How to fix Google Redirect Virus (browser hijacker) problem | JamiiForums | The Home of Great Thinkers

Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

How to fix Google Redirect Virus (browser hijacker) problem

Discussion in 'Tech, Gadgets & Science Forum' started by MziziMkavu, May 8, 2012.

  1. MziziMkavu

    MziziMkavu JF-Expert Member

    May 8, 2012
    Joined: Feb 3, 2009
    Messages: 39,620
    Likes Received: 4,613
    Trophy Points: 280
    Google redirect virus is a browser hijacker targeting google and other search engine search results and redirecting user to infected pages. These pages can be porn–related or full of advertising banners that make creators of this

    parasite money. Also, these pages might force you to pay something or give away your bank account details. Thus Google redirect virus is quite dangerous.

    There are couple different streaks of Google Redirect viruses, and some of them might require heavy scanning with reputable Anti-malware solution like NOD32 Antivirus, Kaspersky, Spyware Doctor, Malwarebytes. Sometimes Google results Redirect virus even blocks reputable sites and it is tough to download automatic software. However, there are couple easy steps to solve less complex problems.

    Note, that before trying to fix other things, you are suggested to scan and check if anti-malware programs can identify more precise reason of Google redirect hijacker. We recommend
    Malwarebytes ,Spyware Doctor, Super Antispyware, Hitman Pro for this task. You should always scan after performing all these steps as well, as doing anti-rootkit scan might reveal trojans that were hidden due to other infections. In some cases, rootkits will be detected and removed by anti-malware programs.

    Steps 1-6 deals with regular hijacking of search results that are due to malicious settings or plugins. Steps 7 and above deal with malware infections that result in Google redirect virus symptoms and are more difficult to detect and fix. However, If any of antivirus programs are stopped from execution this means malware infection and you will have to scan your PC with anti-virus and anti-malware programs.

    Step 1. Check your hosts file for malicious entries.
    Hosts file resides on C:\Windows\System32\Drivers\etc\hosts
    Where Windows is your windows installation directory. On windows 7/vista, you should open your hosts file with administrative privileges. Google Redirect virus symptoms might be result of malware adding malicious entries to this file and are removed easily as well.

    Hosts file should look like this: (open the file with Notepad)
    If you see more lines of code and IPs, you should delete these, especially if they rewrite google or Microsoft subdomains. This is a sign, that you either had or have infection on your PC, as this file can not be accessed remotely usually.

    Step 2. Check DNS (Domain Name Server) settings

    Domain name servers are used to determine what server to access when opening website addresses. Hijacking these settings would allow hijacking various websites including search ones.
    1. Go to Control Panel->Network Connections and select your local network.
    2. Right-click your local network icon and select Properties.

    3. A window will open, then select Internet Protocol (TCP/IP) and click Properties.

    4. You will see a window like the one below – this is the Internet Protocol window. Select “Obtain an IP address automatically” and “Obtain DNS server address automatically”.
    5. Click OK to save changes.

    Step 3. Checking your proxy settings on Internet Explorer
    Proxy server settings can be used to implement Google search result hijacking as well. This is simple to fix too:

    1. Launch your internet explorer.
    2. Tools ->Internet Options, Connections tab. Press LAN Settings
    3. Unselect everything or enter parameters that were given by system administrator.
    4. Press OK.

    Step 4. (Optional) Check your proxy settings on Mozilla Firefox
    1. Launch Mozilla Firefox.
    2. Tools ->Options. Press Advanced and open Network tab. Then, press Settings button.
    3. Select “No proxy” or enter parameters that were given by system administrator.
    4. Press OK.

    Step 5. Check your IE add-ons

    If your browser is hijacked in IE only, check IE browser ad-ons. Note: there are malicious plugins that affect both IE and firefox and result in Google redirects in both of the pages.
    1. Launch your internet explorer.
    2. Tools->Manage Addons
    3. Disable all unverified addons (there might be some useful ones, but better re-install them later).
    Delete all ad-ons that look spammy/unknown

    Step 6. Scan for malicious parasites with spyware/antivirus removers:

    1. Spyware Doctor
    SuperAntispyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
    3. NOD32 free trial

    4. Malwarebytes Malwarebytes : Free anti-malware, anti-virus and spyware removal download
    Step 7. (Optional) Repair Winsock 2 settings with LSPFix

    Download LSPFix

    Step 8. If you are still have search engine redirection, it might be tdss or similar rootkit

    Although step 6 should detect majority of google redirects of that kind, sometimes it is useful to use a more niche tool. TDSS and Zero Access rootkits both cause redirection symptoms in some cases.
    For this specific rootkit a remover can be downloaded from here Together with TDSS, it might be a sign of rivaling, ZeroAccess infection. Both these rootkits require dedicated programs for removal, and might require alternate OS scanners in worst case.

    Step 9. It might be Cycbot infection

    Cycbot is one of the trojans that result in browser redirects.
    Typically, many of antiviruses and anti-malware programs like
    SuperAntispyware detect Cycbot infection successfully. However, you might want to use our manual removal guide for Cycbot to identify and stop infection.
  2. koo

    koo JF-Expert Member

    May 9, 2012
    Joined: Mar 9, 2011
    Messages: 258
    Likes Received: 2
    Trophy Points: 35
  3. j

    jhnjohn New Member

    Oct 14, 2014
    Joined: Mar 26, 2012
    Messages: 3
    Likes Received: 0
    Trophy Points: 0 is one of suspicious domain which uses various tricks to make it install in Windows system. Once it install in your system starts hijack your installed browser and make identity theft. Suggested to remove immediately.