Windows 7 Google results hijacked

[balicea]

I'm sorry for the tone of this e-mail, I cannot take this anymore. I have some sort of virus/intrusion on my machine that WILL NOT allow me to click on a Google search result without re-routing me to an irrelevant result. This is outrageous. I have used SIX different virus/malware programs for purposes of removal and scanned the directory for unusual entires (using HijackThis) but to no avail. I even clean installed Windows 7 (on an ASUS notebook), and on the FIRST search I did, the browser (I tried both IE8 and Firefox) redirected me to an ad site from which I hence cannot escape (once I clicked on the desired result). I cannot find anything, ANYTHING that will remedy this problem. Any help you can provide would be appreciated.


Thank you for your time,
Bradly Alicea

 

[toddwilson]

I also suffer from this "redirect" , but like you, AV programmes and malware removals find nothing
I hope someone can assist here

 

[Trouble]

First in IE8 from the tools menu select internet options, then the connections tab, then the LAN settings button near the bottom right. Remove and or uncheck anything in there, ok your way back out close and reopen internet explorer.
If still no joy, look here
C:\Windows\System32\drivers\etc
Open the file called hosts
Use notepad when prompted, it should look like the following

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Anything additional you pretty much can safely edit/delete (you may need to change the read only properties of the files to safe any edits)

 

[toddwilson]

Tried all you instructed, still having redirect issues
Thankyou anyhow

 

[Trouble]

it's possible that your local DNS cache may be an issue. Try flushing the dns cache.
Command Prompt and type
ipconfig /flushdns
see if that helps

 

[MikeHawthorne]

This sound like the same fake antivirus trojan that has been going around a lot lately.

3 of my friends have had it in the last 3 months.
On these computers I was able to find it by running SuperAntiSpyware from a thumb drive in safe mode.

On 2 of them it removed it. One had to have Windows reinstalled.

Also check your LAN settings, in Internet Options, set it back to Automatic if it has been changed.

Doing a repair install won't get rid of it because the files are still there and it just reactivates itself.

Here's some info about it....

How To Remove Antivirus Live and Other Rogue/Fake Antivirus Malware - How-To Geek

If you aren't running Microsoft Security Essentials try installing and running that.

Mike

 

[balicea]

Thanks for the responses received. I actually found an alternate solution (we'll call it "Operation Rootkit Down"):

First of all, what is a rootkit? From Wikipedia:
A rootkit is a software system that consists of one or more programs designed to obscure the fact that the system has been compromised (one of many definitions,
but this is the most relevant for our purposes).

AVG (my anti-virus software) searches for rootkits, but couldn't find any infections on my system. After doing some targeted Google searches (copy-and-pasting the links of course) regarding hard-to-detect infections, I found this free program from Kaspersky Labs called TDSSKiller:
How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

Download, unzip, and scan. It should find a rootkit with a suffix of something like "hdl**".
Reboot your system, and then rerun with TDSSKiller. It should be removed -- for a final test, go to Google, do a search, and you should not be redirected anymore.

 

[MikeHawthorne]

Thanks for the info, I'll ad this link to my list.

Mike

 

[toddwilson]

Thankyou everyone also, I appreciate your assistance