Blog

Instructions to fix Google Redirect Virus problem

Mar 11

Written by:
11/03/2013 17:37  RssIcon

Google redirect virus is a browser hijacker which targets Google and other search engine search results and redirects user to other  pages. These pages can be porn–related or full of advertising banners that make creators of this parasite money. Sometimes these pages might make you to pay or give away your bank details makes the Google redirect virus dangerous.

There are couple different streaks of Google Redirect viruses, and some of them might need heavy scanning with reputable Anti-malware solutions. Sometimes Google results Redirect virus even blocks reputable sites and it is tough to download automatic software. However, there are couple easy steps to solve less complex problems.


Note, that before trying to fix other things, you are suggested to scan and check if anti-malware programs can identify more precise reason of Google redirect hijacker. We recommend Spyware Doctor, Spyhunter, Hitman Pro for this task. You should always scan after performing all these steps as well, as doing anti-rootkit scan might reveal trojans that were hidden due to other infections. In some cases, rootkits will be detected and removed by anti-malware programs.


Steps 1-6 deals with regular hijacking of search results that are due to malicious settings or plugins. Steps 7 and above deal with malware infections that result in Google redirect virus symptoms and are more difficult to detect and fix. However, If any of antivirus programs are stopped from execution this means malware infection and you will have to scan your PC with anti-virus and anti-malware programs.


Step 1. Check your hosts file for malicious entries.
Hosts file resides on C:\Windows\System32\Drivers\etc\hosts


Where Windows is your windows installation directory. On windows 8/7/vista, you should open your hosts file with administrative privileges. Google Redirect virus symptoms might be result of malware adding malicious entries to this file and are removed easily as well.


If you see more lines of code and IPs, you should delete these, especially if they rewrite google or Microsoft subdomains. This is a sign, that you either had or have infection on your PC, as this file can not be accessed remotely usually.


Step 2. Check DNS (Domain Name Server) settings


Domain name servers are used to determine what server to access when opening website addresses. Hijacking these settings would allow hijacking various websites including search ones.


1. Go to Control Panel->Network Connections and select your local network.
2. Right-click your local network icon and select Properties.
3. A window will open, then select Internet Protocol (TCP/IP) and click Properties.

4. You will see the Internet Protocol window. Select “Obtain an IP address automatically” and “Obtain DNS server address automatically”.

5. Click OK to save changes.



Step 3. Checking your proxy settings on Internet Explorer
Proxy server settings can be used to implement Google search result hijacking as well.


1. Launch your internet explorer.
2. Tools ->Internet Options, Connections tab. Press LAN Settings

3. deselect everything or enter parameters that were given by system administrator.

4. Press OK.


Step 4. (Optional) Check your proxy settings on Mozilla Firefox

1. Launch Mozilla Firefox.
2. Tools ->Options. Press Advanced and open Network tab. Then, press Settings button.
3. Select “No proxy” or enter parameters that were given by system administrator.
4. Press OK.


Step 5. Check your IE add-ons

If your browser is hijacked in IE only, check IE browser ad-ons. Note: there are malicious plugins that affect both IE and firefox and result in Google redirects in both of the pages.
1. Launch your internet explorer.
2. Tools->Manage Addons
3. Disable all unverified addons (there might be some useful ones, but better re-install them later).
Delete all ad-ons that look spammy/unknown


Step 6. Scan for malicious parasites with spyware/antivirus removers:
1. Spyware Doctor
2. Spyhunter
3. NOD32 free trial


Step 7. (Optional) Repair Winsock 2 settings with LSPFix
Download LSPFix


Step 8. If you are still have search engine redirection, it might be tdss or similar rootkit


Tags:
Categories:

Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Title:
Comment:
Security Code
CAPTCHA image
Enter the code shown above in the box below
Add Comment   Cancel