TechSpot

Help! Google redirectish virus I cant figure out how to remove

Inactive
By the dude
Oct 25, 2011
  1. So, I have a difficult version of the Google Redirect Virus. When i search something on Google (i use chrome and Wind 7 btw) it lags and in the bottom left hand part of the screen it says something like "Waiting for raresearchsystem.com..."

    If i wait it sends me to an ad sight or somewhere else. While its lagging (before the ad sigh comes), i can go up to the searchbar and hit enter again, re-affirming my command to go to a certain website and it then listens correctly. Essentially, i have to search it and then re send it.

    I have searched for this, but when i search raresearchsystem removal on google it only brings me to a bunch of posts by a company wanting you to download their software, but there are never any posts from real people concerning whether it works or not. I dont want generic responses, i want actual responses for help. So, it gets worse.

    I have tried the TDBS Removal App. and going to the device manager and looking for the thing there. it was not there. both of these failed methods listed here:
    http://www.youtube.com/watch?v=hZdfLJuAi5o
    http://www.ehow.com/how_5842581_remove-google-redirect-virus.html

    I have tried going to windows/system 32/drivers/etc/ and then opening the host document with the notepad. there is extra content at the bottom to delete but when i try to delete the extra line, it will not let me save, stating that i have to contact the system administrator. Even when i check all the admin settings to ensure i should have full admin access, even when i turn it off, the hosts notepad still will not let me save. Here is what my notepad looks like


    Copyright (c) 1993-2009 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    # localhost name resolution is handled within DNS itself.
    # 127.0.0.1 localhost
    # ::1 localhost <---- this line i cannot delete.

    Line above i cant delete and save.

    Also, curiously, there was extra user in my Credentials Manager file called VIRTUALAPP/DIDLOGICAL . I deleted it of course, but am worried someone has access to my computer. A link regarding this Credential manager user issue is:

    http://answers.microsoft.com/en-us/...dlogical/40467173-a75a-44b2-8617-5aa7a0479925

    A link for how to remove the typical google redirect virus is:
    http://www.youtube.com/user/650038haig#p/u/29/TLVifFbLIso

    I am not a computer wizz by any means. The only reason i have learned to attempt to try these things is from researching articles online. So if someone can give me advise, please try to go step by step in a really clear, 'computers for dummies' type of way.

    THANKS!!!!!!!!!!!!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. the dude

    the dude TS Rookie Topic Starter

    before i follow those directions...new problem!

    AH! this virus is making me mad!

    So, i know that all directions are be followed for specific people. So, something new is happening and i need to make sure this doesnt change my fix solution you posted before i follow it.

    Now, if i leave my computer unattended over night in sleep mode when i wake up its shut down, takes a while to start up, and then the notepad is opened saying this

    "[.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787"

    Then there of course a little window that says "windows has recovered from an unexpected shut down."

    This is crazy! Should i still follow your given directions from your last message or does this change or complicate things?

    Thanks,
    Corey
     
  4. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Please follow my previous reply.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.