So, I have a difficult version of the Google Redirect Virus. When i search something on Google (i use chrome and Wind 7 btw) it lags and in the bottom left hand part of the screen it says something like "Waiting for raresearchsystem.com..."

If i wait it sends me to an ad sight or somewhere else. While its lagging (before the ad sigh comes), i can go up to the searchbar and hit enter again, re-affirming my command to go to a certain website and it then listens correctly. Essentially, i have to search it and then re send it.

I have searched for this, but when i search raresearchsystem removal on google it only brings me to a bunch of posts by a company wanting you to download their software, but there are never any posts from real people concerning whether it works or not. I dont want generic responses, i want actual responses for help. So, it gets worse.

I have tried the TDBS Removal App. and going to the device manager and looking for the thing there. it was not there. both of these failed methods listed here:
http://www.youtube.com/watch?v=hZdfLJuAi5o
http://www.ehow.com/how_5842581_remove-google-redirect-virus.html

I have tried going to windows/system 32/drivers/etc/ and then opening the host document with the notepad. there is extra content at the bottom to delete but when i try to delete the extra line, it will not let me save, stating that i have to contact the system administrator. Even when i check all the admin settings to ensure i should have full admin access, even when i turn it off, the hosts notepad still will not let me save. Here is what my notepad looks like


Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost <---- this line i cannot delete.

Line above i cant delete and save.

Also, curiously, there was extra user in my Credentials Manager file called VIRTUALAPP/DIDLOGICAL . I deleted it of course, but am worried someone has access to my computer. A link regarding this Credential manager user issue is:

http://answers.microsoft.com/en-us/...dlogical/40467173-a75a-44b2-8617-5aa7a0479925

A link for how to remove the typical google redirect virus is:
http://www.youtube.com/user/650038haig#p/u/29/TLVifFbLIso

I am not a computer wizz by any means. The only reason i have learned to attempt to try these things is from researching articles online. So if someone can give me advise, please try to go step by step in a really clear, 'computers for dummies' type of way.

THANKS!!!!!!!!!!!!

before i follow those directions...new problem!

AH! this virus is making me mad!

So, i know that all directions are be followed for specific people. So, something new is happening and i need to make sure this doesnt change my fix solution you posted before i follow it.

Now, if i leave my computer unattended over night in sleep mode when i wake up its shut down, takes a while to start up, and then the notepad is opened saying this

"[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787"

Then there of course a little window that says "windows has recovered from an unexpected shut down."

This is crazy! Should i still follow your given directions from your last message or does this change or complicate things?

Thanks,
Corey