Internet browser redirecting [Solved/Closed]

 hossein -

I followed all of your instructions to get the desktop background off and I deleted all of the files, but now when I go on the internet and try to google anything or go to any site, I get redirected to other weird sites that are obviously part of the virus. Also, my computer has started freezing up all the time to the point that I can't do ANYTHING! Please help!

8 replies

Everyone is always going too far with things like these....


Start > All Programs > Accessories > System Tools > Disk Cleanup.... Delete all automatically ticked items and then delete all those files.

This will delete all un-needed files from your computer especially malware or spyware, as they mostly like to hang out in the Temp folder.

So dont waste your time with download more viruses or spyware or malware.

Do it the easier way!

Good luck!
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2942 users have said thank you to us this month

this is exactly what doesn't work!
yeah it worked for me, no problem
Worked for me Thank You!
didnt work for me either jackass
it worked for me when I deleting c:\windows\temp all files

Registration date
Tuesday June 2, 2009
Last seen
June 3, 2009

If your having the issues described then this is the EASY fix. Make sure you look at symptoms as there are different problems out there.

How to fix Google search results redirect redirected

I am using Windows XP and Mozilla Firebird as browser with NoScript add-on<<<the add-on just helped me with issue till I got fix.

Also affects all users names on computer.

IF you are being redirected to random ad sites then this is the fix that I got after 3 days. Have tried AdWare, S&D, MalWareBytes, SmitFraudFix, 7770Finder, ESET NOD32, CCleaner and a few other scrubs and probably a few I cant remember.

HijackThis did nothing and showed nothing as you can see from ppls post above. NOT to say its not good cause in the past it has worked. Just thik for one this is to new and two its in the registry.

Symptoms: Do a Google search in an actual browser window, NOT THE TOOL BAR %&*$. I would get the results I was looking for with the correct URLs under each result. Like searched Microsoft and it would come up with addresses from microsoft like: - 76k or - 44k -

BUT when clicking a link I would usually get the page that it said the first time but when going back to the search results the next link would be some ad site with usually no WWW at the beginning. And this would last about 4 clicks. That is, by going to stupid ad site then back to results 4x then finally getting the page it was suppose to show.

Reason I am giving you whole speal is because there are alot of so similar ones out there.

Heres the fix. Wish I could give thanks to where I found it but cant find page now. Can remember the guy found it on his own and his last words are something like "kick the computer, format the drive, tell landlady she aint gettin money" or something like that .

Never mind found it with what I said above about his quote in Google that now works correctly. Maybe it did not fix his and thats the reason he said it. But it gave me the direction to fix it, after days of trying everything. [url=""][/url]

So DLed the TR software [url=""][/url] it came up with this registry key with the Kungs...thing.


Heres the key it came up with:
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

And the values that were bad:
kungsfaswwqlmq.sys and tdssserv.sys

Now two different ways to do this, you can either delete the key or just he values. "Delete the key. To prevent keeping a history altogether, right click ACMru/Permissions/Deny all users and groups listed." This is from another website: [url=""][/url] AND even has a script to do above for you: [url=""][/url]

I really hope this helps. Honestly could not find this anywhere. I guess its something new.
Who ever you are, you are a genius. I ran every spam and virus program known to man and still could not fix the problem. No one else could help either. You are the best.
Thank you T
Worked for me. I had a major system problem caused by malware Antimalware Doctor. I had to manually remove it using rkill.exe, malwarebyte, spybot and McAfee, then cleaning the registry manually. It worked but the browser redirect remained. After using the technique describe above I stopped browser redirects. I am not sure it there is still any malware left of registry items, but the system works fine: no redirects and no suspicious processes running. I still have a problem with starting the system in a safe mode. It would stop during boot and ask me to press escape to not load SPDT. Still working on resolving it. I am not a pro. Can somebody help please.
This worked with nothing else seemed to.
two things.
1) in IE, go to tools, internet options , select the connections tab, then click on LAN settings, now uncheck everything in there, everything!!
(unless you know you user proxies.)

2) Go to control panel, select network connections, select the local area connection icon and double click on it. Now find internet protocol IP/TCP in the box and double click on it. Make sure the radio buttons saying " Obtain an ip address automatically are selected. both of them. (of course this is assuming u use dhcp, if u use static ip addresses, then make sure the dns server address is correct for what u use.

these are the two places I have found that rogue spyware change addresses to redirect you.
Also possible that they have changed url in the registry too.
I tried about everything mentioned above. They didn't work. Someone recommended TDSSkiller. I downloaded it and it worked.
Yahoo Anti Spy helped me out. Try it! It find out hundreds of cookies with the "com" extension. And all of them are advertising company links. Remove these cookies and you are done.
I suddenly had google searches closing IE7, but could still do google search imbedded in, say, Comcast home page. Also, Microsoft Update website was suddenly "unavailable."
I installed avast! antivirus and it found 8 trojans on the first scan. I deleted all infected files, and shazam - the browser and google returned to working fine.
I think a good anti-virus program is your solution.

I recently just started having this problem for the first time and I work in IT and am pretty hot on the internet security thing. My problem started after I downloaded IE8 and only when using google search. But the site I was directed to tried to fool me into thinking I had viruses all over my PC and to download a file to fix them. I didn't of course..that file would have destroyed the browser settings for sure. I have since installed a dedicated browser hijacking software blocker - in addition to my existing antivirus and firewall (which did not prevent the original hijacks) and that seems to have stopped the problem. I regularly do disk cleanup anyway and clear internet cookies. The hijackers use this as a way to avoid antivirus and firewall software obviously and as long as you don't download any files they prompt you to then it should be simple to stop/ get rid of.
Thanks for sharing your experience. What dedicated browser hijacking software blocker did you install and helped you sort out the problem? Because I don't think my Chinese pages are a virus either (I've got an antivirus for Mac installed and couldn't find anything). Regards
I had the same probelm, doing a disk cleanup and deleting all cookies seemed to do the job... I hope
May be atapi.sys (windows/system32/drivers) ist corrupted.
Look here:

If this rootkit has finished its installation, the only noticeable sign of it is a slight binary difference between your atapi.sys and a valid one - date,time and size are equal (beyond the google redirect) . So it was on my system.

Boot with Linux or a Part Pe CD, change the file atapi.sys for a valid one (note: there are at least two of them in your system), reboot - the google redirect was gone on my system. No guarantee it will be the same on your system.
Greets and good luck.
Previously tried Spybot, Malwarebytes, Superantispyware, Viprerescue, Norton AV, Backlight, GMER, Sophos AntiRootkit, MdcAfee Rootkit Detective, sfc /scannow, reset IE to defaults.
IE still got redirected.
Then uninstalled NAV and installed AVG, this reported ATAPI.sys was infected.
Replaced using boot disk and also ran TDSSkiller and now Windows updates are running again.
I have fixed this issue by just performing "desk cleanup". Thanks for the help!!!

Subscribe To Our Newsletter!

The Best of CCM in Your Inbox

Subscribe To Our Newsletter!