't work, then this one is sure to do the trick! My redirect virus/malware ended up coming back after a few reboots. So my search for the solution went on and I found a magical little program called ComboFix. Go to this website and download it (ONLY download from bleepingcomputer.com -- it may be a virus if you find it anywhere else!): http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the simple instructions on that website and you'll be in good shape in about 20 minutes. I had run AdAware, SpyBot, MalwareBytes, HijackThis, CWShredder, HouseCall, AVG, etc. and none of them could find/remove any of these files. Or if they did find them, they would pretend to delete them but then they'd come right back. This ComboFix program is a DOS-looking window that works like magic -- it looks for "rootkit" activity that apparently the others don't even consider. In about 20 minutes, it deleted a "MoneyBooster" malware toolbar that had snuck onto my machine, detected/repaired my corrupted atapi.sys file, and deleted a bunch of other mutated files in my Windows folder that were viruses. I am officially now virus-free after several reboots."

Here is the thread by the way:

http://www.google.com/support/forum/p/Web Search/thread?tid=6df7e15519290612&hl=en
 
Hi

Did you the run registry fix that I posted in a previous thread, and then follow it up with a malwarebytes scan?

This should fix ya up

Mike
 
Create a Post
Back
Top