Google redirect virus
Google redirects virus
I have 2 Toshiba laptops. One is infected with a Google redirect virus when using Internet Explorer. When searching a topic in Google on the infected laptop, the search is redirected to whatever it feels like (no porn though).
Anyway, on the infected laptop, I have run Malwarebytes, but it did not find any problems. Nothing at all. I ran Spybot and it didn't find anything either. So on the other laptop, I searched for other possible issues, which said to check the hosts file
"C:\windows\system32\drivers\etc\hosts" and look for "127.0.0.1 localhost"
This is the result on BOTH laptops and it appears the localhost file is a comment on both laptops. Any other suggestions to get rid of these annoying redirects on the infected laptop? Thanks.
The searching problem also exits using Firefox.
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
***note there are hundreds of these***
127.0.0.1 search.ghribi.com
# End of entries inserted by Spybot - Search & Destroy
Apparently this is a big problem within the past couple of days. Lots of people appear to have been bitten by this virus and seeking assistance.
edit to highlight a few words
Live and Learn
(12,769 posts)Worked for me with a particularly nasty virus.
DemReadingDU
(16,000 posts)Live and Learn
(12,769 posts)Mnpaul
(3,655 posts)is supposed to be there. That is the address inside your computer where the nasty sites are redirected to. All those entries are created by spybot when you immunize. Do not delete them.
Maybe your DNS settings are hosed try Open DNS
Right click on your network connection and chose properties
Select "Internet protocol" and click properties
Select "Use the following DNS server addresses
Put 208.67.222.222 in the first box
Put 208.67.220.220 in the second
Dont_Bogart_the_Pretzel
(3,273 posts)Firefox can't establish a connection to the server at domains.googlesyndication.com.
I don't have 127.0.0.1 www.007guard.com in my hosts file but I do have 127.0.0.1 domains.googlesyndication.com
Just to be safe I think I'll add 127.0.0.1 search.ghribi.com to my list!
Check out http://winhelp2002.mvps.org/hosts.htm
Malwarebytes and Spybot - Search & Destroy do the best they can but IMO a fully loaded hosts file does better.
Mnpaul
(3,655 posts)"# 127.0.0.1 localhost" has to be above all the rest or all the bad sites get directed to the 007guard site
see here
http://overclockedtech.com/?tag=007guardcom
it has to look like this
127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
DemReadingDU
(16,000 posts)it says the # needs to be there for computers with Windows 7
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
http://support.microsoft.com/kb/972034
Even if i wanted to change the hosts file, it won't let me save any changes. I can open with notepad, but apparently one needs to be 'administrator' to save it after editing. How does one be administrator to open the notepad file?
Also, I have 2 identical Toshiba laptops, with the same hosts file. One computer has the Google redirect virus, and the other doesn't. So is it really the hosts file that is the issue?
Thanks for everyone's help!
Mnpaul
(3,655 posts)I hope you know the password(if there is one). Click start and log off and then choose admin if there is that option. If the option isn't there hit ctrl+alt+del to bring it up. You should have been in this account when trying to clean the bug.
DemReadingDU
(16,000 posts)I did figure out how to open notepad, via right-click to run as administrator.
However, I have not changed anything, but I have a question for you...
If you are using Windows operating system 7, what does your host file look like?
Thanks!
Mnpaul
(3,655 posts)but the link above shows what it should look like
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
DemReadingDU
(16,000 posts)There is a # in front of # 127.0.0.1 localhost
For Windows 7, that is the default. Is Microsoft wrong in their file?
http://support.microsoft.com/kb/972034
Mnpaul
(3,655 posts)the others not. Another site I read told to open a second notepad file and copy the contents of your hosts file to it and then copy them back. There are apparently some non visible characters mucking things up. If you do this you can try changes and restore the original if it doesn't work.
PowerToThePeople
(9,610 posts)I am not a Windows user (Go GNU/Linux!), but I think you would not want the ipv4/ipv6 localhost commented out.
I think I am blocking several thousand sites via blackholing. I get my script here (even made a donation because it works so well for me - No, it is not mine. i am not trying to spam)
http://pgl.yoyo.org/adservers/
hobbit709
(41,694 posts)open IE, go to Tools, then Internet Options, Connections and go to LAN settings. See if it's set to Automatically detect settings or the Proxy settings is checked instead and has something there.
DemReadingDU
(16,000 posts)Proxy settings should be unchecked?
hobbit709
(41,694 posts)DemReadingDU
(16,000 posts)I have also run Malwarebytes and SuperAnti-Spyare. Both of these programs have always found previous infections. But this new Google redirect virus, is really stumping me to get it eradicated.
anupraman
(1 post)Hi,
Please try the steps mentioned in the tutorial. These are manual steps to remove google redirect virus. Some might find this a bit techie, but a detailed video is provided to make it easy to troubleshoot.
[link]http://atechjourney.com/google-redirect-virus-remove-manually.html/[/link]
DemReadingDU
(16,000 posts)It will be interesting to see the problem(s) that caused the malfunction. I just don't have the time to play Sherlock with that computer any longer.