How to fix Google Redirect Virus (browser hijacker) problem
Google redirect virus is a browser hijacker targeting google and other search engine search results and redirecting user to infected pages. These pages can be porn–related or full of advertising banners that make creators of this parasite money. Also, these pages might force you to pay something or give away your bank account details. Thus Google redirect virus is quite dangerous.
There are couple different streaks of Google Redirect viruses, and some of them might need heavy scanning with reputable Anti-malware solution like NOD32 Antivirus, Kaspersky, Malwarebytes. Sometimes Google results Redirect virus even blocks reputable sites and it is tough to download automatic software. However, there are couple easy steps to solve less complex problems.
Note, that before trying to fix other things, you are suggested to scan and check if anti-malware programs can identify more precise reason of Google redirect hijacker. We recommend Spyhunter, Hitman Pro for this task. You should always scan after performing all these steps as well, as doing anti-rootkit scan might reveal trojans that were hidden due to other infections. In some cases, rootkits will be detected and removed by anti-malware programs.
Steps 1-6 deals with regular hijacking of search results that are due to malicious settings or plugins. Steps 7 and above deal with malware infections that result in Google redirect virus symptoms and are more difficult to detect and fix. However, If any of antivirus programs are stopped from execution this means malware infection and you will have to scan your PC with anti-virus and anti-malware programs.
Step 1. Check your hosts file for malicious entries.
Hosts file resides on C:\Windows\System32\Drivers\etc\hosts
Where Windows is your windows installation directory. On windows 7/vista, you should open your hosts file with administrative privileges. Google Redirect virus symptoms might be result of malware adding malicious entries to this file and are removed easily as well.
Hosts file should look like this: (open the file with Notepad)
If you see more lines of code and IPs, you should delete these, especially if they rewrite google or Microsoft subdomains. This is a sign, that you either had or have infection on your PC, as this file can not be accessed remotely usually.
Step 2. Check DNS (Domain Name Server) settings
Domain name servers are used to determine what server to access when opening website addresses. Hijacking these settings would allow hijacking various websites including search ones.
1. Go to Control Panel->Network Connections and select your local network.
2. Right-click your local network icon and select Properties.
3. A window will open, then select Internet Protocol (TCP/IP) and click Properties.
4. You will see a window like the one below – this is the Internet Protocol window. Select “Obtain an IP address automatically” and “Obtain DNS server address automatically”.
5. Click OK to save changes.
Step 3. Checking your proxy settings on Internet Explorer
Proxy server settings can be used to implement Google search result hijacking as well. This is simple to fix too:
1. Launch your internet explorer.
2. Tools ->Internet Options, Connections tab. Press LAN Settings
3. Unselect everything or enter parameters that were given by system administrator.
4. Press OK.
Step 4. (Optional) Check your proxy settings on Mozilla Firefox
1. Launch Mozilla Firefox.
2. Tools ->Options. Press Advanced and open Network tab. Then, press Settings button.
3. Select “No proxy” or enter parameters that were given by system administrator.
4. Press OK.
Step 5. Check your IE add-ons
If your browser is hijacked in IE only, check IE browser ad-ons. Note: there are malicious plugins that affect both IE and firefox and result in Google redirects in both of the pages.
1. Launch your internet explorer.
2. Tools->Manage Addons
3. Disable all unverified addons (there might be some useful ones, but better re-install them later).
Delete all ad-ons that look spammy/unknown
Step 7. (Optional) Repair Winsock 2 settings with LSPFix
Step 8. If you are still have search engine redirection, it might be tdss or similar rootkit
Although step 6 should detect majority of google redirects of that kind, sometimes it is useful to use a more niche tool. TDSS and Zero Access rootkits both cause redirection symptoms in some cases.
For this specific rootkit a remover can be downloaded from here : support.kaspersky.com/downloads/utils/tdsskiller.exe. Together with TDSS, it might be a sign of rivaling, ZeroAccess infection. Both these rootkits require dedicated programs for removal, and might require alternate OS scanners in worst case.
Step 9. It might be Cycbot infection
Cycbot is one of the trojans that result in browser redirects.
Typically, many of antiviruses and anti-malware programs like Spyhunter detect Cycbot infection successfully. However, you might want to use our manual removal guide for Cycbot to identify and stop infection.