Anybody dealt with the redirect virus?

[travelover]

I've got a virus on my computer that randomly redirects me to other websites. I run a Firefox browser and use Microsoft Security Essentials as virus protection. The MSE doesn't seem to find the virus in multiple scans.

Thanks in advance for any advice.

 

[REWahoo]

I plugged your symptoms into Google and came up with this:

 

[ls99]

May be a misbehaving addon. Disable all addons in FF. If it works one by one find the culprit.

Else try Malwarebytes.

Good luck

 

[braumeister]

I've got a virus on my computer that randomly redirects me to other websites.

This can happen when some sort of malware changes your DNS lookup site to one of their evil DNS servers.

Apart from cleaning the virus (can't address that because I don't know what you're running and am not an expert anyway), the first thing I would do is check your DNS lookups. I like to use OpenDNS servers, which have always been very trustworthy. See what yours are and check where they are actually located. Might be your ISP, but might be someplace nasty.


For further information check out OpenDNS - Cloud Internet Security and DNS

 

[cluebus2]

I used Kaspersky TDSSKiller to fix this when it happended to me last summer.
My regular malware security was unable to find it.
Of course, you have to use another computer to find the download address
because the redirect won't let you search for it.

 

[harley]

I assume you're talking about the Google Redirect virus, where you get redirected when trying to go to a search result. This malware is rampant on the web. If so, TDSSKiller is your best bet. I tried 5 or 6 other security software solutions without any luck. You probably will also need to fix your hosts file. Microsoft has an easy solution - How can I reset the Hosts file back to the default?

 

[growing_older]

Or if you have an ability to roll back your computer to a previous date, go back to a date before the virus behavior started.

 

[target2019]

There is not one redirect virus. Oh if life were simple again.

You need Malwarebytes and a really good virus scanner. Be prepared to spend a lot of time on this. It is a real education. You may need to get registry fixes. You'll have to turn off System Restore, replace the HOSTS file, shut down processes, and also run scanners from Safe Mode. You need to make sure you get all critical Microsoft updates.

It may be the HOSTS file is also jacked. Then there is the search provider in browser that may be changed. Then there is the browser addon. Then there are the malware that are in Safe Restore and can't be removed. One day you'll do a restore and be re-infected.

It can be fixed, except for the rootkit that may be installed, and goes un-detected by a lot of the checkers.

You can pay the computer store a lot to fix these things, but there work may be less than 100% effective.

If you have another computer, you can download the programs you need from there, save to USB, and install to the infected computer while in safe mode.

Microsoft Security Essentials? Does the fire station provide free fire insurance?

 

[MichaelB]

I assume you're talking about the Google Redirect virus, where you get redirected when trying to go to a search result. This malware is rampant on the web. If so, TDSSKiller is your best bet. I tried 5 or 6 other security software solutions without any luck. You probably will also need to fix your hosts file. Microsoft has an easy solution - How can I reset the Hosts file back to the default?

+1
If that doesn't work, look at the google forums. One of many threads on this
https://groups.google.com/a/googleproductforums.com/forum/m/#!topic/websearch/ICKqFHmPaq4

 

[travelover]

Thanks for the suggestions so far, but I have to admit, many of you are way over my head. Perhaps it would be best if I took the computer out in the driveway and put a couple of .45 slugs through the hard drive and then bought a new computer.

Oh, but wait, that computer would get infected soon, anyway.

 

[MichaelB]

Thanks for the suggestions so far, but I have to admit, many of you are way over my head. Perhaps it would be best if I took the computer out in the driveway and put a couple of .45 slugs through the hard drive and then bought a new computer.

Don't waste the bullets - they'll just get redirected...

 

[Sarah in SC]

Thanks for the suggestions so far, but I have to admit, many of you are way over my head. Perhaps it would be best if I took the computer out in the driveway and put a couple of .45 slugs through the hard drive and then bought a new computer.

Oh, but wait, that computer would get infected soon, anyway.

Save your ammo and get Tommy Jordan to do it for you.

 

[grumpy]

I had similar symptoms last year. My son, a software engineer, determined that I was the victim of a "root kit trojan" (whatever that means). This bug disabled Malwarebytes and any other software "fixer" I tried. With my sons help I was able to get software called "rkill".

This had to be run from the DOS prompt. Once it did its thing, then Malwarebytes was able to run and succeed.

 

[travelover]

I think the Israelis have confused my computer with a uranium enrichment centrifuge.

 

[ERD50]

Oh, but wait, that computer would get infected soon, anyway.

Linux? Mac?


-ERD50

 

[braumeister]

It's hard to be completely safe these days.

 

[BigNick]

Go to Bleepingcomputer.com, download ComboFix, run, follow instructions, enjoy.

 

[Major Tom]

I had a similar problem a few months ago which kept redirecting me to a 404 error page on Hotspot Shield which contained ads. I tried Malware Bytes (think it was that one) as well as the anti-virus I had installed (Zone Alarm). I probably should have tried a few others too but was looking for an excuse to do a clean re-install of the OS, so that's what I did.

Luckily, I have all my data on separate backed up hard drives. Only the OS and programs are on the C drive, so I wiped that drive clean with a free program called KillDisk and completely re-installed the OS (Windows XP in my case) and all programs.

It was probably overkill, but I had quite a few programs I no longer used, as well as who-knows-what programs running memory resident in the background, so it felt like a good time to start again from scratch.

 

[easysurfer]

Or if you have an ability to roll back your computer to a previous date, go back to a date before the virus behavior started.

+1. That'll be my first approach.

 

[eytonxav]

Linux? Mac?


-ERD50

Since my PC is ~ 6 years old, this will be my solution next time the bug bites.

 

[harley]

Thanks for the suggestions so far, but I have to admit, many of you are way over my head.

Seriously, downloading, installing and running TDSSKiller and then clicking on the "Fix It" button I listed previously is really easy. I'd say you'd have a 90% chance of getting rid of the rootkit that way. If it doesn't work, you can always shoot it.

Regarding the rollback option others referred to, I didn't have any luck with that. If you have a complete restore image to go back to, that would be good. But just doing a system restore to a month previous didn't get rid of the problem for me. I'm not sure exactly what gets overwritten in the restore, but it didn't clear the rootkit on my computers. But TDSSKiller and resetting the hosts file did. Good luck.

 

[travelover]

Well so far I've run MicrosoftFixit50267, rkill and tdsskiller and no joy. Now where is that durn .45?

 

[easysurfer]

Well so far I've run MicrosoftFixit50267, rkill and tdsskiller and no joy. Now where is that durn .45?

The next questions (which you probably don't want to hear ):

1) Do you have your data backed up to an external drive?

2) Do you have a restore disc for you system or a clean image of your hard drive?

I've had situations before when totally stuck, it was faster to just make sure my data safe externally, then roll up my sleeves and spend a day or two redoing my system.

Before 1 and 2 above, can you reset your browser? I use Internet Explorer and sometimes when things get messed up there's a browser reset option.

 

[oldtrig]

Hello travelover. Here is what I suggest. Go to this website,
Virus, Spyware and Malware Removal - Smartest Computing

Create Account and let them fix it for you. They do not charge and I can tell you Broni is the best on the internet for things like you have on your PC. Just make sure you read the instructions before posting a logfile. Tell him in your first post exactly what the PC is doing. I will guarantee he will get it fixed. When he gets it going you might want to donate a small fee. I do anyway.



I have worked on computers for 15 years and repaired more than I can remember
I can do most of what Broni does but he has much more experience than I do on the latest bad things. Please let me know how you come out on this. oldtrig

 

[powerplay]

Here is some info at fbi.gov about DNS changes. It appears it may be related to the problem the OP is having.

http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf