Google redirect fix

[bearack]

I've been running into this redirect allot of late and couldn't find a sound fix, until now. This forum listed here gives details for running a GMER rootkit program that removes this redirect issue.

WARNING, however, many of these rootkit viruses attach themselves to system DLL files and this program finds and removes ALL traces of the rootkit virus, meaning that some system DLL files will be lost. To resolve this, just use your system disk and run the reapair function which will add those missing system files back.

I found this to be the easiest way without having to reimage your system.

Caveat, I've run this on two of my systems with the listed above results so this is only a suggestion and you are at your own risk for running this program. To me, it was a life and time save for my work system.

 

[bearack]

Update. The GMER program removed the redirect but not totally. Just enough to resolve the issue for a day but it came back. It did however resolve the fake alert 100% but since I still have the redirect issue, after about 6 attempts, I'm reimaging my system.

If ANYONE happens to come up with a solution to the redirect, please post it here. I know that I will expierance this ditty on my work laptop again. We don't have near the security as my home PC. Isn't that sad?

 

[Mee_n_Mac]

What redirect have you been experiencing ? Is it the one being talking about in the other thread (to a fake AV site) or something different ? Recently, at work where we're running an old version of IE, I've been getting a not easily closed popup asking me to upgrade to IE8 which then seemingly directs me to MS site to d/l IE8. Since it's a work PC I've declined the d/l. I can return to the SDC homepage and not get the nag-minder repeated.

 

[bearack]

Bah, posted a detailed responce and then lost my network right as it was posting.

Anywho, no, it's not simular to your event. This is a redirect for search engines, i.e. Google, Bing and Yahoo. When you select a site from your results, rather than send you to that site, it redirects you to a malicious site. There are ways to work around it, but I haven't found any thing to truly remove it, other than reimaging the system.

This is only occuring on my work systems due to the lack of attention to security (they think they are focused on it, but rely to heavely on Sonic wall and McAfee which both suck). My home systems, with my added security, have not run into this.

The biggest reason I want to find a solution other than reimaging is for the mere fact that many of my piers are out of state and are required to ship their workstation to our IS group here in Colorado to be reimaged. I'm hoping to find a solution remotely.

 

[a_lost_packet_]

,,The biggest reason I want to find a solution other than reimaging is for the mere fact that many of my piers are out of state and are required to ship their workstation to our IS group here in Colorado to be reimaged. I'm hoping to find a solution remotely.

Do you know what virus it is or has it not yet been identified?

 

[drwayne]

Please note that for my bout a few months back, after everything had been cleared out,
the "hosts" file was still corrupted, with entries here being used to redirect to sites. I had
to manually edit the file (which can be tricky as it is a system file), and take out the hardwires
that had been established there.

Wayne

 

[drwayne]

http://en.wikipedia.org/wiki/Hosts_file

 

[a_lost_packet_]

Please note that for my bout a few months back, after everything had been cleared out,
the "hosts" file was still corrupted, with entries here being used to redirect to sites. I had
to manually edit the file (which can be tricky as it is a system file), and take out the hardwires
that had been established there.

Wayne

There are many sample hosts files out there, usually available with different security applications. A good, updated hosts file that blocks known bad attack addresses is essential. Of course, it's also something malware likes to target, redirecting innocent queries to known safe urls like www.google.com or http://www.cnn.com to some nasty site or another, in much the same way as I malformed those urls.

Just about any good security application will protect host files from changes like this. They will lock them out and monitor them for accesses and require authorization for changes. If you have a security program installed, check to make sure it is safeguarding your hosts file. Better yet, make sure it is adding known attack sites to your hosts file so it is extremely difficult for it to be accessed normally. If your software is not protecting the hosts file properly, it could be already compromised. It's also possible it could have a conflict with other security software already installed. Frequently, they can clash over "who is first" to rush to protect the hosts file...

 

[drwayne]

The funny? part was that they redirected almost all major search engines. They didn't get AltaVista, presumably because
they didn't view it as a search engine anyone uses any more. I got rid of the virus after some machinations, but I had
to work around my own security to fix the hosts. (It also took me a while to remember the name 'hosts' for the file,
isn't getting old a pain?)

One other funny note, PC vendors sometimes redirect. My Acer laptop came with a redirect of Google to iGoogle customized
for Acer computers.

 

[a_lost_packet_]

... (It also took me a while to remember the name 'hosts' for the file,
isn't getting old a pain?)..

I refuse to acknowledge existence of the condition known as "getting older."

One other funny note, PC vendors sometimes redirect. My Acer laptop came with a redirect of Google to iGoogle customized for Acer computers.

Interesting. Firefox has a customized google page which I actually like more than google's standard page. But, it's not a redirect, just a custom firefox google page. I can still get to google through www.google.com.

We had some Dell's at work that did horrible things with customized pages and searches. Locking a "homepage" to some stupid, cancer ridden, Dell-fest homepage was one of them.