I am getting google redirects. Spyware Doctor and MbA-M caught nothing

I tried to my hosts file, but it would not open in notepad.

Also, your sample is 1k and mine is 289k. Is that excessive. Also, I have a hosts.20090204-121117.backup file Sounds suspicious.

thanks for any information.

Typical host list is small! Try replacing it with ours! Or search for google in it and delete all the lines related to that.

Hi

I changed,(after show hidden files), the to read and closed 7 rebooted, returning to hide files again.
From very slow & constant redirects >>> now none & supa fast, as usual. Either in SlimBrowser or IE ;<)

@admin
I can open the file with notepad and see that there are several other lines of crap but how can I change the actual file “hosts” I can save it in etc as a notepad text document but how do I effect the actual file?
Thanks for your help

hosts file is text one. You should be able to change it with notepad. However, on Vista you need to open it with administrator privileges, or you will not be able to save it .

Thank you so much for this, fixed the problem!

Cheers!

MArianne

THANK YOU! I’ve been trying for weeks to get rid of that stupid virus. Now my computer is working normally and I can access Safe mode again.

my etc file isn’t in the drivers folder. Is it hidden?

It might be. What OS you have, Johann?

@admin
Can you explain a little more about vista. Because I have Vista and I delete the extra lines and try to save it but it won’t let me. Please help. Thank you.

Jin: search for notepad and right-click on it. There will be a choice to start as administrator. Then open hosts file.

My notepad looks exactly like the one on here (after I edited it) but this keeps happening. I have tried 4 different softwares so far, it hasn’t fixed it. My last option would be to reset my whole computer. Is there anything else I can do before going to my last option?

Jin : do you edited as administrator? You need to RUN notepad as administrator, or it will not save.

Was getting Facebook logon redirected to Pricegrabber.com…..removed entry below the 127.0.0.1 Local Host entry and all was well again! Well done!

My Host file is not in the folder. I am running XP pro. Can I repelace it with and Host file ?

My hosts file in 374kb large… (lots of lines).

i have the default localhost & 127.0.0.1 entry

And after that I have these comments.

# Start of entries inserted by Spybot – Search & Destroy
……
….& thousands of others….
# End of entries inserted by Spybot – Search & Destroy

I think it’s legitimate, and it’s spybot’s “immunize feature”. I ran spybot search and destry last night and the redirects have gone down significantly, however I spotted one redirect today. Which is annoying.

Karim : Yeah you are correct. However, Spybots immunizer is crap : it focuses on adware sites mostly, some of them even legitimate advertising sites (that pays for free sites you are visiting). I can’t say they fight malware distributors successfully, as these use different tricks.
You should check proxy server that is set in your browser. Maybe there is something fishy ?

@admin

I am having the same problem with the redirects – how to you check th e proxy server?

Thank you very much. Some virus has overidden the host file in my computer. Deleting that solved the problem.
Thank you again.

great stuff thanks!

Hey thanks this helped a lot!

Please help me. This virus has taken over my computer and I cannot do anything. I’m not very good with computers and really need some help to get it off. If anyone can help, please get in touch

holy, my computer is at risk.
i tried all of this but nothing works.
i need a little help here admin.

also this thing is appearing in my screen.
“application cannot be executed.the file wuauclt.exe is infected”

now how can i fixed my computer??

I cannot open “notepad”. The virus doesn’t let me do that!
What should I do?

Anja : Start task manager and try creating new process. Type in notepad (you might need to enter full path to notepad application).

I am dumping all my pictures and other stuff into another drive and buying windows 7 will I still have these antispyware soft issues? I also may reimage the XP OS back onto the original hard drive after moving most things to another drive. This antivirusspyware soft thing locks me out of control panel program list and add/remove programs.

The virus doesn’t appear to be too severe, as it only affects my search engines; however, I would like to fix it. Nothing significant was caught when I ran Norton so I tried looking at the host list. The only line after
# 127.0.0.1 localhost is

# ::1 localhost
10.254.254.253 AFS

Should that be deleted? And how do I open it with “administrator privileges”? I am trying to avoid downloading more anti-spyware and anti-virus programs. Is there anything else I can do?

Anna : these lines look harmless for me. Check your DNS settings and proxy. If it fails, you might resort to scanning with anti-malware/antivirus tools

I have a friend w/a Dell PC (unsure of model). She (or tech support) acciedentally downloaded Live Security Suite, and now we can’t get anything to work right. How do I remove LSS w/o wiping out the system, or her taking it and spending her life savings on getting it fixed or a new computer?

i m currently doing everything also ran spyware doctor but my browser ie8 keeps shutting down within one minute of launch. how do i fix this? of course i have the google search results redirection problem as well. can this be fixed atall?

I also have an Everex Stepnote Laptop that is very slow no matter what we do, and almost every time it is left alone, the screen saver “freezes,” and nothing works except to shut it down by the power button. Any suggestions?

Rayan : check plugins first, disable everything you do not need. If this does not help, you have trojan process already, and need to get some scanner. Download them on uninfected PC and move using usb flash drive or network share.

Chris : its more like it is hardware/driver issue than virus.. But a scan with malwarebytes/spyware doctor would not hurt

Thanks! finally got this bloody redirect off my computer, I’ve been using bing for almost a year!

Thanks again!

… My Host File doesn’t have hardly any of the things in the ex:picture… ALL it has are things that the step says i should delete,,, it has google in the file and bing… With i.p’s

x64-Vista:
Delete these lines mentioning google and bing in hosts file – these are fakes. Typical good hosts file should be empty with some exceptions.

I’ll try that if it works thank you soo much… im not good with computerz

Umm there is no option to run as admin and it wont let me save? Help plz

@admin
Do you need to reboot after removing the lines from the hosts file?

What worked for me was to disable all of the unverified add-ons in IE. Thanks!

When i try to change the Hosts File it wont let me i even ran Notepad as admin…

x64-Vista Search for notepad in program list and righ click on it. Tehere will be an option to run it as administrator. Then open hosts with it.

Hi: Try launching task manager and stopping strangely named processes first. Maybe your virus is observing hosts file. You might try to modify it in safe mode as well.

Hello,
My problem is the google redirect virus.
I have xp I found the host file mine is 400kb is that normal? I see a loot of google files is it safe to just delete these and will they come back?

After i delete the google stuff do i reboot or what?

so ive read through alot of this. my hosts file looks nothing like that and it has only yahoo and google urls and no localhost one so i tried to delete them and put that in but it says unable to find. its not saved as a txt document and it wont let me change it and when i open notepad as admin the hosts file is absent when i go to the same spot. i also tried everything else on here and none of it did anything. p.s. i have vista

Madge : choose Show all files (not only txt) when opening hosts file from administrator notepad. By default, notepad lists only files with .txt extension, but in hosts file case it is none.

I have the “live security suite” rogue malware. Won’t let me do anything. I have tried to run several removal mbam, spybot, etc Everytime I try to run the downloaded file I get the following message “Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.” I am in safe mode with networking and signed on as administrator. I have tried downloading to fly drive and accesing it that way same message, I have also tried changing file name same problem. Went through steps to open notebook and won’t let me do that either any suggestions?????

Laura: This is separate problem. You should kill live security suite processes before executing any of files, and (maybe) fix registry, that does not allow executing programs. To do so, start task manager right after being logged in. The Live security suite will load quite fast afterwards, so you have to hurry. Press CTRL + shift+ esc and wait. Go to processes tab, and look for processes that should not be there (typically, names are random letters). Stop them. Then go to File ->New task and enter full path to antivirus executable on hard disk. This should allow launching antivirus and removing everything. Later you might continue with removing redirects.

Nothing is working for me. I have been reading posts for the past few hours, and have removed viruses in the past, but this one is givin me a run for my money. I manually deleted the virus files themselves, but still cannot get on the internet. I have done everything listed on this page regarding proxies and whatnot, but still nothing. I have searched for the registry files, but being that I never actually clicked the virus to run a scan, I don’t have any to delete. I am at a complete loss. Computer works fine, just cannot get online in any way.

Jesse: you might need to install antimalware tools using usb drive. There might be a cases where virus inserts itself in other locations, for example in drivers. Though it is very rare. The guide covers majority of common cases of broken internet connections due to infections.

Thank you so much. My host file was the problem. It was completely rewritten and had and IP that was no mines and it keep repeating itself on every search engine. I just delete the whole thing but hosts is still there but nothing is on the notepad. I can use the search engines now but I will restart my computer and see if the host file will return back to normal. But so far the hijack is gone. Thank you so much.

wow soooooo good its working again after so much stress .. tried 4 different malware programs not even norton picked it up .. thank you so much for your step by step procedure without it i would never of figured this one out … i wanna kiss you

Ok I got this after I got AV Security Suite
I did all of that and scanned with AVG and IObit Scanners but the problem wont go away on Firefox
No proxies on either and auto DNS
WHAT DO I DO!
And you guys can protect the hosts file by putting it to Read-Only
Found that out not too long ago

Alexander: Check add-ons in firefox. These might be infected as well. Also, neither IOBIT or AVG are good: Iobit uses ripped off malwarebytes database ( at least partially), and AVG (free) lacks rootkit detection.
I would recommend scanning with Spyware Doctor, Malwarebytes, Spybot S&D / AVAST or Avira

OKAY I will try…
I looked at my Plugins and saw Pando…
and I’m like “whats that” no info, no homepage, nothin… I disabled that (hopefully that works)
I did have Spybot before and ill run it again as soon as I get it again…
I’m also thinking about getting this Spyware Doctor cuz it seems useful

I did Spybot S&D and it found a ton of things(types were malware(c)and Security(c) and a couple hijackers from files in the registry) but somehow I’m still getting the hijacker in Firefox only(ugh). I really need to get rid of it
and Yes I ran 1 scan,restarted and scanned again + my dad scanned on his account
I’m going to try to scan and look over EVERYTHING
Any suggestions…
Links the thing is taking me to:(ADS SPREAD LIKE AIDS!)
[We do not allow links to malicious sites to prevent infection of other readers]

Alexander: Save your firefox bookmarks. Close it. Go to firefox data folder C:\Documents & Settings\[Username]\Application Data\…. On vista/xp (on windows 7 use C:\users\… instead) and delete everything. Then reboot, start firefox anew.
If this solves problem, this is the quickest fix.

Gah!!! I did all of that and I still have it!!! (and I have XP SP3 by the way)

Then you will have to scan with something else than Spybot. I would suggest Spyware Doctor, malwarebytes anti-malware, superantispyware. If only firefox is affected, and problem persists after deleting userdata, no problems in settings, then you have firefox-specific hijacker.

I got spyware doctor and it is scanning right now
Thank you for the help so far
threats so far
Tracking cookies-7
Spywere Known bad sites-1
Adware.Advertizing-1
Adware.searchit toolbar-9 (oh gosh lost my place Its done)
Trojan-Downloader.small.CML-6 (sounds like it)
Hijacker.dospop_toolbar-30
yeah thank you again for your help
ill see if it still happens

Alexander: I would guess it is Hijacker.dospop_toolbar-30 . Trojan.Downloader would be the one responsible of installing it

… I lost all of that because my computer froze…
I cant pay for it so I guess I just have to do another scan and remove manually…
I didn’t know you had to pay for it… oh well atleast it got the location of it

Well, Spyware Doctor has about 4x bigger database of traces than spybot as far as I have checked, so I know it can find more. I am not so sure Spybot S&D is updated enough to make it good solution for windows XP or latter users.

Thanks for the help I got it off but I think there’s still more…
I still get it but I don’t care not as many now AND! it just goes to google instead of the ads
YEY!

No problem, Alexander.

Just got done resolving a redirection — and worse – problem which was caused by a problem with our router.

The virus/Trojan had changed router setting to direct DNS searches to their web address. They returned bogus address.

Look into your router settings to make sure you’re settings have not been messed with. We ended up Restting the router to factory settings and reinstalled the router.

I have windows 7 and just got the virus/trojan myself. However, I cannot open ANYTHING. Not even task manager. I can open programs in safe mode, but how do I remove it from there?

Mark : First you will have to remove viruses. Disable the proxy server, download Spyware Doctor or malwarebytes, do a scan, remove stuff it finds. Do it in safe mode. Then reboot, and try to finalize checking the connection.

The issue with facebook redirecting to say pricegrabber isn’t always a virus or malware.

Linksys routers are sometimes the culprit…a fix that may help for some people (specifically using linksys wrt160n or any other linksys router).

Network Connections > Right click your connection > Properties > Select TCP/IP > Properties > Set your DNS manually (see below for what DNS servers).

To determine the DNS servers to input here: Get to CMD Prompt > IPCONFIG /ALL > You will see 2 IP’s under the DNS Servers section > Enter those 2 numbers in the TCP/IP DNS configuration.

I use OPENDNS, which is configured on the router and now manually set in the tcp/ip, and have never once seen this facebook redirect occur again.

James: Completely true. People should change their router default password in all cases.