56
day, February 4, 2010 Remove Google redirect virus Tell your friends: In this article you will find recommendations how to remove Search Engine Redirect virus or Google Redirect virus. Most of the time it’s called Google redirect problem but please note that the redirect virus affects Yahoo and Bing search results too. This problem is very frustrating and unfortunately there is no one-click solution for it. Google redirecting virus is usually a by-product of malicious software. Many people say that this problem remains after removing rogue security software or Trojans. In some cases anti-virus and anti-spyware programs remove Trojans, but unfortunately can’t detect changes made by the virus. Anyhow, below is a list of things that you should do or check in order to remove Google Redirect virus or fix Search Engine Redirect problem. Check Local Area Network (LAN) settings Make sure that DNS settings are not changed Check Windows HOSTS file Manage Internet Explorer add-ons. Remove unknown or suspicious add-ons Use TDSSKiller tool to remove malware belonging to the family Rootkit.Win32.TDSS Scan your computer with legitimate anti-malware software (ComboFix) Use CCleaner to remove unnecessary system/temp files and browser cache Reset your Router back to the factory default settings 1. Check Local Area Network (LAN) settings a) Open Internet Explorer. In Internet Explorer go to: Tools- >Internet Options. b) Click on “Connections” tab, then click “LAN settings” button.

Google Virus

Embed Size (px)

DESCRIPTION

virus google

Citation preview

day, February 4, 2010Remove Google redirect virus Tell your friends: In this article you will find recommendations how to remove Search Engine Redirect virus or Google Redirect virus. Most of the time its called Google redirect problem but please note that the redirect virus affects Yahoo and Bing search results too. This problem is very frustrating and unfortunately there is no one-click solution for it. Google redirecting virus is usually a by-product of malicious software. Many people say that this problem remains after removing rogue security software or Trojans. In some cases anti-virus and anti-spyware programs remove Trojans, but unfortunately cant detect changes made by the virus. Anyhow, below is a list of things that you should do or check in order to remove Google Redirect virus or fix Search Engine Redirect problem. Check Local Area Network (LAN) settings Make sure that DNS settings are not changed Check Windows HOSTS file Manage Internet Explorer add-ons. Remove unknown or suspicious add-ons Use TDSSKiller tool to remove malware belonging to the family Rootkit.Win32.TDSS Scan your computer with legitimate anti-malware software (ComboFix) Use CCleaner to remove unnecessary system/temp files and browser cache Reset your Router back to the factory default settings

1. Check Local Area Network (LAN) settingsa) Open Internet Explorer. In Internet Explorer go to: Tools->Internet Options. b) Click on Connections tab, then click LAN settings button.

c) Uncheck the checkbox under Proxy server option and click OK.

2. Make sure that DNS settings are not changeda) Open Control Panel (Start->Control Panel).b) Double-click Network Connections icon to open it. c) Right click on Local Area Connection icon and select Properties.

d) Select Internet Protocol (TCP/IP) and click Properties button.

e) Choose Obtain DNS server address automatically and click OK.

3. Check Windows HOSTS filea) Go to: C:\WINDOWS\system32\drivers\etc.b) Double-click hosts file to open it. Choose to open with Notepad.

c) The hosts file should look the same as in the image below. There should be only one line: 127.0.0.1 localhost in Windows XP and 127.0.0.1 localhost ::1 in Windows Vista. If there are more, then remove them and save changes. Read more about Windows Hosts file here:http://support.microsoft.com/kb/972034

4. Manage Internet Explorer add-ons. Remove unknown or suspicious add-onsa) Open Internet Explorer. In Internet Explorer go to: Tools->Manage Add-ons.b) Uninstall unknown or suspicious Toolbars or Search Providers.

5. Scan your computer with legitimate anti-malware software.Download at least one anti-malware software from the list below and scan your computer. Dont forget to update it before scanning.

Download recommended anti-malware software and run a full system scan to remove this virus from your computer.

It's possible that an infection is blocking anti-malware software from properly installing. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. Don't forget to update the installed program before scanning.

Alternate malware removal tools can be used in case recommended anti-malware software has missed a threat: Combofix(use with caution) MalwareBytes Anti-malware SUPERAntispyware Hitman Pro 3.56. Use TDSSKiller tool to remove malware belonging to the family Rootkit.Win32.TDSSa) Download the file TDSSKiller.exeb) Execute the file TDSSKiller.exe.c) Wait for the scan and disinfection process to be over.More detailed TDSSKiller tutorial:http://support.kaspersky.com/viruses/solutions?qid=208280684

7. Use CCleaner to remove unnecessary system/temp files and browser cacheCCleaner is a freeware system optimization. Its not a malware removal tool. However, its always a good idea to get rid of unnecessary internet/system files or corrupter Windows registry values that may cause various problems to your computer. Downlaod CCleaner.

8.Reset your Router back to the factory default settingsThis step is optional and should be completed only if you have followed all the above recommendations and you still have the redirect virus on your computer. First of all, please follow this guide: How to Reset a Router Back to the Factory Default Settings. Then you should flush DNS cache:

1. Go to Start->Run (or WinKey+R) and type in "cmd" without quotes.

2. In a new window please type"ipconfig /flushdns" without quotes and hit Enter. And that's it!

These recommendations shouldnt be too complicated. I hope this article was helpful. If you have any questions dont hesitate and ask. Comments are always welcome.

Share this information with other people: 146 Posted by Admin at 5:30 PM Labels: Trojans 200 comments: Anonymous said... Thanks; I have been looking ofr quite some time now for soultions. your info seems to be the best out there-- straight forward with direct download links. It's my turn to now try it all out.February 6, 2010 at 12:38 AM Anonymous said... This worked! Thanks for the solution and the clarity of presentation.

Deeply grateful.February 7, 2010 at 5:38 AM Anonymous said... Thanksthe description and step are clear and help meget ride of my google redirectthanks a lotFebruary 12, 2010 at 10:34 PM Admin said... You are welcome!February 13, 2010 at 3:52 AM Anonymous said... Hi. I've had the Google redirect virus lately as well, however, mine is on mozilla firefox. If you have instructions relevant to mozilla, I'll be really grateful!! Thank you in advance.February 13, 2010 at 9:41 PM Admin said... Yes, I think I will have to include Mozilla Firefox in this tutorial too. Meanwhile, you can still complete these steps:

2. Make sure that DNS settings are not changed3. Check Windows HOSTS file5. Use TDSSKiller tool to remove malware belonging to the family Rootkit.Win32.TDSS6. Scan your computer with legitimate anti-malware software (ComboFix)7. Use CCleaner to remove unnecessary system/temp files and browser cacheFebruary 14, 2010 at 4:43 AM Anonymous said... i havent even the problem and was impressed with the solution might try it myself JUST to be sure :-)February 28, 2010 at 6:33 AM Anonymous said... i got up to the part about add ons but i dont know which one is considered to be suspicious. I also scanned my computer twice with updated versions of malewarebytes and avast. They found the trojans but i still get redirected.February 28, 2010 at 9:27 AM Anonymous said... Win XP: I did everything as per the very well written instructions. The TDSSKiller found nothing, ComboFix found nothing, CCCleaner picked up some trash. But, the redirecting fro what appears to be google still persists.

From start/Run, I enter "www.Google.com". It puts me into Google, but the Google name image is standard. However, when I do the same on an uninfected computer, the Google name image is a special graphic; not the standard. Could this mean that even before the redirection, I've been captured by the virus on the first PC?

I have spent hours using MalwareBytes, ComboFix, Hitman, AVG, and CCCleaner to no avail. They all claim the computer is clean, yet the redirecting behavior still persists. - JimMarch 4, 2010 at 7:36 PM Anonymous said... I noticed a difference between an infected computer and a non-infected computer. When I go into a DOS command window and perform a ">ping http://www.google.com/", my non-infected computer resolves and completes the ping successfully; while the infected computer fails to resolve the url.

On my non-infected computer, the AVG link icons show up by each google search result item; while on the infected pc, the icons neve show up (and they used to).

Also, the fact that the Google name today is supposed to be comprised of guitars and is on my non-infected pc; it is the std rendition of the Google name on the infected computer. It is my opinion that the redirect virus is more that mere redirection from google. I believe it hijacks the browser on the way into google and fakes being there, when in reality, it is somewhere else already.- JimMarch 4, 2010 at 8:30 PM Anonymous said... I am positive that the redirect virus is hijacking the PC by preventing it from ever reaching the real Google web site in the first place. Evidence: Notice the "@Year-Privcy" phrase in the middle of the form. For infected PCs, it reads "@2009-Privacy", while for uninfected PCs, it reads "@2010-Privacy".

The problem is not redirection after entering Google, but rather redirection before entering it.- JimMarch 5, 2010 at 5:35 AM Anonymous said... This worked very well for me for Firefox and Internet explorer. Thank you very much. I have been trying for two complete days to delete this virus!!March 14, 2010 at 10:07 PM Anonymous said... Thank you!

You have saved me a lot of hassle.

it worked perfectlyMarch 24, 2010 at 11:54 AM Ian said... I run TDSS Killer, and it says press any button to continue. I do so, and it disappears, both from my screen and from the task manager. No scanning, no asking if I want to restart my computer, nothing.

Any idea?March 30, 2010 at 5:42 PM Anonymous said... THANKS A BUNCH!

Had strange behaviour while using Google, i.e. 'Cached' pages not appearing, sometimes redirected to Facebook, and so on...

Issue was DNS Servers, being 93.188.164.61 and 93.188.161.104 instead of those of my French ISP. I've corrected settings of course, and blocked these on ACL of my Cisco router, just in case ...

Again, a BIG THANK YOU!March 31, 2010 at 1:44 PM Anonymous said... I too have spent 2 days trying to clean this mess. Have done the exact steps here twice and still have the issue. Counter what "Jim" said above, I get redirected from Google or Yahoo on IE or Firefox -- all the same. Any new ideas on this? Thanks, Tom.April 8, 2010 at 4:35 PM Darren said... just use combo fix and it will be goneApril 13, 2010 at 7:04 AM Darren said... here is the link for combofix http://www.forospyware.com/sUBs/ComboFix.exeand heres a guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofixApril 13, 2010 at 7:05 AM Anonymous said... Just wanted to say a big thank you for your advice.

I had the same Google re-direct problem on both Firefox and Explorer. I went straight to the Combofix option and it looks to have resolved the issue. I've run the Combofix scan and followed the instructions and it looks to have done the job.

Many thaks again.April 13, 2010 at 11:04 AM Anonymous said... I have done all of this, run combofix, spybot, malwarebytes and still I have the redirect virus! Any suggestions?April 13, 2010 at 7:43 PM Bijay said... I'm using MAC. Is there any solutions for it/May 10, 2010 at 10:30 PM gaztruman said... Thank you very much.

I had posted a thread on a forum about this, then I found this and it worked a treat.

Great blog post, this virus was driving me mad.May 11, 2010 at 9:36 AM Anonymous said... Thanks so much for saving me many hours with tech support, with perhaps an inevitable format C at the end of it all. Combofix is KING! Kitty ate the virus, and now my PC is clean as a whistle again! TDSS Killer found the offending file (atapi.sys) and tired to delete it on reboot, but was foiled everytime by the rootkit. But Combofix did the trick, and did it perfectly. Now TDSS Killer confirms I'm clean, and no more problems. Google Chrome loads fine again, and no redirects in IE. Thanks a million, my friend! (Don't forget to set a new Restore Point once you're clean, and then delete all the previous restore points.)May 12, 2010 at 12:19 AM Warren said... I seem to be back up and running well. Thanks soooooo much for posting the fix on this nightmare problem. BTW - Combofix demands money to fix your comp. So, I used Hitmanpro and it worked like a champ! Take care :-)May 13, 2010 at 4:34 PM Anonymous said... when i try to change host file, it says make sure path and file name are correct. help pleaseMay 15, 2010 at 5:57 PM Anna said... OH MY WORD!!! GOD BLESS YOU!! Your instructions helped me to remove that google redirect BS off of my computer!!! I thought that I was going to have to re install windows or whatever and lose EVERYTHING!!!! God led me to this site but i kept trying other stuff before i came back to download the combofix because i was scared to use it... i've been working on my computer since i came home from work THIS MORNING AT 7AM!!!! It is now 10:47PM PEOPLE and the combofix and ccleaner removed that BS in less than 30 minutes!!!!!

Again Thank you!!May 18, 2010 at 7:49 PM ChrisT said... AWESOME - i went through all the steps and I didn't find anything to fix until I got to the TDSSkiller file - it found ONE filed and deleted it upon reboot.

NOW IM GOOD TO GO! woo hoo - I alrdy had malwaremalbytes thing and it hadn't found anything, but this worked perfect.May 19, 2010 at 11:56 AM Anonymous said... Yes GOD Bless You !!

I'm finally back in business! Just when I felt like I lost control of my browser the way it kept redirecting my search links like mad. Just to add I also lost the ability to even perform Windows update.I had this issue for days and this info here was what I was missing to fix it.I two spent days of executing every adware and antivirus tool I could find. Today I ran a host file restore and combofix and yet STILL had a nasty piece left behind until I ran across this information posted here and found your suggestion about TDSSKiller. This discovered this was all due to the Rootkit.Win32.TDSS and thus cleaned it out. I went ahead and followed it up with CCleaner just to stay on target. WOW! I'm so pleased! Everythings back to normal now so I think I'm ready to run one more overnight malware scan (for peace of mind) so I can make another good Windows restore point.

GUYS If anyone out there discovers thier browser is behaving like what you read in these posts just follow the authors 7 steps in ORDER and I think you will be happy! .. cause I sure know I am =)Thanks again!May 19, 2010 at 6:33 PM Anonymous said... Thank you - I had the redirect virus that occurred anytime I clicked a link in search results. I tried running Malwarebytes' Anti-Malware and Super AntiSpy but they said there was no infection. Then I ran ComboFix and the kitty removed the virus. Thanks again for posting this.May 22, 2010 at 8:20 AM Anonymous said... Phew.... thank god I found this site.... solved it straight away... it had been bugging me for weeks. Great information, presented in a logical way. Keep up the good workMay 24, 2010 at 8:39 PM Anonymous said... I'm going to repeat what everyone else said, GOD BLESS YOU. I have been trying all day to figure this out. This is a great explanation and help.May 28, 2010 at 5:00 AM Anonymous said... Only ComboFix did it for me. It also deleted a few dlls from innocent programs, but nothing major. Thanks!June 1, 2010 at 1:03 PM Anonymous said... Thank you very much appreciatedJune 6, 2010 at 10:36 AM Anonymous said... Thanks for the info. Worked to fix my issue. Google redirect and Symantec HTTP: Tidserv Request found error.June 11, 2010 at 12:09 PM Anthony said... Outstanding thanks so much. Fixed my redirect issue as well as getting back my windows updates.June 17, 2010 at 7:57 PM Anonymous said... thank you! this is the only thing i found that did the trick for me!June 18, 2010 at 11:54 PM Henry said... Thank you! I'm not technically skilled at all and I was able to follow your very well laid-out instructions with no problems whatsoever. My problem has been solved and my computer is running better than ever. Keep up the good work!June 19, 2010 at 12:37 PM Anonymous said... thanks alot, worked perfectlyJune 23, 2010 at 2:49 PM Anonymous said... Hi, so when I try to save the HOST file I edit, it saves it as a different type of file. And still has the actual old HOST file saved there. How am I supposed to save it to replace the old HOST file? In my case, there were honestly a million or so lines after the line that says "localhost."June 24, 2010 at 8:41 PM aleciaob said... Thank you thank you! I'm not tech savvy, yet was able to follow your clear instructions.For those that are having difficult re-saving the edited host file, right click the original file before you edit it and make sure you UNCHECK 'Read-Only'. Then open the file with notepad, edit it and bob's your uncle.Thanks so much.June 27, 2010 at 3:54 AM Anonymous said... I opened my hosts and had an unknown second host on there. I highlighted and delete it, but then could not save... the program asked if I wanted to replace it which I said yes to, then received a popup notice that the file cannot be created and to make sure the file path and name are correct... I have not changed any information that pops up automatically, I only deleted the host that is shown as ::1 localhoston the notepad... Any ideas? (Read-only was not checkedJune 28, 2010 at 11:12 AM Anonymous said... Thank You!!! I think TDSSKiller is what solved it, but I ran combo fix to be sure too.August 2, 2010 at 2:43 PM Anonymous said... I FREAKIN LOVE YOU!August 4, 2010 at 11:07 PM Anonymous said... Thank you for great info. I got rid of redirect virus using hitman pro. It detected and got rid of them for good. It was annoying few days.August 6, 2010 at 12:28 PM Anonymous said... I've ran Hitman pro, TDSSKiller, and Combofix, but none of them detect anything on my computer even though I still get redirected on my searches. Maybe I should just reinstall the OS..?August 6, 2010 at 1:47 PM Anonymous said... Thank you so much. I've had this problem for ages. I've done system restores multiple times, thinking that it would do the trick, but it didn't. I've searched through so many sites, but all they did was describe it. They didn't really provide solutions. I've downloaded MalwareBytes which seemed to help the performance of my computer a little, but it didn't get rid of the Browser Hijacker. I even downloaded the Google Pack with the Spyware Doctor, but it completely messed with my computer. I'm so happy I found this site. The TDSSKiller definitely did the trick. I tried the ComboFix but it said something about not being able to rename the file. Thank you so much for your help. (:August 6, 2010 at 2:55 PM Anonymous said... I changed my hosts file and when i tried to save i got this error message: "Cannot create the C:\WINDOWS\System32\drivers\etc\hosts file.

Make sure that the path and file name are correct."

Help me PleaseAugust 8, 2010 at 10:44 AM Admin said... Windows XP HOSTS file download link:http://download.bleepingcomputer.com/misc/host-files/windows-xp/hosts

Save this file to the C:\WINDOWS\System32\drivers\etc\ directory.

Good luck!August 8, 2010 at 11:26 AM Peter_out said... Brilliant! There are so many confused, confusing & misleading quasi-solutions to this problem circulating.....some suggesting the same methods but none quite so effectual.....thankyou so much!!August 10, 2010 at 5:57 AM Anonymous said... I guess the virus is gone. TDSKiller did not find any. I think the combofix deleted it. Thanks a bunch.August 15, 2010 at 2:21 PM Anonymous said... Just wanted to say thank you for such clear instructions. I had tried everything to get rid of this virus. It was flushing the DNS cache which did the trick. I would never have thought of that. You are the man.August 21, 2010 at 3:16 AM Admin said... You are welcome! :)August 21, 2010 at 5:09 AM Rhoniel said... thank you, it really works,

just having problem saving the 'hosts' file, i save it to desktop first, then delete the original and copy the file new 'hosts' file to the same directory.August 22, 2010 at 1:01 AM Anonymous said... Thank you very much! I ran the Tdss killer and it cured it and the suspicious problem got deleted also!!!August 28, 2010 at 1:09 PM Anonymous said... I am at the part of the instructions to go into the etc. folder, but have nothing named "hosts". I have something that says "lmhosts.sam". Please help from here. Thanks so much!!!August 31, 2010 at 9:37 AM Math-Aids.Com said... I can not thank you enough!!! I have been fighting this for days!!! It worked perfectly.My computer is now virus free!!!

Great site for Kindergarten WorksheetsSeptember 15, 2010 at 8:04 AM Michael said... Thanks for this great post. It worked. I really apperciated the step-by-step hand holding. It was do-able for a non-expert like me. thanks again.September 17, 2010 at 7:28 PM Anonymous said... Can some one help me PLEASEI have the redirect problem on multiplecomputers (network)I have ran Hitman pro, TDSSKiller, and Combofix, but none of them detect anything on any computerI still get the redirect problem on IE and chromeMy Host file on my computer has one line:127.0.0.1 localhostIt does not have the info above like the Windows XP HOSTS file download link: hasIs that my problem or is having a network?I noticed that after i ran Combofixit changed the modified date on the host fileDid ComboFix change this file?Please help SOMEONE?September 21, 2010 at 8:41 AM Anonymous said... I found the best fix for the Yahoo redirect VIRUSin our small office networkwas to do 3. Check & Replace the Windows HOSTS fileand to8. Reset your Router back to the factory default settings (Which i think solved my problem)because i scanned with all the programs andnothing worked until i reset the routerSO THANKS FOR THIS GREAT POSTSeptember 24, 2010 at 1:51 PM Anonymous said... Great post. Got rid of the beast with it and the help of TDSSKiller tool. Combofix is also a great tool (but takes a bit of faith and patience). Many thanks.September 29, 2010 at 2:04 AM Anonymous said... WOW!! Finally a post with concise, accurate instructions on how to get rid of this pain in the a.. virus. Thank you so much for posting these. After two and a half days I finally got my computer back. Thank you!October 1, 2010 at 2:23 PM Anonymous said... Ok I dont have this Google redirect virus. But I do have a redirect virus, google appears as normal ie the logo changes. My searches work but on the first instance when I click on a link I am sent to a site other than that indicated by google. Is this just a different breed of the same virus. I will try to rid myself of it using the excellent guide above, and comeback to let you know if it worked.October 4, 2010 at 8:12 AM Anonymous said... Great info. This fixed my system after messing with it for a good part of a day. tdsskiller seems to be the step where the problem went away. I ran combofix before that and it found some things but still had the problem. I only wish I knew what site I went to to pick up that virus so I don't go there again.Thanks alotSteveOctober 11, 2010 at 8:01 AM starr said... THANK YOU THANK YOU THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!October 12, 2010 at 10:50 PM Anonymous said... i can do everything you said except change the hosts file. tere is a line under 127.0.0.1 that reads "::1 localhost"but when i remove it and go to save, it says it can`t create the file and asks me to make sure the path and file name are correct :(??October 14, 2010 at 5:44 PM Admin said... Hello,

The ::1 localhost entry is the default entry of Windows Host File. ::1 Localhost is the equivalent to 127.0.0.1 Localhost but using IPv6 protocol format.

Quote: In Windows, the default hosts file contains (inactive) comment lines followed by IPv4 or IPv6 localhost entries, or it may be blank.

# Comment127.0.0.1 localhost::1 localhost

You should keep it as it is. Good luck!October 14, 2010 at 11:58 PM Anonymous said... I followed all the steps but was still getting those google link mis-directs. So I went through the steps again and re-did step 4, (removing suspicious add-ons). I didn't have any suspicious add-ons, but there were three Java-type add-ons so I deleted them all (why not) and THAT fixed my problem. No more mis-directs!!!!!!Thank you so much!!!!!! - this site is awesome!October 16, 2010 at 6:06 PM Anonymous said... I am in your debt for this AMAZING articleI was so frustrated how all my programs wouldnt openThank you!October 16, 2010 at 11:04 PM Anonymous said... Thank you, I have finally got rid of google redirect and my sound is working again - as previous poster said - i am in your debt, thanks :)October 17, 2010 at 1:40 PM Anonymous said... Following the steps listed here worked for me at first, but the next day the redirects started happening again. I used Hitman Pro 3.5 and it worked. If you use hitman pro, you may need to find your Windows installation disc. Anyway, the problem seems to be gone. Seems to be...October 18, 2010 at 4:19 PM Anonymous said... Thank you very much. The steps looked intimidating at first glance, but it was easy to follow once I tried. I wish I tried it the first time I saw it. It would had saved a lot of time.

The steps helped to get rid of audio and redirect problems. Although, I never got Malwarebytes to work without crashing. Now I am getting help at the malwarebytes forum.

Do you think I still have a virus?

Thanks!!October 21, 2010 at 2:50 AM Anonymous said... thanks for taking the time to helpOctober 28, 2010 at 3:43 PM Anonymous said... Thanks so much! This worked for me! I had this virus for 2 months & did everything to get rid of it, but nothing worked until now!!You're Awesome!!November 11, 2010 at 7:03 AM Anonymous said... You are greatNovember 12, 2010 at 1:41 PM Anonymous said... Thank you for this advice. I downloaded the hitman, ran that and it seems to have cured the problem (hopefully!) I think it's only free for 30 days and then expires and you can then purchase it.Thanks again :-)November 14, 2010 at 12:33 PM Anonymous said... Thanks much for your clear and easy to follow instructions. Problem solved. No more redirects.November 15, 2010 at 12:53 PM Pathways Soul Coaching said... Thank YOU so much!!! It worked!!! You totally rock!!!November 15, 2010 at 6:20 PM Anonymous said... I've had this problem for weeks and my IT consultant was unable to take care of it. The advice provided was easy to follow.My redirect virus was active on Google, Yahoo, and Bing and worked in Firefox, Internet Explorer, and Safari. Everything works perfectly now.

Thanks!!November 22, 2010 at 9:19 AM Anonymous said... THANK YOU THANK YOU THANK YOU!!!!!!!!!!!!I tried so many solutions and this one acutally worked and the directions were clear and concise. I really do appreciate the fact that I didn't have to get tricked into various "buy my product" scams.November 24, 2010 at 4:53 PM Anonymous said... Yeah!! It works again!! Your instructions were very easy to understand. Thank you!November 28, 2010 at 3:29 PM Jacksmom said... Help!!! I can do everything until I get to step 6 and it seems no matter which malware removal program I try to download, I get the download box, then within a few seconds I get a dialog box that says that Internet Explorer cannot open internet site. It says that he site is either unavailable or cannot be found, please try again later. Yet if I go directly to the site and attempt to download it, I get the same message. I am so frustrated as this is happening on our only computer, and now we can only log in on my husband's account. Can you plese help me!?!?!?December 10, 2010 at 1:07 PM Anonymous said... Easy to follow instructions and only had to get as far as TDSSKiller to do the trick. Thank you.December 12, 2010 at 6:04 AM Anonymous said... Yay! So far it appears combofix has worked for me!December 13, 2010 at 4:07 PM camille said... i have windows 7 and my page under network connections looks nothing like yours and i do not know what to do.December 16, 2010 at 11:22 AM Anonymous said... I'm having the same trouble with my Commodore Amiga 1200! Any suggestions?December 26, 2010 at 8:43 AM Anonymous said... oh thank you so much..... it works..... i found the rootkit problem..... with spybot and tdsskill. thank you. and YHWH bless youDecember 26, 2010 at 1:13 PM Anonymous said... I've got this on Safari on my wifes itouch. That seems to be the only equipment affected on our network - all laptops and desktops are ok. I've tried deleting the DNS entries but this seems to have no effect. Anyone any ideas? Thanks in advance.December 31, 2010 at 8:21 AM Anonymous said... Thanks so much - this was the only set of directions that helped remove a virus no other site or post was able to, including my virus scan software.December 31, 2010 at 5:34 PM GardenGirl said... OK I my laptop to Staples to get rid of the virus, thinking that if I paid someone it would get taken care of more efficiently. Well $220 and 3 days without my computer later, I guess I should have just come here. They got rid of the trojan horse - but despite my attempts to get them to understand this virus and actually READ UP on it, they just put it through their regular tests. Now, I THINK (fingers crossed) after running ComboFix it looks like the computer is clean! Thank you so much! (and thanks for finding my rant on Twitter!)January 21, 2011 at 12:54 PM Anonymous said... I have XP and had redirected web pages every time ,tracking cookies by the hundreds every day,I couldn't upgrade anything. I tried AVG, MS Essentials,Super Antispyware,and anything I thought might help. Nothing was found. I downloaded TDSS killer, ran it and everything workes like new,plus I gained 3 Gigs of space. What a great fix, thanks againJanuary 28, 2011 at 2:44 PM Anonymous said... tried some other websites' suggestions, and they actually made it worse.

this site worked for me, thanks!tdsskiller and combofixFebruary 13, 2011 at 5:36 PM Anonymous said... Have tried all of these and thought that it all fixed, but it's back again. No problems found by any scans, router reset to original factory settings. Redirecting occurs not all the time, and after trying back button several times often can get back to the topic was looking for. Also, totally random redirecting, and often to quite legitimate sites ling Bing or AOL, with info.com being the most frequent.February 13, 2011 at 8:12 PM Anonymous said... Thanks. Followed all steps but after running /flushdns seem to workedFebruary 18, 2011 at 11:57 AM Anonymous said... Malwarebytes' Anti-Malware found & removed the Trojan first time round but it returned. I had to execute TDSSKiller then run Combofix, in fact I did every step in the sequence you set out, only then it seemed to work. Combofix requested the installation of MS Recovery Console during it's scan. It also creates a logfile & directory on drive C:. WOW, what a business! I have a Virus Checker but it could not get rid of this virus. Your article & choice of products is TOPS! Can't thank you enough!!February 25, 2011 at 8:49 AM Anothernonymouse said... I am not using a router - I am plugged directly into the cable modem. I have run tdsskiller and all the usual scans, which all say my system is clean, but I still have the redirect virus. Grateful for any suggestions.March 13, 2011 at 1:10 AM Anonymous said... Excellent Site and walk thru. This did the trick!!!March 20, 2011 at 3:22 PM Anonymous said... It works. I just did the TDSSKiller thing and it worked. Thanks a lot!March 27, 2011 at 3:16 AM Renata said... Thank you very much.April 1, 2011 at 7:47 PM Anonymous said... Thank yooooo! It worked!April 2, 2011 at 4:26 PM Anonymous said... Awesome instructions. Very easy to follow. Thank you!April 9, 2011 at 2:18 PM Anonymous said... my problem is i can't find the hosts file. all i have is hosts.ics and lmhosts. i went to microsoft website which is the link that u gave on instructions 3 and tried the automatic fix it program offered by microsoft and then i restart my computer.. when i check the folder the hosts file is still not there pls help!!!!April 12, 2011 at 4:17 PM Sam said... i can't seem to run tdss killer. i have saved it on the desktop and changed the name as some websites have suggested. I have tried running it in safe mode. it's just not going. is there any other solution?April 25, 2011 at 3:53 AM Anonymous said... This hasn't worked for me.

First off, TDSSKiller didn't find anything.Then when it looked like the virus had been given the boot, it came back.

I'm using Google Chrome, if that matters at all.May 15, 2011 at 3:45 AM Anonymous said... THanks man after 100 other fail "solutions" this one worked first time...and to note im useing mozilla firefox and it cleaned it right up. I think combofix was the key for mine. Thanks again.May 19, 2011 at 4:48 PM Nguyen Nguyen said... I downloaded the TDSSkiller.zip and ran it, but nothing found in my computer, and the virus still remains in my computer. I don't know why. I follow all your steps. Please give me some advice.ThanksMay 25, 2011 at 5:52 AM Anonymous said... Dude. You. Rock.June 6, 2011 at 11:45 PM Anonymous said... God bless you!!! I have been fighting for almost a week and couldn't find a solution but this finally worked! Thank you! I'm not a very tech savvy person but your directions made it simple and it worked. Thank you so much.June 7, 2011 at 11:41 PM Anonymous said... i cant thank you enough!!!June 12, 2011 at 8:19 PM Kirby said... Thankyou for this clear outline.TDSSkiller worked for me, to polish off the culprit.

Previously, my Emsisoft Anti-Malware free version picked up a couple of trojans, but didn't fix the google problem (I use Mozilla Firefox)I also use AVG as my main scanner for links and the like. Was recommended the other one, because as has been mentioned before, sometimes one will pick up what another doesn't.

One thing I discovered - I needed an up-to-date version of Java to make Emsisoft complete the trojan clean up. But yes, the TDSSkiller did the trick for me, and I've made a fresh system restore point, so hopefully all will now be good. :)June 17, 2011 at 8:32 PM Anonymous said... Great article! Combofix did it for me. I want to just mention to the readers that the same redirect virus can effect computers in different ways. What works for one does not necessarily mean the same process will work for another. This aretle lays it out nicely and should be followed in the order presented. Good luck to all.June 18, 2011 at 5:47 AM Anonymous said... Help! My computer will not let me install combofix or Tdsskiller.

What do I do next?

ThanksJune 22, 2011 at 7:56 PM Anonymous said... 20110622Ran the TDSSKiller and it seemed to workTHe virus was redirecting any searches on Google or Wikipedia=Tries to save the Local Host as per instruction but wasn't successful.=This all started by clicking ona fake Vista virus warning=Any way, problem solved.Many thx.June 23, 2011 at 12:16 AM Anonymous said... YAY! IT WORKED! Thanks so much. I was getting really annoyed by this virus.

If I hear anyone complaining about the same problems, I'll be sure to link them here. :)June 23, 2011 at 12:00 PM ShahM said... Thanks..a lot..it worked for me..combofix did the trick..great toolJune 29, 2011 at 11:27 AM Anonymous said... We tried every recommendation...these clean concise directions finally removed the malware and prevented a $400 tech support fee. Thank you very much!June 30, 2011 at 4:13 PM Anonymous said... i have this problem but i have it on windows 7 not xpJuly 8, 2011 at 2:43 PM Anonymous said... To All:

Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgThis Malware program Seems to have taken the virus out. This is what was found in the register and deleted.

Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Thanks to all whom posted.July 9, 2011 at 12:45 PM Anonymous said... please post a version for Windows 7, i cant get past part 3 with this versionJuly 10, 2011 at 9:52 PM Anonymous said... Yesterday, I searched Hydraulic in the address line and my computer was redirected to Gateway. my search engine is Google. I am going to try this solution tonight. Is this invasive to the degree that it can capture all my passwords and login to my financial accounts?July 11, 2011 at 7:36 AM Anonymous said... I love you, that is all.July 27, 2011 at 12:36 PM Anonymous said... Worked great - I just had the stupid pluginJuly 27, 2011 at 12:45 PM Anonymous said... Hi! I am a computer engineer. I got infected after running a supposed-to-be patch (he, he). It even looked suspicious and, instead of testing it in a sandbox first, I just run it and got a redirect virus. This is what happens when we stopped following the good practices). I'd like to tell that after using ComboFix my computer would only boot from the "Last known configuration that worked". Then Combofix would show some reports. This allows ComboFix to finish its job. To have the computer to boot normally again:1. Make sure ComboFix has shown its final report (ComboFix.txt in the active partition).2. The active partition also shows another report called TDSSKiller.2.5.13.0_dd.mm.yyyy_hh.mm.ss_log.txt3. Run msconfig.4. Choose the General tab.5. Choose "Normal startup".6. Restart the computer.August 4, 2011 at 7:09 AM Silvana Santos said... Fiz todos os procedimentos TDSSKILLER e COMBOFIX.A minha dvida que aps obter o relatrio do COMBOFIX, qual site poderia me ajudar a respeito.Quando executei o COMBOFIX no tinha a opo salvar, onde o localizo para colocar atalho no desktop? Qual a imagem do atalho?August 6, 2011 at 3:43 PM Xzavier said... Guys here is the removal for the redirect virus. You need to check your Host file and lmHost file. You will see THOUSANDS of domain entries in their. Next open the registry and go to these 2 hives. HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains delete everything except microsoft.com. Also go to the Key P3P 2 folders up and delete the history. You will see THOUSANDS of entries! If you can replace the entire KEY on both Hives!!!August 8, 2011 at 8:30 PM Anonymous said... I can't save the hosts file :( help!!!August 17, 2011 at 9:05 PM Anonymous said... THANK YOU, this solved my problem with google redirect! i especially appreciate the super clear directions, i wish all instructions for Windows machines were this straightforward.

- saraAugust 18, 2011 at 12:03 PM Anonymous said... Thank you very much. Not only did this fix my issues but it was extremely thorough with helping me solve other issues on my computer.August 19, 2011 at 10:25 PM Anonymous said... I just wanted to ask you guys that if combofix runs safely. I read somewhere that it shuld only be used by experts and im not much of an expert. Does it delete saved data or personal folers..etc. I am running windows hom edition 64-bit and I have been struggling with this problem for a loongggg time. I followed every step until step 6 which is the part with combofix. Ive used every other anti-malware program like malwarebytes etc. I also wanted to know what exactly happns when you reset your modem. I have a bell modem with a wep key and I read online somehwere that once you reset ur modem, ur password or key might be gone....... NEED ANSWERS PLEASE!!!!!!!!

1 MORE THING....when you flush ur computer's dns, there are no files or anything that get deleted right?

I WANT TO RUN COMBOFIX BUT DONT KNOW IF IT IS A SAFE OR GOOD CHOICE FOR MY COMPUER BECAUSE IM NOT LOOKING TO SPEND MONEY TO FIX IT.August 29, 2011 at 7:43 AM Anonymous said... In order to save the host file changes, I had to run notepad as an administrator. This was the only way it worked. I right-clicked on it, chose "run as administrator," and then made my changes.August 29, 2011 at 11:39 AM Anonymous said... YES THIS WORKED! I got the redirect from a FireFox add-on I can remember the day but not the file !! In fact I was shopping around for free virus scanners - and clicked on a fake downloader for Panda - never do this! Trust verified sites only!!!September 5, 2011 at 10:57 AM Anonymous said... I got the redirect virus in both Firefox and Explorer when using both Bing.com and google.com. Firefox is my default internet browser so I was under the impression that it's better than Explorer but I was wrong. The worse part is I got the virus after owning a brand new laptop with 15 month subscription from Mcafee, which did not detect this virus. Anyway, the virus was removed using malwaresbytes but I followed the instructions in this page just to be sure. For over 24 hours, the virus seem to be gone. But I will keep scanning to be sure. I backup the system files and everything the first day of owning this laptop so the full recovery should not be of too much headache.September 6, 2011 at 3:43 PM Anonymous said... I've done everything you said - LAN settings checked; DNS settings are not changed; Windows HOSTS file checked and changed; no any mozilla add-ons; downloaded tdsskiller nothing was found; scanned my computer with my anti-virus software - webroot and Malwarebytes'; run CCleaner; and reset my router..... AND, I still have the same problem!!! Please help!!! :(September 11, 2011 at 11:45 AM Anonymous said... Wooow!! Thank you very much! ComboFix did the job. Thank you for this perfect tutorial!September 16, 2011 at 8:14 AM Anonymous said... ComboFix got it for me also. Hitman didn't which saddens me and neither did Malwarebytes. Thanks guys!September 26, 2011 at 6:52 PM Anonymous said... really appreciate ur help, man!!October 1, 2011 at 8:57 PM Anonymous said... Thanh you. With ComboFix works.Now i can see Youtube.October 15, 2011 at 11:48 AM Anonymous said... Had the redirect problem but no antivir program would properly clean it. Also noticed a "numbers:numbers.exe" process I couldn't kill, IExplore.exe processes I never started, and a TVNserver.exe process that would automatically restart if I killed it. I disabled System Restore, rebooted in Safe Mode (F8), then used the Search function to delete anything named TVNserver or IExplore. I then ran RegEdit and deleted all entries with those names in them. Rebooted and all is well now.October 17, 2011 at 9:53 AM Admin said... numbers:numbers.exe this is a typical process related to the ZeroAccess rootkit. TDSSKiller should be able to remove it. If your are using 32-bit system, you can use ZeroAccess removal tool:

http://deletemalware.blogspot.com/2011/09/zeroaccesssirefefmax-rootkit-removal.htmlOctober 17, 2011 at 11:18 AM Anonymous said... Thanks very much for this extremely easy to follow step by step instructions on how to troubleshoot this problem.

All too often there's lousy help for stuff like this. But this was easy-peasy, livin greasy!October 19, 2011 at 3:48 PM Anonymous said... By JohnEThanks for the article.I have the problem but typing in the wesite address rather than clicking a link or just deleting and going in again was a work around for me, but it is getting worse.I wondered if the instructions at top take into account the comments made, lots of different descriptions (off the same proplem?)How can one block a reinfection of this kind of attack?How could I monitor (seprate screen?) and counter attacks as they happen?RegardsOctober 22, 2011 at 5:12 AM Admin said... It's a very widespread infection, no wonder there are lots of different description of the same problem. The only way to keep your computer virus free is to use a solid antivirus product.October 22, 2011 at 6:01 AM Anonymous said... I had tried TDSSKiller, Hitman Pro, Malware Bytes, ComboFix, SUPER, to no avail. I even learned to live with the virus and remember to double-click a Google search result instead of clicking it once.

Then after a few weeks I downloaded ComboFix again, and saw this time it had been recently updated. Ran it, and it deleted the virus.October 22, 2011 at 6:43 AM intrepiddevildog said... Remove or stop 63.209.69.107 Redirect

I went into "tools" then "manage Extentions"(after updating to IE9 and down loading microsoft securuty essentials (at microsoft totally free,) http://www.microsoft.com/en-us/security_essentials/default.aspx

I found " SXNewVoice Module" I then disabled it. Then closed all tabs the reopened it. Now things are searching OK. It has only been a few hours but good so far. Death to malware producers!!!

Name: SXNewVoice ModulePublisher: (Not verified) Sony CorporationType: Browser Helper ObjectVersion: 1.0.2.11210File date: Date last accessed: Today, October 23, 2011, 3 minutes agoClass ID: {1024CB52-DFE7-460E-B781-46C4705DC81D}Use count: 178Block count: 0File: TCPIPSys32.dllFolder: C:\Users\MYNAMEDELETED\AppData\LocalOctober 22, 2011 at 11:10 PM intrepiddevildog said... By the way I also did all the things in the article. Very easy to folllow. Thank you for your efforts.October 22, 2011 at 11:12 PM Anonymous said... Aaahhh!!! You guys helped me get rid of the xp antimalware hoax AND this redirect thing! You people freaking rock!!!December 7, 2011 at 7:28 AM Anonymous said... i have tried most of the step but TDSSkiller wont work. i have a feeling that it will. i downloaded it and it scanned my computer. it found 17 threats, when i try to delete them i have to reboot my computer. when i do i get this blue screen crash. and when i scan again the same 17 threats are found but i cant remove them! please helpDecember 13, 2011 at 6:42 PM Anonymous said... Um, I have two internet protocols,Version 4 and Version 6...which one do I choose?December 23, 2011 at 12:11 PM Admin said... Choose 4.December 23, 2011 at 12:41 PM Anonymous said... Man, you saved my day! many thanks for your post!December 28, 2011 at 10:19 AM Anonymous said... This one worked. I have been searching for 2 weeks for something that was easy to do. Excellent !!!December 31, 2011 at 4:47 PM Anonymous said... Thanks..Thanks...Thanks....:)January 2, 2012 at 11:11 PM gurero said... great info, works for me..thanks a lot ^^January 6, 2012 at 1:51 AM Anonymous said... I don't have that 127.0.0.1 line so I removed nothing O_O. Anyways I haven't completed all the steps yet but I hope it still works :DJanuary 7, 2012 at 4:44 PM Anonymous said... Hello,First of all: thank you!An excellent guide in order to remove this virusand ..indeed..it works.January 9, 2012 at 8:52 AM Anonymous said... Thanks!Worked for me too. I used malwarebytes.January 14, 2012 at 12:36 PM Anonymous said... Thanks a lot.It worked for me.You are the man. Keep up the good work.

Thanks again.January 17, 2012 at 8:27 PM Anonymous said... Hello. So I have this redirect virus I think. The main thing with my firefox is that when I get redirected if I go back to the google search right under the link I clicked on there is something that says "block all results from..." and it is either numbers or bizzclick,com when i click on that than google takes me to gmail log in, after which i click backwards to the google search and it does not redirect me no more. But I need to do that on every search so I do not get redirected and also sometimes it does not want to take me back to the list of the search results so I can block this. After I got tired of doing this I decided to clean it I checked everything you said LAN and DNS settings and the windows hosts files, also checked on my firefox add ons and deleted some i found not familiar, I have northon antivirus program so I could not danload the spyware doctor, instead i scanned with malwarebytes antimalware, spybot s&d, tdsskiller, something simular that i found on another website, i forgot the name of it and i am not at home to check what it was, and also ccleaner, i also ran the tdsskiller and ccleaner and the malwarebytes antimalware in safe mode. When I was running them in safe mode tdsskiller detected some infections and cured them i think, than the spybot s&d I scanned with in normal mode and it found some stuff that it deleted. After which it was weird because I did a search on google and it did not redirect me on all searches but it still redirected me on some of them. So I do not know what else to do if you have any suggestions it will be awesome. I would like to add that I am not really good about computers I usually just ask google what to do and now it has been very hard to ask anything there :D I think the main problem i have is the blzzclick website but i did not find anything that says how to get rid of it except one that tells me to mess with the win32 system files and i am not really sure i should do that when i am not that good with computers any help would be great Thank youJanuary 21, 2012 at 2:12 AM Anonymous said... I have a question. I have done this 3 times with no success, had the IT guy out twice and it always looks like it is gone but never is! It went away for about 3 hours then back?January 26, 2012 at 4:29 PM KeefBeef said... Thanks for this process.

I originally came across this problem as my Adwords Editor was not reaching Google.com for updates.

I worked through it step by step. My HOSTS file had been modified to redirect google, bing and yahoo to the IIS7 site.

I also ran Malwarebytes which took 5 hours and found nothing.

I then ran Combofix which found a rootkit called ZeroAccess and fixed it within 30 minutes.

ThanksJanuary 30, 2012 at 9:54 AM Slickinator said... combofix has never demanded money ever its one of the bestFebruary 4, 2012 at 7:08 PM Edoardo said... The true working solution is using TSSKiller.After having removed all what the program found you'll probably have to fix the Master boot record.For doing this you have to use the Recovery Console by the original windows DVD: load the disc and type 'R', after this select your Windows installation directory and type 'fixmbr' (without '). That's all.February 12, 2012 at 2:48 PM Anonymous said... You are a live savior. Was having the problem for 2 days, finally hit upon this post. Thanks a lot!!February 13, 2012 at 3:03 PM Anonymous said... ok so, i ran the TDSSKiller tool, and abnow.com is still there when I search something..March 3, 2012 at 3:40 PM William G said... I Have been having issues with redirects and 404 Not Found nginx. All the research I found pointed to residuals from a virus I had removed. Well I must say I finely found a cure. I ended up doing two things and am not sure if it was one or both. I went to MS and followed their steps for the host file in this location. C:\WINDOWS\system32\drivers\etc. Then down loaded MalwareBytes Anti-malware a free version from C/net. Which ever one did it I am now able to click links on my browser and not get redirected and am able to look up in Google. I am happy now.March 7, 2012 at 1:10 AM Anonymous said... it really worked... blody abnow removed using TDSSKILLER TOOL.. GREAT JOB.. THANKSMarch 7, 2012 at 6:27 AM Clay said... Worked like a charm! Excellent site with good free information- thank you! The problem was with Windows Host file (step 3. This particular bug also hides the file so you have to change file settings by clicking on Tools>Folder Options>View>Show Hidden Files and then you can use Windows Notepad to edit the file so it only contains the single command line "127.0.0.1 localhost" as stated in the instructions above (step 3).March 7, 2012 at 1:33 PM Anonymous said... Finally I solved the problem

Thanks a lot You are the best

DavidMarch 15, 2012 at 4:20 AM Buck said... THANK YOU TDSSKiller!You saved me from having to do a full windows restore on my computer!March 16, 2012 at 1:42 PM Anonymous said... I got repeated 404 File Not Found nginx redirects after a multiple Malware attack. I got this after the computer had been scanned and cleaned with AVG, SpyBot Search and Destroy and Malware Bytes. None of the solutions regarding proxy (which is what i thought was still causing it), bad add-ons or host file worked. TDSSKiller finally got the last lingering issue. 404 error is gone. I have heard in the past that Kaspersky was an excellent security program. Maybe I'll have to trade in AVG?March 21, 2012 at 12:10 AM Anonymous said... At long last I have fixed this problem! I have attempted to remove this bug several times now and downloaded half a dozen Malware removing tools, anti-spyware, and virus protection programs that have yielded little progress and no success ...Thank you so much for such a well articulated/presented resolution!March 26, 2012 at 12:08 AM Anonymous said... didnt solve a dang thing :(March 28, 2012 at 7:54 PM ben said... very useful. I clear mime using combofix.

I nearly gave up last night and was ready to re-format and re-install Windows. I did one last search on google and found this article.April 1, 2012 at 1:54 AM Listy said... I can't get passed the first step as it seems to have locked me out of internet options.April 1, 2012 at 8:13 AM Anonymous said... YAY! The TDSSKiller worked! Thank you so much! You are my hero! :)April 2, 2012 at 4:41 PM Anonymous said... Thanks! The TDSS Killer worked perfectly, Now I can surf the web without any issues :D Once again thanks.April 21, 2012 at 3:25 PM Anonymous said... dude..... YOU ARE AWESOMEApril 27, 2012 at 8:54 AM MarieSelje said... it didnt work i have 2 : TCP/IPv4 and TCP/IPv6 which one to remove?

and i cant remove anything on hosts: # localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhostwhat do i do?May 8, 2012 at 2:04 AM Jazz said... After 2 months of this virus, this site has help me get rid of the virus finally!!! Thank you so much for your help!May 12, 2012 at 3:14 PM Anonymous said... Nothing else, but the TDSSkiller helped me to get rid of this rootkit. ACPI.sys was infected. I had found this site by the keywords of my PC behavior. Thank You!May 31, 2012 at 12:09 AM Anonymous said... I finally found something that removed the redirect virus on my pc. I just got this viruns within the last 30 days. I have a Norton account and went there to see what they had to clean this up. I downloaded their Power Eraser software and ran it. It found a file titled dqzev.dll in my c:\users\[user]\appdata\local\ folder. The software removed the file and rebooted my pc. I no longer am redirected when I click on a link in search results.June 26, 2012 at 8:23 AM Anonymous said... Thanks to this post and the anon above me! I had to use combofix, tdsskiller, malwarebytes,spyware doctor, and superantispyware. Afterwards it started to redirect less but sometimes it would still redirect. So reading through all the comments, I tried the Power Eraser. I was already feeling hopeless but it worked! Already a few hours pass and no problems. Later I will have to find a better way to protect my computer. Thank you so much for this blog! (excuse me if I sent this twice)July 18, 2012 at 1:24 PM Anonymous said... How do i delete "suspicious" add-ons? Will only allow me to disable them..July 21, 2012 at 10:36 PM Anonymous said... Also: My windows xp came on my computer. I do not have any discs, and some of these anti-virus programs want me to insert a disc when running them. How do i do this?THANK YOU SO MUCH FOR YOUR WONDERFUL, INSTRUCTIONS AND INFO IN LAYMAN TERMS! EASY TO UNDERSTAND WITH YOUR STEP BY STEP INSTRUCTIONS!!July 21, 2012 at 10:43 PM Anonymous said... Spywaredoctor ran the scan or should I say scaM- reported I had 83 threats and then kept REDIRECTING me to "register" which means PAY for their FREE download before they would remove all these anti-virus"threats".July 22, 2012 at 3:10 AM Anonymous said... Worked perfect! good manual!!August 7, 2012 at 3:55 AM Anonymous said... Combofix worked...September 2, 2012 at 6:34 AM Anonymous said... Wow. Great article. it worked!September 10, 2012 at 8:34 AM Guy said... Great info - best I've found.

RE step 4: Specifically check in Firefox for addon "Performance Cache 1.0" By Identity Ltd. This apparently was the infection on my machine.

Also, Symantec has FixTDSS.exe tool. Some online sources say that FixTDSS.exe may work in cases where TDSSKiller.exe does not.

Good luck.September 10, 2012 at 9:11 AM Anonymous said... I had been looking everywhere for a solution to this redirect problem. I did everything you could think of and finding your page was the only solution that worked for me. The PC Tools Spyware Doctor found it right away, when no other program listed did. Its worth the 30 bucks you have to pay...THANK YOU SO MUCHSeptember 22, 2012 at 9:09 PM Lorraine said... Do I need to back up anything on my computer before doing any of this?September 23, 2012 at 7:53 PM Anonymous said... I believe I've got this virus, but it does not always redirect me, but only sometimes. Is it possible?October 19, 2012 at 9:19 AM Anonymous said... I also had a strange dll that had nothing to do with windows "fontdmin.dll" delete that as a final step, it should be in "C:/windows/system32" somewhere, it might be hidden and protected too so a restart might be necessaryNovember 8, 2012 at 8:35 PM Anonymous said... Nov. 15,2012 - maybe I had the latest version, but I tried everything to get rid of this - auto, manual, you name it(McAfee couldn't find it, Malware couldnt' find it, TDSS killer couldn't find it) - checking manual settings found nothing out of the ordinary - onlything that worked was combofix.November 15, 2012 at 2:57 PM Anonymous said... I also wanted to add, a way around the virus is to right-click and open your search result in a new tab - the first time you do this the virus still pops open a new window with it's modified result - close that, then right click again and open in a new tab and this time your result will open and as long as you leave that window open, right clicking and open in a new tab will work.November 15, 2012 at 2:59 PM Anonymous said... I can't get rid of my Google redirect, I can't download any antivirus software that has a chance at finding rootkits and the Google redirect virus, even after renaming them. It makes me feel as if the virus is protecting itself.December 5, 2012 at 3:01 PM BT said... Comnbofix worked for me.

TDSSKiller did not solve the problem. CC cleaner did not solve itAVG anti-virus did not solve it

combofix DID solve it for me.

Thank you. December 17, 2012 at 11:02 AM Anonymous said... I have this insidious virus (Windows 7) and cannot get rid of it. My hosts file has a second line (":: local host"), but when I delete that line I'm unable to save it. I'm told I don't have permission to save it in that location. So I went to the Microsoft support link and it says that the 2nd line SHOULD be there!?! I've done Malwarebytes, which found & quarentined 2 problems - Hijack.ExeFile & Exploit.Drop.9. I've done ccleaner & TDSS Killer. If I go back to factory settings (saved on disk after purchase), will this get rid of the beast? PS. Two other computers use the same router and they are not infected.February 2, 2013 at 5:14 PM Anonymous said... Thanks the instructions seem to be working, will see in a day or two if this is the final solution.March 23, 2013 at 2:18 PM Anonymous said... My "hosts" file has two lines, but I can't provide administrator permission to save the file - which strikes me as weird because I am the administrator.

My specific problem is being redirected to "start.sweetpacks.com" - I've run SpyHunter 4 and it picks up a bunch of malware, but I have to buy the full version to remove it. Is there a specific program that will remove sweetpacks?April 17, 2013 at 11:51 AM Anonymous said... THANK YOU SOOOOO MUCH :D i love you


4 BSL-4...Omsk hemorrhagic fever virus Peste-des-pettiis ruminant virus Powassan virus Puumala virus Rabies virus Rift Valley fever virus Rinderpest virus Saaremaa virus SARS coronavirus

4 BSL-4...Omsk hemorrhagic fever virus Peste-des-pettiis ruminant virus Powassan virus Puumala virus Rabies virus Rift Valley fever virus Rinderpest virus Saaremaa virus SARS coronavirus

Documents
Virus, AULA DE VIRUS

Virus, AULA DE VIRUS

Health & Medicine
Virus (TGEV)—Porcine Epidemic Diarrhea Virus (PEDV) Virus

Virus (TGEV)—Porcine Epidemic Diarrhea Virus (PEDV) Virus

Documents
Virus And Anti Virus

Virus And Anti Virus

Education
wayne · Google PEARSON Google Google Google Google Google Google Google Google Google Wayne

wayne · Google PEARSON Google Google Google Google Google Google Google Google Google Wayne

Documents
Virus de ácido ribonucleico (ARN) y coronavirus en Google

Virus de ácido ribonucleico (ARN) y coronavirus en Google

Documents
How to Remove Google Redirect Virus

How to Remove Google Redirect Virus

Documents
Google OK GoogleOK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google,17:21 4G Google

Google OK GoogleOK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google, OK Google,17:21 4G Google

Documents
Virus & virus like organisms

Virus & virus like organisms

Health & Medicine
COMPUTER VIRUS. 2 Introduction of Virus Len Adleman – Give the name “Virus” Definition Two types of Virus : Computer Virus Mobile Virus

COMPUTER VIRUS. 2 Introduction of Virus Len Adleman – Give the name “Virus” Definition Two types of Virus : Computer Virus Mobile Virus

Documents
Brevetto CA2741523A1 - Human Ebola Virus Species and Compositions and Methods Thereof - Google Brevetti

Brevetto CA2741523A1 - Human Ebola Virus Species and Compositions and Methods Thereof - Google Brevetti

Documents
VIRUS - Anna High Science Den - Homeahscoyotescience.weebly.com/.../8107803/virus_fib_notes.doc · Web viewRNA Helical Virus Spherical Virus Polyhedral Virus Binal Virus Filovirus

VIRUS - Anna High Science Den - Homeahscoyotescience.weebly.com/.../8107803/virus_fib_notes.doc · Web viewRNA Helical Virus Spherical Virus Polyhedral Virus Binal Virus Filovirus

Documents
Viruses Chapter 19 HIV virus Ebola virus H1N1 flu virus T4 bacteriophage Smallpox virus

Viruses Chapter 19 HIV virus Ebola virus H1N1 flu virus T4 bacteriophage Smallpox virus

Documents
Virus virus%20 ukhwah

Virus virus%20 ukhwah

Documents
Virus Anti Virus Hacker

Virus Anti Virus Hacker

Documents
Manuela Bedoya Giraldo 11-B 11-B. protocolos. Hackers. Crackers. Google chrome. Virus informático. antivirus informático. Publicidad informática

Manuela Bedoya Giraldo 11-B 11-B. protocolos. Hackers. Crackers. Google chrome. Virus informático. antivirus informático. Publicidad informática

Documents
keamanan virus komputer & Firewallhanape.staff.gunadarma.ac.id/.../Keamanan+Virus+Komputer.pdfKEAMANAN VIRUS KOMPUTER & FIREWALL HANA PERTIWI dunia cyber. 1980, mulailah dikenal virus-virus

keamanan virus komputer & Firewallhanape.staff.gunadarma.ac.id/.../Keamanan+Virus+Komputer.pdfKEAMANAN VIRUS KOMPUTER & FIREWALL HANA PERTIWI dunia cyber. 1980, mulailah dikenal virus-virus

Documents
Virus y anti virus

Virus y anti virus

Documents
Virus Virus

Virus Virus

Documents
Virus Unit:Build a Virus

Virus Unit:Build a Virus

Documents
Virus and Anti-Virus

Virus and Anti-Virus

Documents
06. VIRUS, VIROIDES Y PRIONESdepa.fquim.unam.mx/.../T-Presentaciones/Tema06/T-06-Virus-192.pdf · Virus auxiliar Virus satélite Virus auxiliar VIRUS SATÉLITES Estos virus también

06. VIRUS, VIROIDES Y PRIONESdepa.fquim.unam.mx/.../T-Presentaciones/Tema06/T-06-Virus-192.pdf · Virus auxiliar Virus satélite Virus auxiliar VIRUS SATÉLITES Estos virus también

Documents
Virus and malware prevention and removal · 2016-07-20 · VIRUS AND MALWARE PREVENTION AND REMOVAL BY KYLE GRIFFIN NETWORK ADMINISTRATOR NINESTAR CONNECT. ... Mozilla Firefox Google

Virus and malware prevention and removal · 2016-07-20 · VIRUS AND MALWARE PREVENTION AND REMOVAL BY KYLE GRIFFIN NETWORK ADMINISTRATOR NINESTAR CONNECT. ... Mozilla Firefox Google

Documents
Ribonucleic acid (RNA) virus and coronavirus in Google

Ribonucleic acid (RNA) virus and coronavirus in Google

Documents
1.Google is 1.Virus Programme 2.Search Engine 3.Website 4.Hardware

1.Google is 1.Virus Programme 2.Search Engine 3.Website 4.Hardware

Documents
Land Malaria West-Nil-Virus Chikungunya-Virus Zika-Virus ...€¦ · Land Malaria West-Nil-Virus Chikungunya-Virus Zika-Virus Dengue-Virus Sperrdauer: 6 Monate Sperrdauer: 4 Wochen

Land Malaria West-Nil-Virus Chikungunya-Virus Zika-Virus ...€¦ · Land Malaria West-Nil-Virus Chikungunya-Virus Zika-Virus Dengue-Virus Sperrdauer: 6 Monate Sperrdauer: 4 Wochen

Documents
Virus dan anti virus

Virus dan anti virus

Healthcare
Presentacion virus alexx-virus

Presentacion virus alexx-virus

Education
Basmi Virus Win32oyoborus (Virus Google)

Basmi Virus Win32oyoborus (Virus Google)

Documents
crossm - Clinical Microbiology Reviews · disease virus (KFDV),Langat virus,Louping ill virus (LIV),Meaban virus,Omsk hemorrhagic fever virus (OHFV), Powassan virus (POWV), Royal

crossm - Clinical Microbiology Reviews · disease virus (KFDV),Langat virus,Louping ill virus (LIV),Meaban virus,Omsk hemorrhagic fever virus (OHFV), Powassan virus (POWV), Royal

Documents