Need assistance getting rid of Google redirect

The geek forum. PHP, Perl, HTML, hardware questions etc.. it's all in here. Got a techie question? We'll sort you out. Ask your questions or post a link to your own site here!

Need assistance getting rid of Google redirect

Postby Nate » Wed Jul 15, 2009 6:46 pm

I'm hoping maybe Mith will come around and help me out with this, but I have a problem. Whenever using Google or Yahoo, I'll click on say, a link to Wikipedia, but it will instead redirect me to an obvious spam/ad site. Apparently it's been nicknamed the "Google Redirect Virus" or something along those lines.

Anyway, does anyone know any way to get rid of this thing? I ran the Malwarebytes Anti-Malware (version 1.31), and it said I had 0 infections, so obviously that isn't of much use. It didn't show up on my antivirus program either (running AVG Free 8.5.375). I really don't want to start messing around with anything else until I get some advice from someone who knows more about computers than I do.

Any help would be greatly appreciated!
Image

Ezekiel 23:20
User avatar
Nate
 
Posts: 10725
Joined: Thu Sep 02, 2004 12:00 pm
Location: Oh right, like anyone actually cares.

Postby ShiroiHikari » Wed Jul 15, 2009 9:14 pm

fightin' in the eighties
User avatar
ShiroiHikari
 
Posts: 7564
Joined: Wed May 28, 2003 12:00 pm
Location: Somewhere between 1983 and 1989

Postby Ante Bellum » Wed Jul 15, 2009 9:22 pm

Here is a forum concerning this virus: http://www.geekstogo.com/forum/Google-redirect-virus-t93888.html
I just ran a quick search on this, it looks to have pretty extensive instructions on how to get rid of it. It requires a number of downloads though, so unless you are really REALLY desperate I'd have someone else check out the process as well. I've never heard of this before, or at least with a name attached to it. So, someone else could probably provide more assistance than me.
Also, I heard that antivirus program aren't allowed to touch files in System Restore, so if you use that that could be one reason, and I've also heard that switching your browser (to Firefox if you use IE, or Safari if that doesn't help) could help for a bit.
User avatar
Ante Bellum
 
Posts: 1347
Joined: Tue Apr 07, 2009 2:59 pm
Location: E U R O B E A T H E L L

Postby Nate » Mon Jul 20, 2009 5:11 pm

I'm not a computer-savvy person. Further, threads like that are tailored to specific individuals, which is why they always say "Post the logs these programs give you." My logs would be different from their logs I'm sure, so it isn't very helpful.

I just need someone to walk me through, simply, saying what I need to do to get rid of this. At the moment, it's more of an annoyance than a severe problem. All I do is just right-click the links I get on Google and click "Copy Link Location" and paste it in a new tab. It's annoying, and I'd like to stop having to do that, but it hasn't made me unable to use Google entirely.
Image

Ezekiel 23:20
User avatar
Nate
 
Posts: 10725
Joined: Thu Sep 02, 2004 12:00 pm
Location: Oh right, like anyone actually cares.

Postby Peanut » Mon Jul 20, 2009 9:58 pm

Originally I wasn't going to post this link because I know you don't want avoid posting logs and I also get the feeling you won't want to go through all of these steps since its targeted towards all malware and not what you think you have. However, I've been working through them and they've been helping me big time with my malware problem (which is worse then yours...much worse...). So, I'll just post it anyway...use it if you want.

Link
CAA's Resident Starcraft Expert
Image

goldenspines wrote:Its only stealing if you don't get caught.
User avatar
Peanut
 
Posts: 2432
Joined: Sun Aug 29, 2004 5:39 pm
Location: Definitely not behind you

Postby Nate » Tue Jul 21, 2009 11:29 am

I told you in the Skype chat last night, but I'll post it here so nobody thinks my problem is solved yet. As I said before, I ran Malware Anti-Bytes, and it turned up zero infections. So that program isn't useful at all. I don't know what I would need to look for so I can't just go and delete it myself, even if I make system files visible (which I did ages ago for a reason I can't remember).

So, I still need someone to help me solve this problem.
Image

Ezekiel 23:20
User avatar
Nate
 
Posts: 10725
Joined: Thu Sep 02, 2004 12:00 pm
Location: Oh right, like anyone actually cares.

Postby Whitefang » Mon Jul 27, 2009 8:41 am

What browser do you use?

If Firefox, I'd make sure you have 3.5 (When I downloaded it, it was an optional update that was not being pushed to Firefox users yet).
If Internet Explorer 7 or lower, see if you can upgrade to 8, and make sure that you have installed all of the critical Windows updates.

Beyond that, you could try reinstalling (backup your bookmarks, any cookies you know are safe), purge the browser directories (both the hidden files and the installation directories), and then install the browser. You could also install a new browser and see if it exhibits the same behavior.
"It's not easy to act in the name of justice."

"Justice is not the only right in this world"
User avatar
Whitefang
 
Posts: 261
Joined: Wed Nov 19, 2008 9:17 pm
Location: Paradise

Postby Nate » Thu Jul 30, 2009 3:28 pm

I use Opera, but it doesn't matter. The redirect happens on Opera, Firefox, AND IE. This means that whatever is causing the problem isn't in the browser program, it's elsewhere on my computer and it redirects the browser whenever it requests something from Google.

Ah well, this thread's been up over two weeks and nobody's really been able to help me. Guess we don't really have any tech-minded people on CAA, which is cool. Like I said, I already figured a way around it by right-clicking and copying the address and pasting it in another tab. Yeah, it's inconvenient, but can't do anything else, and at least this is something I can work around, it's not like a virus that's destroying my hard drive or anything. *shrug*
Image

Ezekiel 23:20
User avatar
Nate
 
Posts: 10725
Joined: Thu Sep 02, 2004 12:00 pm
Location: Oh right, like anyone actually cares.

Postby Peanut » Thu Jul 30, 2009 7:31 pm

Well, I'll take another shot at this even though I don't expect anything I find to fix it. I did a quick search and this came up, you may have already tried this but I figured I would copy and paste the steps anyway just in case. I've added some things in parenthesis to help with step 1 because it took me some looking around to figure it out myself (Note: I'm assuming your using Windows XP...if not...ignore what's in parenthesis):

1. Select Show Hidden Devices under Hardware Device Manager in your Windows Control Panel.(Go to Control Panel. Click on System then click on the Hardware tab. There should be a section titled Device Manager. Click that then go to View and click Show Hidden Devices. I think this step is different from showing hidden files...but I could be wrong.)
2. Search for "TDSSserv.sys" right click Disable. Do not select Uninstall otherwise the infection will reappear once the computer is restarted.
3. Reboot the pc.
4. Immediately update antivirus software and the Google redirect virus will cease to exist in your workstation.

If you found this "TDSSserv.sys," disabled it, and your still getting redirected. Try the steps again but disable system restore before you restart your computer. You can re-enable it after your computer reboots. If that doesn't work then...well...there's always HijackThis and Malware removal forums. And I would recomend going all the way to get this thing removed, the article I read that gave me those steps suggested that it could mess with your firewall and security software which is never a good thing. Of course, it could have just been scare tactics but even then, why put up with the consistent annoyance when you can get it fixed through a single annoying moment? Oh and speaking of that article, here is the link to it:

http://ezinearticles.com/?Google-Redirect-Virus-Fix---How-to-Get-Rid-of-Google-Virus&id=2450094

While re-reading it during the writing of this post I realized there was the possibility that you may not have the symptons listed in this article, in which case you may not want to do those steps listed...
CAA's Resident Starcraft Expert
Image

goldenspines wrote:Its only stealing if you don't get caught.
User avatar
Peanut
 
Posts: 2432
Joined: Sun Aug 29, 2004 5:39 pm
Location: Definitely not behind you

Postby uc pseudonym » Fri Jul 31, 2009 2:21 pm

I see this thread every time I log onto CAA but I've delayed posting. At work I have run into a variety of computers with redirect malware and frankly there is no easy solution that I know of. I'm low-level tech support, so maybe there are gurus with more elegant solutions, but since they aren't here I'll do my best.

First, are you running your scans in normal mode or in Safe Mode? Use Safe Mode. A lot of your more developed viruses will infect system processes and keep your scan from finding everything, but there's a chance those processes won't be booted in Safe Mode.

So unless you already did this, load the computer in "Safe Mode with Networking," manually run updates for both anti-virus and anti-spyware (some viruses create pretend updates), then leave the computer running. That's your basic but more secure scan and if that works, great.

But if the easy way doesn't work, this will get harder. The first thing I'd want to know is what processes your computer is running. Ctrl+Alt+Delete, then go to the processes tab, if you don't know. Screenshots are fine too. If this is a simple process we might be able to get rid of it manually.
User avatar
uc pseudonym
 
Posts: 15506
Joined: Tue Jun 10, 2003 4:00 am
Location: Tanzania

Postby Kaligraphic » Fri Jul 31, 2009 4:09 pm

While you're doing that, there's one more easy thing to check. C:\Windows\system32\drivers\etc\hosts

Check for a line with http://www.google.com or something like that. If there is one, you're probably just going to the wrong http://www.google.com.


When your computer looks up, say, http://www.google.com, it'll check that hosts file first. If it finds the host it's looking for, it'll go where that file points it. If not, it'll ask in DNS.


If there is such a line, just download the hosts file at http://www.mvps.org/winhelp2002/hosts.htm and follow the replacement instructions on that page. If not, well, go ahead and do it anyway, because it'll still make your browsing safer by blocking certain known possible infection vectors. (and some annoying ads.)
The cake used to be a lie like you, but then it took a portal to the deception core.
User avatar
Kaligraphic
 
Posts: 2002
Joined: Wed Jul 21, 2004 12:00 pm
Location: The catbox of DOOM!

Postby Shao Feng-Li » Fri Jul 31, 2009 10:07 pm

Might be easier to back up everything and reformat...
User avatar
Shao Feng-Li
 
Posts: 5187
Joined: Sun Oct 12, 2003 12:00 pm
Location: Idaho

Postby Roberts » Wed Aug 05, 2009 7:45 am

I have dealt with viruses/malware of this ilk before, so I know your frustration. Have you managed to fix the problem yet?

If not, are the spam site(s) you are being redirected to a specific few? I could most certainly track down a solution if I knew a few of the URLs of said sites.
User avatar
Roberts
 
Posts: 105
Joined: Wed Aug 05, 2009 7:17 am
Location: Australia


Return to Computing and Links

Who is online

Users browsing this forum: No registered users and 94 guests