Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Help & Search»Computer Help and Support»Google redirect virus
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Related: About this forum

DemReadingDU

(16,000 posts) Sun Sep 30, 2012, 06:45 PM Sep 2012

Google redirect virus

Google redirects virus
I have 2 Toshiba laptops. One is infected with a Google redirect virus when using Internet Explorer. When searching a topic in Google on the infected laptop, the search is redirected to whatever it feels like (no porn though).

Anyway, on the infected laptop, I have run Malwarebytes, but it did not find any problems. Nothing at all. I ran Spybot and it didn't find anything either. So on the other laptop, I searched for other possible issues, which said to check the hosts file
"C:\windows\system32\drivers\etc\hosts" and look for "127.0.0.1 localhost"

This is the result on BOTH laptops and it appears the localhost file is a comment on both laptops. Any other suggestions to get rid of these annoying redirects on the infected laptop? Thanks.
The searching problem also exits using Firefox.

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
***note there are hundreds of these***
127.0.0.1 search.ghribi.com
# End of entries inserted by Spybot - Search & Destroy

Apparently this is a big problem within the past couple of days. Lots of people appear to have been bitten by this virus and seeking assistance.


edit to highlight a few words

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 19 replies, 9266 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (0) ReplyReply to this post
19 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Google redirect virus (Original Post) DemReadingDU Sep 2012 OP
You might try TDSKiller Live and Learn Sep 2012 #1
Tried that too, didn't work DemReadingDU Sep 2012 #3
Found this info too Live and Learn Sep 2012 #2
"127.0.0.1 localhost" Mnpaul Sep 2012 #4
I trust my system... so I looked at www.007guard.com and I got "Unable to connect" Dont_Bogart_the_Pretzel Sep 2012 #5
Here's the problem Mnpaul Oct 2012 #6
Check out this Microsoft default for the hosts file DemReadingDU Oct 2012 #7
You have to log in as Administrator Mnpaul Oct 2012 #8
The computer user is already the administrator, no password DemReadingDU Oct 2012 #9
I'm not running 7 Mnpaul Oct 2012 #10
Yes, Using Windows 7, the default for microsoft shows... # 127.0.0.1 localhost DemReadingDU Oct 2012 #11
I think it has to be there in 7 Mnpaul Oct 2012 #12
That localhosts is just blocking sites PowerToThePeople Oct 2012 #13
Maybe IE is still going there because it changed your connection settings. hobbit709 Oct 2012 #14
Lan settings should be set to Automatically detect settings? DemReadingDU Oct 2012 #15
You got it hobbit709 Oct 2012 #16
I checked, Lan settings already set to Automatically detect settings DemReadingDU Oct 2012 #18
Try this google redirect virus manual (video included) anupraman Oct 2012 #17
Took the computer to the local fix-it guy DemReadingDU Oct 2012 #19

Mnpaul

(3,655 posts)
4. "127.0.0.1 localhost"
Reply to DemReadingDU (Original post)
Sun Sep 30, 2012, 10:21 PM
Sep 2012

is supposed to be there. That is the address inside your computer where the nasty sites are redirected to. All those entries are created by spybot when you immunize. Do not delete them.

Maybe your DNS settings are hosed try Open DNS

Right click on your network connection and chose properties
Select "Internet protocol" and click properties
Select "Use the following DNS server addresses
Put 208.67.222.222 in the first box
Put 208.67.220.220 in the second

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Dont_Bogart_the_Pretzel

(3,273 posts)
5. I trust my system... so I looked at www.007guard.com and I got "Unable to connect"
Reply to DemReadingDU (Original post)
Sun Sep 30, 2012, 10:37 PM
Sep 2012

Firefox can't establish a connection to the server at domains.googlesyndication.com.

I don't have 127.0.0.1 www.007guard.com in my hosts file but I do have 127.0.0.1 domains.googlesyndication.com

Just to be safe I think I'll add 127.0.0.1 search.ghribi.com to my list!



Check out http://winhelp2002.mvps.org/hosts.htm
Malwarebytes and Spybot - Search & Destroy do the best they can but IMO a fully loaded hosts file does better.



TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Mnpaul

(3,655 posts)
6. Here's the problem
Reply to DemReadingDU (Original post)
Mon Oct 1, 2012, 01:29 AM
Oct 2012

"# 127.0.0.1 localhost" has to be above all the rest or all the bad sites get directed to the 007guard site

see here
http://overclockedtech.com/?tag=007guardcom

it has to look like this

127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

DemReadingDU

(16,000 posts)
7. Check out this Microsoft default for the hosts file
Reply to Mnpaul (Reply #6)
Mon Oct 1, 2012, 06:47 AM
Oct 2012

it says the # needs to be there for computers with Windows 7

# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

http://support.microsoft.com/kb/972034


Even if i wanted to change the hosts file, it won't let me save any changes. I can open with notepad, but apparently one needs to be 'administrator' to save it after editing. How does one be administrator to open the notepad file?

Also, I have 2 identical Toshiba laptops, with the same hosts file. One computer has the Google redirect virus, and the other doesn't. So is it really the hosts file that is the issue?

Thanks for everyone's help!






TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Mnpaul

(3,655 posts)
8. You have to log in as Administrator
Reply to DemReadingDU (Reply #7)
Mon Oct 1, 2012, 09:42 AM
Oct 2012

I hope you know the password(if there is one). Click start and log off and then choose admin if there is that option. If the option isn't there hit ctrl+alt+del to bring it up. You should have been in this account when trying to clean the bug.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

DemReadingDU

(16,000 posts)
9. The computer user is already the administrator, no password
Reply to Mnpaul (Reply #8)
Mon Oct 1, 2012, 10:16 AM
Oct 2012

I did figure out how to open notepad, via right-click to run as administrator.

However, I have not changed anything, but I have a question for you...
If you are using Windows operating system 7, what does your host file look like?
Thanks!
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Mnpaul

(3,655 posts)
10. I'm not running 7
Reply to DemReadingDU (Reply #9)
Mon Oct 1, 2012, 01:23 PM
Oct 2012

but the link above shows what it should look like

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

DemReadingDU

(16,000 posts)
11. Yes, Using Windows 7, the default for microsoft shows... # 127.0.0.1 localhost
Reply to Mnpaul (Reply #10)
Mon Oct 1, 2012, 01:46 PM
Oct 2012

There is a # in front of # 127.0.0.1 localhost

For Windows 7, that is the default. Is Microsoft wrong in their file?
http://support.microsoft.com/kb/972034

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Mnpaul

(3,655 posts)
12. I think it has to be there in 7
Reply to DemReadingDU (Reply #11)
Mon Oct 1, 2012, 02:31 PM
Oct 2012

the others not. Another site I read told to open a second notepad file and copy the contents of your hosts file to it and then copy them back. There are apparently some non visible characters mucking things up. If you do this you can try changes and restore the original if it doesn't work.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

PowerToThePeople

(9,610 posts)
13. That localhosts is just blocking sites
Reply to DemReadingDU (Original post)
Tue Oct 2, 2012, 04:46 PM
Oct 2012

I am not a Windows user (Go GNU/Linux!), but I think you would not want the ipv4/ipv6 localhost commented out.

I think I am blocking several thousand sites via blackholing. I get my script here (even made a donation because it works so well for me - No, it is not mine. i am not trying to spam)

http://pgl.yoyo.org/adservers/

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

hobbit709

(41,694 posts)
14. Maybe IE is still going there because it changed your connection settings.
Reply to DemReadingDU (Original post)
Tue Oct 2, 2012, 06:35 PM
Oct 2012

open IE, go to Tools, then Internet Options, Connections and go to LAN settings. See if it's set to Automatically detect settings or the Proxy settings is checked instead and has something there.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

DemReadingDU

(16,000 posts)
18. I checked, Lan settings already set to Automatically detect settings
Reply to hobbit709 (Reply #16)
Wed Oct 3, 2012, 02:26 PM
Oct 2012

I have also run Malwarebytes and SuperAnti-Spyare. Both of these programs have always found previous infections. But this new Google redirect virus, is really stumping me to get it eradicated.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

anupraman

(1 post)
17. Try this google redirect virus manual (video included)
Reply to DemReadingDU (Original post)
Tue Oct 2, 2012, 11:15 PM
Oct 2012

Hi,

Please try the steps mentioned in the tutorial. These are manual steps to remove google redirect virus. Some might find this a bit techie, but a detailed video is provided to make it easy to troubleshoot.

[link]http://atechjourney.com/google-redirect-virus-remove-manually.html/[/link]

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

DemReadingDU

(16,000 posts)
19. Took the computer to the local fix-it guy
Reply to DemReadingDU (Original post)
Fri Oct 5, 2012, 08:18 AM
Oct 2012

It will be interesting to see the problem(s) that caused the malfunction. I just don't have the time to play Sherlock with that computer any longer.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Help & Search»Computer Help and Support»Google redirect virus
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.