Helping people with computers... one answer at a time.

Unexpected browser redirection is often the result of malware - usually malware on your machine, but occasionally a problem with the site.

When I type in some URLs, such as google.com or yahoo.com, instead of getting the real website, I appear to be redirected to some other site ending in .ru. But the site I typed in still stays displayed in the address line. Is this a virus or someone trying to take over my computer? How do I clean this up?

In a word: malware.

This is a fairly classic case of a browser hijacking.

There are many variations on the theme, but the idea is very simple: you try to go somewhere and you land ... somewhere else.

DNS hijacking

What you've experienced seems like a pretty direct hijack. If the address bar remains unchanged – i.e. it still says "google.com" – and yet you know that you're not seeing google.com at all, then malware has perhaps modified your system's "hosts" file, your DNS settings, or potentially the DNS settings in your router.

Both of those approaches modify the way your system locates servers on the internet. Looking up "google.com" in DNS should normally return the IP address of one of Google's servers. In the case of a DNS hijack, a different IP address is returned – the IP address of a malicious server. In some cases, the malicious server can be set up to look like the site that you think you're accessing in order to fool you into divulging personal information, like login credentials or worse.

The DNS changer malware that we've all heard so much about recently did exactly this.

Browser hijacking

Some malware, rather than playing with your DNS, takes a more direct route and infects your browser or a component of the browser directly.

Apparently. the recent "Flashback" malware that infected so many Macs worked this way, leveraging a vulnerability in the Java browser component used by many websites and web-based services. It's my understanding that once infected, simple page loads weren't impacted, but clicking on certain search results would take you not to the result you clicked on, but rather to something else, as set up by the malware authors.

Analyzing and modifying search results is just one example. Once infected, malware can do many different things in your browser.

Site hijacking

To be complete, we also need to mention that occasionally it's not your problem at all, but a problem at the site that you're attempting to visit. This is almost never the case with high profile sites like Google or Yahoo!, but occasionally smaller sites do get hacked.

Most often when a site gets hacked, it's simply defaced in some way.

It's possible, however, that once hacked, a site could fairly easily be modified to automatically send any visitors that it does get to some other website – presumably a malicious one.

Fixing the problem

Except for the later case, where the problem is actually not on your machine, fixing it should be fairly easy.

Run an up-to-date anti-malware scan.

If you're unsure of what to run (and you should be running something, always), What Security Software do you recommend? has my current recommendations.

For a problem like this one, I'd install and run Microsoft Security Essentials, keeping that as your ongoing anti-virus and anti-spyware solution and then also run a scan by the free Malwarebytes Anti-malware tool, which seems to pick up a number of nasties that other tools do not.

(This is an update to an article originally published November 3, 2005.)

Article C2452 - May 12, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

51 Comments
dsu
November 4, 2005 10:00 AM

Also make sure you set a new recovery point if you are using XP. If you have to restore it will also restore the malware.

Alex
October 7, 2006 7:22 PM

I doubt too many Spyware/MalWare inserted "itself into your browser". 99% just edit the HOST file. Host file only affects Internet Explorer. Its just a text file which redirects IE. IT was made for good but it is a stupid idea and is a HIGHLY EXPLOITALBE. To Fix download Mozilla Firefox... No worries...because no HOST FILE.

Note: a REAL(not lame spyware) virus could hijack your entire browser in that case your in over your head...time to refomat

Leo Notenboom
October 7, 2006 8:08 PM

That's incorrect. hosts is used by the operating system, and affects all programs accessing the internet. It actually dates back to Unix (or possibly earlier).

Stuart Rennie
January 19, 2007 8:15 AM

Hi Leo

I am also being redirected on every first and second occasion I enter a search into google and click on the intended results. On the third occasion it will take me into the intended sites. I also now have a home page of http://assureprotection.com/ which I cannot remove along with a protection bar I did not have previously. Any help with this would be great.

Regards

Stuart

Mike
January 20, 2007 7:15 AM

I am also having the exact same problem as Stuart. I ran adaware and it did not fix the problem. any suggestions would be appreciated.

Thanks,

Mike

k5steve87
January 29, 2007 8:28 PM

I am also having the same problem with being redirected the 1st and 2nd but on the 3rd attempt it goes to the right spot and i have ran a couple of different sprware programs

Faron
February 6, 2007 7:15 AM

I also have the same exact problem as K5steve87 being redirected 1st and 2nd time but working correctly when clicking on a Google search result. I have updated windows defender and ran it to no avail. I am running the most current Norton’s Antivirus with the latest definitions. It still doesn’t catch the culprit
Thanks for any help
Faron

Ton
July 30, 2007 3:43 PM

i am also having the same problem on my xp. on the third try it works. but the first and 2nd doe's not work. how do fix it? and i tried fixing by editing the host file.

Dana
January 3, 2008 4:22 PM

I am also having the exact same problem as Stuart. I ran adaware and it did not fix the problem. any suggestions would be appreciated.

Kent
January 18, 2008 2:07 PM

I also have the same problem. I have used adaware and Spybot S&D along with Windows Defender and nothing. I think it was a popup with a fake "close" button that did it. If you figure it out, it's appreciated

Pip
July 28, 2008 1:53 AM

i am having a similar problem to stuart above,
google allows me to carry out searches, however, when i click any of the links it finds - on the first attempt i am always re-directed, but on the 2nd or 3rd attempt i am not.
i am also unable to use the "define" function in google, and use google images (both result in an almost blank page).
i have also tested yahoo and msn search engines, but they seem to be fine. i have run spybot S&D, AVG antivirus, Adaware, malwarebytes, even had an extremely helpful person from the spybotS&D forums look at my hijackthis log, reports from smitfraud, and fixwareout, but nothing seemed to correct this problem
any help on this would be great.

shachar
August 5, 2008 6:24 AM

hi leo

can i redirect someone web site to my website, only in my computer?

tnx shachar

brandon
October 24, 2008 2:13 PM

Hi Leo,

My google seems to work fine... it finds what i want but when i click on the link it redirects me somwhere else. I've ran avira 5 times and finds 6 threats which cannot be removed...?...
please help

Brian
November 11, 2008 9:33 AM

same problem as above - HELP!

Bruce
November 24, 2008 4:16 PM

I've recently been unable to download any updates from Mcafee or AVG, am getting re-directed all the time and can't seem to find the problem. Lots of pop-ups which can't be turned off. Every time I go to a site that has anti-virus software, I get a message that says "Sorry, this website is not available" in bad spelling no less. If I click on a sight from a search, I won't get to the address I'm after but sometimes if I copy the sites address and paste it into my browser, it will take me to the correct site. Still no ability to download any anti-virus software. I've spent days fighting this one, any help would be appreciated.....

It's pretty clear you have malware that is blocking your attempts to get anti-malware software. I would download anti-virus and anti-spyware software using a different computer, and try installing it on the problematic one booted in safe mode. Good luck!
- Leo
25-Nov-2008

Tom
November 25, 2008 7:16 AM

I have been on the trail of this one. Seems to only affect google searches. I have made some headway. Found a folder in program files called "tinyproxy" it wasnt empty so after changing it from read only I descovered a hidden file called "tinyproxy.exe". When I rename it and stop the process I can no longer access the internet. It appears my browser is being redirected using this proxy somehow. havent worked it out yet though. Hopefully I have put you guys on the trail too.

Tom
November 25, 2008 8:05 AM

Here you go:

best in safe mode:

Delete this folder in bold.
C:\Program Files\TinyProxy\

Delete these files in bold.
C:\windows\kennyxx.exe
C:\windows\fmark2.dat

Remove the Proxy setting in Internet explorer and/or in FireFox.

In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.

Click the apply button and restart that computer.

patrick
November 29, 2008 8:43 AM

I had success with an anti virus called "fix it utilities 9".It found files infected with adware and spyware when it was in DEEP SCANN MODE.It immediately quarantined the files. Although the insructions claim the computer would be fine with the files in quarantine it was not until i deleted them(as an option from the qurantined files page)that my computer was fully functional.The results were intantaneous.My sound driver had to be reinstalled after this,since i had no sound at all,I assume this was a complication from the virus(s).I hope this helps.This website helped quite a bit.Thanks.

Kevin Huttenlocher
March 3, 2009 11:20 AM

--------------------------------------------------------------------------------

IE and FireFox and Windows Explorer will browse forward for sometimes less than a second and sometimes for up to almost 10 seconds. Examples.. My IE and FF start page is Google.com. If I start FF its OK as long as I stay at the start page. If I want to go to ebay or anywhere, it goes there for a second or a few seconds and then returns to the start page. The aol browser is OK and never malfunctions. I use Mcafee security that comes with aol. At this point just for more info, the forward green arrow is highlighted indicating that I have backed up the browser. If I click the forward arrow to attempt to go forward again to ebay, it will act the same and return to the start page again. Additionally, If I were to use anything that uses the Windows Explorer browser, the same thing will happen. Example... Start button/explore, cannot stay fixed - always reverses. I have run every adware/malware that another experienced tech on another popular site told me to and he is puzzled. I have uninstalled and then reinstalled FF. I have run ATF cleaner. I have run Malwarebytes Anti-malware and SDfix. no changes. I am submitting the asked for logs here.Also, copy and paste works intermittantly but mostly not. When the browser works (which is every now and then) the copy and paste function works normal as well.

Eric
March 4, 2009 10:12 AM

I recently repaired a machine that was getting redirected only in google. It appears that the host file had been re-written and included hundreds of sites to go to all dealing with google. I found myself unable to edit and save, or create a new and copy over the old. What wound up having to happen was I created a new folder (Location: C:\Windows\System32\drivers\etc)called etc2. I copied the contents of the original etc folder. Everything exept the host file. I opened the old host file in notepad and edited the sites out. I then saved as to the new directory etc2. I then renamed the old etc folder to etc3. I changed the name of the new etc2 to etc. Attempted to use google and it works fine. What a pain in the A@@, but it worked. I have been on 100 different sites that direct to all over the place, but found nothing that could help me. I hope others are able to use this method and benifit from my pains.

One quick note is that the host file is a protected file and does not show up in the folder unless you go to tools, folder options,view, scroll down the lise and uncheck hide protected operating system files.

If the hosts file is locked or inaccessible, I'd also try just rebooting in safe mode, or booting using a Linux Live CD. Since hosts is just plain text, it's easily editable regardless of what OS you're in.
- Leo
05-Mar-2009

King Kwong
March 6, 2009 12:31 AM

I use IE6 on Win XP

When I first open IE, I am always redirected to http://www.microsoft.com/taiwan/windows/internet-explorer/download-ie.aspx?ocid=fwlink_ie6_updates.

But when I click "Home", I can always go back to the first page set up in Tool -> Internet option?

Why? Can I disable this redirection?

Ricky Bohan
March 29, 2009 10:08 AM

I'm just posting because I think I may have a solution to some of your problems.

Apparently, quite recently a worm called Conflicker (also known as downadup, downup, and kido) has been spreading over the internet at a very rapid pace. The symptomes include:

* Google search redirecting
* Antivirus updating has been disabled (you may see the "unable to connect" message when trying to update your antivirus)
* Unable to view websites related to Antivirus software (you may see the "sorry this website is not available" message)
* And alot of popups

I have found that these are all results of Conflicker. It only affects Windows operating systems based on an exploit. Search for and download this patch for Windows "MS08-067". I googled it and found it. When I installed the patch, everything on my computer went back to normal. I can even perform my Antivirus updates, and surf freely without having my google pages redirected all the time. Hopefully it will work for you too.

[link removed]

Bill Snyder
October 6, 2009 2:40 PM

I am working a relatives desktop computer that has some kind of redirect virus. Any time you go on any browser, Internet Explorer or Firefox, the homepage will redirect you to a chinese "Prima Hosting page cannot be found" website. Before that it was Baidu chinese search engine, but i got rid of that one virus. If i use the search toolbar in the top right corner I will be redirected several times. I've tried uninstalling the web browsers and reinstalling, I've removed Norton and installed AVG, but that didn't even work. I've tried A-squared and combo-fix, still nothing. I've looked up the Google redirect virus in the registry and can't find it. Any answers please let me know. Thank you

Lee-Anne
December 27, 2009 8:21 PM

Everytime I try to search a website through google in firefox, I can see all the search results but when I go to click on one of them it redirects me to somewhere completely different, each time I try a different link its a different site, never the same one twice. But if I copy the address directly into the address bar its fine, it only seems to happen in firefox. I've run all my scans and found a few virus's and they've been removed or quarantined. Its driving me mad!!

melvin_melvin@yahoo.com
January 5, 2010 6:22 PM

Search for and download this patch for Windows "MS08-067". As suggested buy "Ricky Bohan" This worked for me! I'm good to go. This is the fix in Windows XP Service Pack 2 and 3.

Hope this helps

Rob-oto
January 7, 2010 5:16 PM

I had a very similar problem and the above comments didnt really help. What did help was running ComboFix. That really did the trick!

Angie
February 4, 2010 9:02 PM

Everytime I try to use Internet Explorer it goes to ! I am unable to look at my email, shop online, or do anything because it automatically goes to this site which is nothing. I can't even download spyware or new virus updates because it only goes to this page. I have already tried getting rid of my cookies & temp files, but that did not help. Anyone...help!

Alpesh
May 9, 2010 11:00 AM

I had the same problem. I just got rid of it by removing

Java(TM) 6 Update 18

Winkie
September 25, 2010 2:55 PM

I had a very similar problem and the above comments didnt really help. What did help was running ComboFix. That really did the trick worked for me to

john
October 15, 2010 8:33 AM

I had the same problem. I uninstalled java updates and the problem was fixed.

Danial
November 21, 2010 4:51 PM

i have the same problem..when i type google.com URL it redirect me to 1search1.net..i had tried so many applications (HitmanPro, Malwarebytes, Ccleaner, Exterminateit, Hijack, etc ), unninstall java, but still doesn't work.. Please help me..

PeteGibs
December 3, 2010 1:48 AM

I found I had a trojan win32/sefnit.E, ran all the spyware and malware searches and it found nothing

file:C:\Users\*user*\AppData\Local\Drm\DrmScheme.dll

regkey:HKCU@S-1-5-21-32534609-1996396635-2218557562-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\DrmScheme

runkey:HKCU@S-1-5-21-32534609-1996396635-2218557562-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\DrmScheme

Hope this helps

Marck
December 10, 2010 1:26 PM

C:/Windows/system32/wdmaud.sys
Delete it (or move/rename) and Reboot.
wdmaud.sys legitimate file should be located in "C:\Windows\System32\drivers"

Jim
December 16, 2010 7:26 PM

When I go to a certain website, say facebook, I am redirected to this website called www.stopbadsite.com and I have tryed fixing it with Norton's. This problem occured when my roomate was watching Netflix Instant Replay and it stopped the movie and redirected him to stopbadsite.What happened and how can I fix it?

Mike S.
December 26, 2010 12:09 PM

Same problem.... youtube would never come up and google.com would always pop up some .ru site
I tried all the other stuff and I finally came up with a solution for my system running Windows 7.
I ran Hijack this and found all sorts of sites that came with my IP as the Host. Hijackthis recommended for me to go into Windows\system32\drivers\etc\host

I deleted the "host" file. Everything worked fine on internet explorer and/or firefox.
Im running Windows7. Hope this helps out!

NetBestBill
March 3, 2011 8:11 AM

Well... I finally found and fixed the problem (at least for now). Here's what I found..
The windows/system32/drivers/etc/hosts file had been corrupted with a dozen or so redirects for google and yahoo sites. Since that's a system read-only file, I had to adjust the security on the etc folder to allow administrator access and then I removed all of the redirects... saving the file back. On reboot.. all is well. I've tried cold and soft boots, browsing around, and generally exercising the computer on the internet and the problem hasn't re-occured yet....

Phil
March 31, 2011 6:40 PM

Only Google search is being redirected on my PC . yahoo works , fine And so does google Image search .
What First pops up during the redirect every time is www dot bliywl dot net . then it goes some where else , Well Guess what There is no such thing ,
I'm a bit confused in the above fixes . As I have 1 Host file and 4 host backup files can some one give me a play by play of what to do ? Thanks !

thiyagi
November 28, 2011 9:20 AM

I cleared the history, cookies, temp and all, now the browser doesn't redirect..;)

Bruce
December 28, 2011 6:23 AM

I renamed two host files in(Windows\system32\drivers\etc\host) to (oldhost) and eliminated the redirect problem completely. Couldn't have been easier!!

omar
March 19, 2012 11:21 AM

What would cause my browser to redirect me from www.rewardtv.com to uk.rewardtv.com when i made my account everything was ok then about a week later i couldn't log in then i noticed it took me from the u.s. site to the uk site now every once in a while it will stay on the www. site but from 2 to 10 min after it logs me out and sends me to the uk site and this is the only time i get redirected ive scanned my computer several times with several different anti spyware software and it still redirects me theirs been times ive downloaded tool bars that cause my browser to redirect on several sites but ive deleted them so what would cause that one site to redirect when all other sites work perfect.

Kevin
May 15, 2012 9:53 AM

At times like this/these..In my opinion the only real answer to this is to revert to an image backup..no need to panic though....all else can be backed up separately.
What ya think Leo??????????????????????

Noella
May 15, 2012 11:58 AM

A couple of years ago, we had a browser hijack happen to our computer. The computer tech person we hired (who also is the supervisor of the tech department of a large company nearby) thought he had it fixed. When we picked up the computer, he decided to double check something else entirely. It was then he found that it hadn't been fixed at all. Whatever malware/trojan/virus it was had placed itself in a host file and everytime it was deleted, etc. it replaced itself. It did not respond to AVG (which was what we had at the time I think, right now we're using Panda Cloud) or Malwarebytes and had actually attached itself to Spybot S&D also.

We finally had to totally reinstall Windows to get rid of it.

Johnxi
May 15, 2012 2:16 PM

It seems to me that people are ignoring the simplest solution. Set your DNS server address permanently in either your router (best) or in W7 (or my case) XP itself, to something like the free "opendns" at 208.67.222.222. End of story - I don't think a virus can go in and alter your router settings... can it? Enjoy - Johnxi

Mark J
May 15, 2012 2:26 PM

@Johnxi
If you have malware on your system, there is little it cannot do. Unless you remove the malware it can change the DNS setting to whatever it wants. Since your router can be accessed through your computer, it is possible that malware can make changes to your router's settings.

john neeting
May 15, 2012 11:10 PM

I knew I had a virus when the file I clicked on [ reported clean by antivirus ] disappeared on execution.
Watch for this latest one. here's the story AND the fix
Like a fool not following his own advice, I downloaded an exe file
believing it to be what i expected. All prior checks on the file with 4 anti-virus programs gave it the all clear; but I knew it was dodgy the miniute the whole file disappeared after attempting to run. Aaaaaaaaagh!
I ceased all activity and run AV again which pin-pointed one file in the system32 folder as a virus. MRXSMB.SYS. Knowing how big the original EXE file was, I was sure that other hidden damage had been done. Rebooting immediatly in safe mode, I scaned again and this file 'recreated' itself; identified as 'win32:SireFeF-WZ
steps to eliminate it.
1. scan registry and delete all instances of MRXSMB.SYS
2.open explorer, navigate to win32 and order files by date.
3. find any file created the moment I ran the virus file [date] usually last on the list.
4. delete these files but NOTE their names. Now open the registry and search for each file name you deleted and delete them from the registry [ carefull-delete only the file names NOT the keys]
5. run virus scanners again
6. open explorer, navigate to documents and settings, your user folder [ joe ]. search for *.exe. order by modified or date created. look for files created ATT [ usually bottom of list ]
Note their names,delete files. Now search for *.sys and go through the same process. Now open registry again and search for each noted file name, delete the file names from registry entry.
7. Get your good copy of MRXSMB.sys and put it in sys32 folder. Open permissions and 'deny delete'
[ the virus file contained the word 'dummy' in it when opened with notepad - dead give-away as no such word exists in the real file]
Now reboot normal - go to mrxsmb.sys and check the word 'dummy' does not exist in it
That's it. On the net, the experts say its such a stealth pest that only re-installing your OS will get rid of it but I did the above and got rid of it.

singe
May 16, 2012 1:16 AM

I have a slightly different variation than on here, but will try some of the suggestions when I get home.
On my PC it redirects if I get the url slightly wrong eg wwww.bbc.co.uk or www.bbc.oc.uk.
Which I often do!
Deleting the history in Java works, but only temporarily, few hours at most.
Various alternatives but most common is click2find page that is linked.
It is driving me crazy, and is a work PC, so I don't have admin rights. Our IT team could not sort it either.
Hopefuly someone has the answer.
Good luck everyone, I know how frustrating it is.

Johnxi
May 16, 2012 8:50 AM

To Mark J
Changing the DNS setting in your IP config - possible. Changing DNS on your router - EXTREMELY unlikely assuming you've set up an admin password.

Actually: A) an amazing number of people have never changed the default password on their routers thus B) malware authors have most definitely taken advantage of that and there is indeed malware that reaches out and changes the DNS settings on routers.
Leo
15-May-2012
john neeting
May 17, 2012 6:26 PM

I did an expanded version of my accounts and here it is

Something to try to help you recover from virus when all else fails.

Nearly all virus files operate in 2 ways. They either compose a new file which is itself the virus; or they substitute an existing file for a 'dummy' file which is the virus with the same name.

Most anti-virus programs quarantine or erase the file identified by option choice; but non give you the option
of replacing the identified file with the real one, then locking that file in the permissions area [ forbid erase by your log in name ]. Especially problematic if the infected file is an essential boot file.

If your anti-virus program alerts you to a virus in a file while it is running by command [ initiate scan by you ],
pause the scan and replace the identified file with your backup file; now manually 'lock' the file by OS permissions as above then continue the scan. Do the same for each file encountered with a virus. This gives you time to find the initial command file that is doing the damage because it cannot initiate if the OS denies erase.

Now that we have locked files that attempt to be erased and substituted, we can look for the file or files that have been composed to initiate the actions. Time stamps tell you a lot and looking for files that suddenly appear is relatively easy. Most virus files are initiated from one of two places [ to cover all editions of windows ].

The first is in the 'documents and settings' folder usually under your logged in profile. By searching files by time stamp [ *.* ] you can pinpoint the exact file that was composed at the time you got the virus OR the nearest time to the present if you left scanning till later. If you find, say, 2 files composed at the nearest time to the present; erase them after noting their names. If they are EXE, COM, DLL, SYS, BAT files, you don’t need to do the substitution method [ not yet anyway ] just note and erase..

Now go to the windows\system32 directory and search again by time stamp. Remember, the created virus files will have the same time stamp [ or damn near close ]. Again, note the file names, erase the files - now go to your MIRROR BACK UP FILES on another physical drive [ you do have these, don't you ? ] and search for these names to see if they exist. If they do, copy the good files to where they should be and LOCK THEM by OS permissions [ forbid erase again ].

If the file you erased is NOT a valid file, we need to temporarily fool the virus composer into thinking that it exists already to do it's dirty work. This gives us time to root out any master file we might have missed that was placed somewhere we are not looking.

Make a notebook TXT file with the same name as the file that shouldn't be were you found it [ EG. xyz.sys ] Fill the text file with the word 'null' about a page worth will do. Save the file as xyz.sys and lock this by OS permissions as well [ just to be safe, in case the virus composer checks the byte value ].

What have we got ?. Well, we replaced all the suspect files with our back ups and LOCKED them by permissions. We put in dummy files that shouldn't be there and LOCKED them by permissions.

CONTINUE THE SCAN. Chances are, you won't see any more alerts but if you do; back to square one.

OK, now we have scanned to the end; do ANOTHER complete scan to be sure, to be sure. All clear ?

NOW we have a one list of file names that SHOULD NOT be present. Open the registry with 'regedit' in the run command window. Search for instances of each of these bogus files and erase them from the registry if found [ do not erase keys - just the file names themselves ]. The replaced and locked valid files [ valid ones from our mirror back up ] should be left alone as these are real files, not bogus ones.

now reboot your PC in normal mode. Do another scan. All clear ?,

Now, do your peeking at time stamps in the 2 areas I've mentioned and you should see no files created anywhere near the present date. We do the final peek to be sure that there is no file that even attempts to install a virus even if it's efforts are blocked by locked files. Hopefully, you should be all clear. If, for some reason, the PC will not boot to normal windows [ because you accidentally erased an essential file ]; boot to safe mode and copy [ lock ] the files again. There are only very few essential files that windows needs to boot to safe mode so really, this scenario would be rare indeed; I've never encountered it myself and I've used this method 3 times already in the last few years.

I use this method in 2 instances.

1. Immediately after realising I got a virus by running a program
2. When all efforts to get rid of a virus fail after being identified by my scanners [ the file recomposes itself ]
So far, I’ve managed to avoid doing a complete reload of OS with this last ditch effort.

The key to this method is having a scanner that identifies the infected file [ not necessary the 'master' file that composes the virus, just a file that got infected – and [ most important ] a complete backup of the boot drive, on another drive you can source your OS files from. For this, I use Karen's replicator [ free program ] and re-replicate the complete drive before I attempt to install anything. Hope this method is of some use to you people tearing your hair out.

A. Orcan
June 20, 2012 7:44 AM

A user clicks a link in a web browser and it redirects to some other site or pulls up ads. What could be the reason and what can be done?
The reasons could be malware, options unintentionally selected somehow during surfing, the browser itself because of default options or the websites with legal redirects. I’ve seen browsers by some companies redirecting to their own inferior search engines from the selected one. Unfortunately, remedies tried may cause even worse problems. Registry repairs may force re-install of the OS with all the options and updates, upgrades, drivers, registrations gone. Another reason for good back-ups! And many programs, especially AIO types may cause more harm than good with so many options and potential to wreak havoc. That’s why I prefer to maintain and clean my PC’s myself manually.
If a good combination of AV and FW software is running all the time, with proper settings, I wouldn’t consider malware a great threat compared to what some regular software and OS/security updates do. Last time I had a malware infection was in 1997. However, I get requests from friends for this problem and manual remedies have almost always been good enough.
Some of the items to be checked manually are:
Running processes and system parameters.
Internet and browser options; including browsing and security settings, selected DNS servers, search assistants, geolocation and other junk, website redirect permits, new pages, etc.
Registry Modifications by malware or permitted software, registry areas to be investigated are actually not that much, just some familiarity is needed.
DNS Servers, sometimes infected by malware themselves, although rare. Actually DNS server selection should not be left to ISP/browser and DNS servers paid by some big names should be avoided against having redirection and ad problems.
Note that none of the anti-malware products would indicate most of these items, except some optimization software and even a re-install of the OS may not work.

ihsan
November 28, 2012 12:22 AM

when i give any url (website address), then the browser itself return to google page.
i installed another browser i.e opera, then problem has solved, but why i facing in Mozilla and Internet explorer?
plz sir help me
thanks

SILA
April 16, 2013 10:10 PM

I have a similar problem. whenever I log in to Facebook and Hotmail, I always end up in yahoo search altavista which is terribly terribly annoying. I have to refresh many many times before facebook or Outlook appears but then sometimes reverts back to altavista search... I don't know what triggers it to go back;
What can I do to stop this from happening?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.