How to fix Google results hijacker (Google redirect) virus problem
Google results hijacker virus is a browser hijacker targeting google search results and redirecting user to infected pages. These pages can be porn–related or full of advertising banners that make creators of this parasite money. Also, these pages might force you to pay something or give away your bank account details. Thus Google redirect virus is quite dangerous.
There are couple different streaks of Google hijacker viruses, and some of them might require heavy scanning with reputable Anti-malware solution like NOD32 Antivirus, Spyware Doctor, Malwarebytes anti-Malware. Sometimes Google results redirect virus even blocks reputable sites. However, there are couple easy steps to solve less complex problems.
Step 1. Check your hosts file for malicious entries.
Hosts file resides on C:\Windows\System32\Drivers\etc\hosts
Where Windows is your windows installation directory. On windows 7/vista, you should open your hosts file with administrative privileges.
Hosts file should look like this: (open the file with Notepad)
If you see more lines of code and IPs, you should delete these, especially if they rewrite google or Microsoft subdomains.
Step 2. Checking your proxy settings on Internet Explorer
1. Launch your internet explorer.
2. Tools ->Internet Options, Connections tab. Press LAN Settings
3. Unselect everything or enter parameters that were given by system administrator.
4. Press OK.
Step 3. (Optional) Check your proxy settings on Mozilla Firefox
1. Launch Mozilla Firefox.
2. Tools ->Options. Press Advanced and open Network tab. Then, press Settings button.
3. Select “No proxy” or enter parameters that were given by system administrator.
4. Press OK.
Step 4. Check your IE add-ons
If your browser is hijacked in IE only, check IE browser ad-ons.
1. Launch your internet explorer.
2. Tools->Manage Addons
3. Disable all unverified addons (there might be some useful ones, but better re-install them later).
Delete all ad-ons that look spammy/unknown
Step 5. Scan for malicious parasites with spyware/antivirus removers:
1. Spyware Doctor
2. Malwarebytes Anti-Malware
3. NOD32 free trial
Step 6. (Optional) Repair Winsock 2 settings with LSPFix
Download LSPFix
I am getting google redirects. Spyware Doctor and MbA-M caught nothing
I tried to my hosts file, but it would not open in notepad.
Also, your sample is 1k and mine is 289k. Is that excessive. Also, I have a hosts.20090204-121117.backup file Sounds suspicious.
thanks for any information.
Typical host list is small! Try replacing it with ours! Or search for google in it and delete all the lines related to that.
Hi
I changed,(after show hidden files), the to read and closed 7 rebooted, returning to hide files again.
From very slow & constant redirects >>> now none & supa fast, as usual. Either in SlimBrowser or IE ;<)
@admin
I can open the file with notepad and see that there are several other lines of crap but how can I change the actual file “hosts” I can save it in etc as a notepad text document but how do I effect the actual file?
Thanks for your help
hosts file is text one. You should be able to change it with notepad. However, on Vista you need to open it with administrator privileges, or you will not be able to save it .
Thank you so much for this, fixed the problem!
Cheers!
MArianne
THANK YOU! I’ve been trying for weeks to get rid of that stupid virus. Now my computer is working normally and I can access Safe mode again.
my etc file isn’t in the drivers folder. Is it hidden?
It might be. What OS you have, Johann?
@admin
Can you explain a little more about vista. Because I have Vista and I delete the extra lines and try to save it but it won’t let me. Please help. Thank you.
Jin: search for notepad and right-click on it. There will be a choice to start as administrator. Then open hosts file.
My notepad looks exactly like the one on here (after I edited it) but this keeps happening. I have tried 4 different softwares so far, it hasn’t fixed it. My last option would be to reset my whole computer. Is there anything else I can do before going to my last option?
Jin : do you edited as administrator? You need to RUN notepad as administrator, or it will not save.
Was getting Facebook logon redirected to Pricegrabber.com…..removed entry below the 127.0.0.1 Local Host entry and all was well again! Well done!
My Host file is not in the folder. I am running XP pro. Can I repelace it with and Host file ?
My hosts file in 374kb large… (lots of lines).
i have the default localhost & 127.0.0.1 entry
And after that I have these comments.
# Start of entries inserted by Spybot – Search & Destroy
……
….& thousands of others….
# End of entries inserted by Spybot – Search & Destroy
I think it’s legitimate, and it’s spybot’s “immunize feature”. I ran spybot search and destry last night and the redirects have gone down significantly, however I spotted one redirect today. Which is annoying.
Karim : Yeah you are correct. However, Spybots immunizer is crap : it focuses on adware sites mostly, some of them even legitimate advertising sites (that pays for free sites you are visiting). I can’t say they fight malware distributors successfully, as these use different tricks.
You should check proxy server that is set in your browser. Maybe there is something fishy ?
@admin
I am having the same problem with the redirects – how to you check th e proxy server?