TechSpot

Knowing4Certain · #1 11-26-2009

When using Google Toolbar in IE or Firefox, the results page would be either Google's UK or Germany/Deutchland version. When I would click on the first or second result I would be redirected to one of those cheap "search engine" pages. The same thing happens when I type in google.com and do a search.

I ran the 8-Step program (please see attachments).

Thanks in advance for your help.

AnonymousSurfer · #2 11-26-2009

Hi Knowing4Certain,

Welcome to Techspot first of all. Second thing I will say, is you have QUITE a mess. Please re-open HijackThis, and do a System Scan Only. Then, check off the following problems to be fixed... (Basically, every thing with O1 in the beginning)
O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 88.198.198.204 google.ae

O1 - Hosts: 88.198.198.204 google.as

O1 - Hosts: 88.198.198.204 google.at

O1 - Hosts: 88.198.198.204 google.az

O1 - Hosts: 88.198.198.204 google.ba

O1 - Hosts: 88.198.198.204 google.be

O1 - Hosts: 88.198.198.204 google.bg

O1 - Hosts: 88.198.198.204 google.bs

O1 - Hosts: 88.198.198.204 google.ca

O1 - Hosts: 88.198.198.204 google.cd

O1 - Hosts: 88.198.198.204 google.com.gh

O1 - Hosts: 88.198.198.204 google.com.hk

O1 - Hosts: 88.198.198.204 google.com.jm

O1 - Hosts: 88.198.198.204 google.com.mx

O1 - Hosts: 88.198.198.204 google.com.my

O1 - Hosts: 88.198.198.204 google.com.na

O1 - Hosts: 88.198.198.204 google.com.nf

O1 - Hosts: 88.198.198.204 google.com.ng

O1 - Hosts: 88.198.198.204 google.ch

O1 - Hosts: 88.198.198.204 google.com.np

O1 - Hosts: 88.198.198.204 google.com.pr

O1 - Hosts: 88.198.198.204 google.com.qa

O1 - Hosts: 88.198.198.204 google.com.sg

O1 - Hosts: 88.198.198.204 google.com.tj

O1 - Hosts: 88.198.198.204 google.com.tw

O1 - Hosts: 88.198.198.204 google.dj

O1 - Hosts: 88.198.198.204 google.de

O1 - Hosts: 88.198.198.204 google.dk

O1 - Hosts: 88.198.198.204 google.dm

O1 - Hosts: 88.198.198.204 google.ee

O1 - Hosts: 88.198.198.204 google.fi

O1 - Hosts: 88.198.198.204 google.fm

O1 - Hosts: 88.198.198.204 google.fr

O1 - Hosts: 88.198.198.204 google.ge

O1 - Hosts: 88.198.198.204 google.gg

O1 - Hosts: 88.198.198.204 google.gm

O1 - Hosts: 88.198.198.204 google.gr

O1 - Hosts: 88.198.198.204 google.ht

O1 - Hosts: 88.198.198.204 google.ie

O1 - Hosts: 88.198.198.204 google.im

O1 - Hosts: 88.198.198.204 google.in

O1 - Hosts: 88.198.198.204 google.it

O1 - Hosts: 88.198.198.204 google.ki

O1 - Hosts: 88.198.198.204 google.la

O1 - Hosts: 88.198.198.204 google.li

O1 - Hosts: 88.198.198.204 google.lv

O1 - Hosts: 88.198.198.204 google.ma

O1 - Hosts: 88.198.198.204 google.ms

O1 - Hosts: 88.198.198.204 google.mu

O1 - Hosts: 88.198.198.204 google.mw

O1 - Hosts: 88.198.198.204 google.nl

O1 - Hosts: 88.198.198.204 google.no

O1 - Hosts: 88.198.198.204 google.nr

O1 - Hosts: 88.198.198.204 google.nu

O1 - Hosts: 88.198.198.204 google.pl

O1 - Hosts: 88.198.198.204 google.pn

O1 - Hosts: 88.198.198.204 google.pt

O1 - Hosts: 88.198.198.204 google.ro

O1 - Hosts: 88.198.198.204 google.ru

O1 - Hosts: 88.198.198.204 google.rw

O1 - Hosts: 88.198.198.204 google.sc

O1 - Hosts: 88.198.198.204 google.se

O1 - Hosts: 88.198.198.204 google.sh

O1 - Hosts: 88.198.198.204 google.si

O1 - Hosts: 88.198.198.204 google.sm

O1 - Hosts: 88.198.198.204 google.sn

O1 - Hosts: 88.198.198.204 google.st

O1 - Hosts: 88.198.198.204 google.tl

O1 - Hosts: 88.198.198.204 google.tm

O1 - Hosts: 88.198.198.204 google.tt

O1 - Hosts: 88.198.198.204 google.us

O1 - Hosts: 88.198.198.204 google.vu

O1 - Hosts: 88.198.198.204 google.ws

O1 - Hosts: 88.198.198.204 google.co.ck

O1 - Hosts: 88.198.198.204 google.co.id

O1 - Hosts: 88.198.198.204 google.co.il

O1 - Hosts: 88.198.198.204 google.co.in

O1 - Hosts: 88.198.198.204 google.co.jp

O1 - Hosts: 88.198.198.204 google.co.kr

O1 - Hosts: 88.198.198.204 google.co.ls

O1 - Hosts: 88.198.198.204 google.co.ma

O1 - Hosts: 88.198.198.204 google.co.nz

O1 - Hosts: 88.198.198.204 google.co.tz

O1 - Hosts: 88.198.198.204 google.co.ug

O1 - Hosts: 88.198.198.204 google.co.uk

O1 - Hosts: 88.198.198.204 google.co.za

O1 - Hosts: 88.198.198.204 google.co.zm

O1 - Hosts: 88.198.198.204 google.com

Please also download CCleaner

kimsland · #3 11-26-2009

Quote:

Originally Posted by AnonymousSurfer

you have QUITE a mess

You're not kidding, it is quiet a mess:

Quote:

Registry threats detected : 126
File threats detected : 21

And having
ZoneAlam
Spyware Doctor
Spybots S&D
Installed didn't seem to help either

I also notice the Windows is installed to C:\WINNT
Which sometimes means it has already had a repair in the distant past

I would recommend backup all data, and re-install clean, myself

Knowing4Certain · #4 11-26-2009

I followed AnonymousSurfer's recommendations without success. I was actually just thinking the same thing that you have suggested (i.e., backup all data and re-install clean) just before I logged back in here. So at this point, that is what I'm going to do. Thank you.

kimsland · #5 11-26-2009

Here's some help with that

Microsoft's Windows XP Professional Repair Install step by step (* Including Delete Partition): http://www.windowsxpprofessional.win...exfullpage.htm
Microsoft's Windows XP Home Repair Install step by step (* Including Delete Partition): http://www.windowsxphome.windowsrein...exfullpage.htm
* Warning deleting the Partition will remove all User data and Windows system files

Driver Updates: http://www.techspot.com/vb/topic117607.html

XP Service Pack 3: http://support.microsoft.com/kb/322389

bobba2k · #6 12-14-2009

I had run into this issue on a customers PC this week. The Host File had been compromised badly. It is now hidden and when you try to access the Host file, you get an error message "access is denied". I had run Malwarebytes, SuperAntiSpyware, CCLeaner, and a few other Antivirus programs, I was able to remove the original threat but Google would keep redirecting to Google.nl. I removed the hard drive from the laptop and tried to access the Host file from another PC, but still got an error "access is denied" I tried running recovery mode, still "access is denied". However.. I was able to resolve the issue by renaming the old ETC folder to ETCXXX and created a new ETC folder. I then copied the services, lmhosts, protocols and new hosts file from another computer (or the I386 folder). Now, the virus is gone and Google.com is not redirecting to Google.nl. To test it, I ran a Hijackthis, and the host section is now clean.

Similar Topics
Topic	Replies	Forum
Google Redirect Virus: Can someone look at my Hijack log?	1	Virus and Malware Removal
Info on the "Google Redirect/Hijack virus"?	8	Virus and Malware Removal
Undetectable Google hijack/redirect	14	Virus and Malware Removal
Browser hijack [google redirect to random sites]	10	Virus and Malware Removal
Google redirect from common hijack	3	Virus and Malware Removal

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

TechSpot

Google hijack/redirect problem

Follow TechSpot

Subscribe to our Newsletter