Monday, November 21, 2011

How to fix Google Redirect Virus (browser hijacker) problem

Google redirect virus is a browser hijacker targeting google and other search engine search results and redirecting user to infected pages. These pages can be porn–related or full of advertising banners that make creators of this parasite money. Also, these pages  might force you to pay something or give away your bank account details. Thus Google redirect virus is quite dangerous.
There are couple different streaks of Google Redirect viruses, and some of them might require heavy scanning with reputable Anti-malware solution like NOD32 Antivirus, Kaspersky, Spyware Doctor, Malwarebytes. Sometimes Google results Redirect virus even blocks reputable sites and it is tough to download automatic software. However, there are couple easy steps to solve less complex problems.
Note, that before trying to fix other things, you are suggested to scan and check if anti-malware programs can identify more precise reason of Google redirect hijacker. You should always scan after performing all these steps as well, as doing anti-rootkit scan might reveal trojans that were hidden due to other infections.
Steps 1-5 deals with regular hijacking of search results that are due to malicious settings or plugins.  If any of antivirus programs are stopped from execution this means malware infection and you will have to scan your PC with anti-virus and anti-malware programs.
Step 1. Check your hosts file for malicious entries.
Hosts file resides on C:\Windows\System32\Drivers\etc\hosts
Windows hosts file location
Where Windows is your windows installation directory. On windows 7/vista, you should open your hosts file with administrative privileges. Google Redirect virus symptoms might be result of malware adding malicious entries to this file and are removed easily as well.
Hosts file should look like this: (open the file with Notepad)
Windows hosts file
If you see more lines of code and IPs, you should delete these, especially if they rewrite google or Microsoft subdomains. This is a sign, that you either had or have infection on your PC, as this file can not be accessed remotely usually.
Step 2. Check DNS (Domain Name Server) settings
Domain name servers are used to determine what server to access when opening website addresses. Hijacking these settings would allow hijacking various websites including search ones.
1. Go to Control Panel->Network Connections and select your local network.
2. Right-click your local network icon and select Properties.
Local Area Connection properties
3. A window will open, then select Internet Protocol (TCP/IP) and click Properties.
Internet Protocol properties
4. You will see a window like the one below – this is the Internet Protocol window. Select “Obtain an IP address automatically” and “Obtain DNS server address automatically”.
DNS Settings
5. Click OK to save changes.
Step 3. Checking your proxy settings on Internet Explorer
Proxy server settings can be used to implement Google search result hijacking as well. This is simple to fix too:
1. Launch your internet explorer.
2. Tools ->Internet Options, Connections tab. Press LAN Settings
Internet Explorer local area network settings
3. Unselect everything or enter parameters that were given by system administrator.
4. Press OK.
Step 4. (Optional) Check your proxy settings on Mozilla Firefox
1. Launch Mozilla Firefox.
2. Tools ->Options. Press Advanced and open Network tab. Then, press Settings button.
Mozilla Firefox network settings
3. Select “No proxy” or enter parameters that were given by system administrator.
4. Press OK.
Step 5. Check your IE add-ons
If your browser is hijacked in IE only, check IE browser ad-ons. Note: there are malicious plugins that affect both IE and firefox and result in Google redirects in both of the pages.
1. Launch your internet explorer.
2. Tools->Manage Addons
3. Disable all unverified addons (there might be some useful ones, but better re-install them later).
Delete all ad-ons that look spammy/unknown.


that is all!!!


that is all!!!!
Retweet this story