I followed all of your instructions to get the desktop background off and I deleted all of the files, but now when I go on the internet and try to google anything or go to any site, I get redirected to other weird sites that are obviously part of the virus. Also, my computer has started freezing up all the time to the point that I can't do ANYTHING! Please help!
If your having the issues described then this is the EASY fix. Make sure you look at symptoms as there are different problems out there.
How to fix Google search results redirect redirected
I am using Windows XP and Mozilla Firebird as browser with NoScript add-on<<<the add-on just helped me with issue till I got fix.
Also affects all users names on computer.
IF you are being redirected to random ad sites then this is the fix that I got after 3 days. Have tried AdWare, S&D, MalWareBytes, SmitFraudFix, 7770Finder, ESET NOD32, CCleaner and a few other scrubs and probably a few I cant remember.
HijackThis did nothing and showed nothing as you can see from ppls post above. NOT to say its not good cause in the past it has worked. Just thik for one this is to new and two its in the registry.
Symptoms: Do a Google search in an actual browser window, NOT THE TOOL BAR %&*$. I would get the results I was looking for with the correct URLs under each result. Like searched Microsoft and it would come up with addresses from microsoft like: www.microsoft.com/ - 76k or www.microsoft.com/DOWNLOADS/en/default.aspx - 44k -
BUT when clicking a link I would usually get the page that it said the first time but when going back to the search results the next link would be some ad site with usually no WWW at the beginning. And this would last about 4 clicks. That is, by going to stupid ad site then back to results 4x then finally getting the page it was suppose to show.
Reason I am giving you whole speal is because there are alot of so similar ones out there.
Heres the fix. Wish I could give thanks to where I found it but cant find page now. Can remember the guy found it on his own and his last words are something like "kick the computer, format the drive, tell landlady she aint gettin money" or something like that .
1) in IE, go to tools, internet options , select the connections tab, then click on LAN settings, now uncheck everything in there, everything!!
(unless you know you user proxies.)
2) Go to control panel, select network connections, select the local area connection icon and double click on it. Now find internet protocol IP/TCP in the box and double click on it. Make sure the radio buttons saying " Obtain an ip address automatically are selected. both of them. (of course this is assuming u use dhcp, if u use static ip addresses, then make sure the dns server address is correct for what u use.
these are the two places I have found that rogue spyware change addresses to redirect you.
Also possible that they have changed url in the registry too.
I suddenly had google searches closing IE7, but could still do google search imbedded in, say, Comcast home page. Also, Microsoft Update website was suddenly "unavailable."
I installed avast! antivirus and it found 8 trojans on the first scan. I deleted all infected files, and shazam - the browser and google returned to working fine.
I think a good anti-virus program is your solution.
I recently just started having this problem for the first time and I work in IT and am pretty hot on the internet security thing. My problem started after I downloaded IE8 and only when using google search. But the site I was directed to tried to fool me into thinking I had viruses all over my PC and to download a file to fix them. I didn't of course..that file would have destroyed the browser settings for sure. I have since installed a dedicated browser hijacking software blocker - in addition to my existing antivirus and firewall (which did not prevent the original hijacks) and that seems to have stopped the problem. I regularly do disk cleanup anyway and clear internet cookies. The hijackers use this as a way to avoid antivirus and firewall software obviously and as long as you don't download any files they prompt you to then it should be simple to stop/ get rid of.
If this rootkit has finished its installation, the only noticeable sign of it is a slight binary difference between your atapi.sys and a valid one - date,time and size are equal (beyond the google redirect) . So it was on my system.
Boot with Linux or a Part Pe CD, change the file atapi.sys for a valid one (note: there are at least two of them in your system), reboot - the google redirect was gone on my system. No guarantee it will be the same on your system.
Greets and good luck.