When I type in some URLs such as google.com or yahoo.com, instead of getting the real website, I appear to be redirected to some other site ending in .ru. But the site I typed in still stays displayed in the address line. Is this a virus or someone trying to take over my computer? How do I clean this up?
It isn't someone, but something that's trying to take over your browser, yes. This is a fairly classic case of a browser hijacking.
More commonly referred to as spyware.
•
It's fairly straightforward, actually. Somehow, somewhere, software was downloaded onto your computer, and somehow inserted itself into your browser. Now, when you try to go one place, this software sends you somewhere else.
It's also fairly classic that the destination it sends you to ends in ".ru". That's a domain based in Russia, where some significant percentage of spyware originates.
Fixing it should be fairly easy.
Install a scanner and run an up-to-date anti-spyware scan. Personally I recommend Microsoft Anti-Spyware, however there are several good anti-spyware packages out there. One important feature to look for is real-time checking ... so that the next time some software attempts to install itself, the tool will prevent it.
And while you're at it, make sure you're running a good anti-virus scanner as well.
Related:
-
Ask Leo! - Recommendation: Microsoft Anti-Spyware
-
Ask Leo! - Spyware: How do I remove and avoid spyware?
Article C2452 - November 3, 2005
same problem as above - HELP!
Posted by: Brian at November 11, 2008 9:33 AMI've recently been unable to download any updates from Mcafee or AVG, am getting re-directed all the time and can't seem to find the problem. Lots of pop-ups which can't be turned off. Every time I go to a site that has anti-virus software, I get a message that says "Sorry, this website is not available" in bad spelling no less. If I click on a sight from a search, I won't get to the address I'm after but sometimes if I copy the sites address and paste it into my browser, it will take me to the correct site. Still no ability to download any anti-virus software. I've spent days fighting this one, any help would be appreciated.....
25-Nov-2008
I have been on the trail of this one. Seems to only affect google searches. I have made some headway. Found a folder in program files called "tinyproxy" it wasnt empty so after changing it from read only I descovered a hidden file called "tinyproxy.exe". When I rename it and stop the process I can no longer access the internet. It appears my browser is being redirected using this proxy somehow. havent worked it out yet though. Hopefully I have put you guys on the trail too.
Posted by: Tom at November 25, 2008 7:16 AMHere you go:
best in safe mode:
Delete this folder in bold.
C:\Program Files\TinyProxy\
Delete these files in bold.
C:\windows\kennyxx.exe
C:\windows\fmark2.dat
Remove the Proxy setting in Internet explorer and/or in FireFox.
In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection.
Click the apply button and restart that computer.
Posted by: Tom at November 25, 2008 8:05 AMI had success with an anti virus called "fix it utilities 9".It found files infected with adware and spyware when it was in DEEP SCANN MODE.It immediately quarantined the files. Although the insructions claim the computer would be fine with the files in quarantine it was not until i deleted them(as an option from the qurantined files page)that my computer was fully functional.The results were intantaneous.My sound driver had to be reinstalled after this,since i had no sound at all,I assume this was a complication from the virus(s).I hope this helps.This website helped quite a bit.Thanks.
Posted by: patrick at November 29, 2008 8:43 AM--------------------------------------------------------------------------------
IE and FireFox and Windows Explorer will browse forward for sometimes less than a second and sometimes for up to almost 10 seconds. Examples.. My IE and FF start page is Google.com. If I start FF its OK as long as I stay at the start page. If I want to go to ebay or anywhere, it goes there for a second or a few seconds and then returns to the start page. The aol browser is OK and never malfunctions. I use Mcafee security that comes with aol. At this point just for more info, the forward green arrow is highlighted indicating that I have backed up the browser. If I click the forward arrow to attempt to go forward again to ebay, it will act the same and return to the start page again. Additionally, If I were to use anything that uses the Windows Explorer browser, the same thing will happen. Example... Start button/explore, cannot stay fixed - always reverses. I have run every adware/malware that another experienced tech on another popular site told me to and he is puzzled. I have uninstalled and then reinstalled FF. I have run ATF cleaner. I have run Malwarebytes Anti-malware and SDfix. no changes. I am submitting the asked for logs here.Also, copy and paste works intermittantly but mostly not. When the browser works (which is every now and then) the copy and paste function works normal as well.
Posted by: Kevin Huttenlocher at March 3, 2009 11:20 AMI recently repaired a machine that was getting redirected only in google. It appears that the host file had been re-written and included hundreds of sites to go to all dealing with google. I found myself unable to edit and save, or create a new and copy over the old. What wound up having to happen was I created a new folder (Location: C:\Windows\System32\drivers\etc)called etc2. I copied the contents of the original etc folder. Everything exept the host file. I opened the old host file in notepad and edited the sites out. I then saved as to the new directory etc2. I then renamed the old etc folder to etc3. I changed the name of the new etc2 to etc. Attempted to use google and it works fine. What a pain in the A@@, but it worked. I have been on 100 different sites that direct to all over the place, but found nothing that could help me. I hope others are able to use this method and benifit from my pains.
One quick note is that the host file is a protected file and does not show up in the folder unless you go to tools, folder options,view, scroll down the lise and uncheck hide protected operating system files.
05-Mar-2009
I use IE6 on Win XP
When I first open IE, I am always redirected to http://www.microsoft.com/taiwan/windows/internet-explorer/download-ie.aspx?ocid=fwlink_ie6_updates.
But when I click "Home", I can always go back to the first page set up in Tool -> Internet option?
Why? Can I disable this redirection?
Posted by: King Kwong at March 6, 2009 12:31 AMI'm just posting because I think I may have a solution to some of your problems.
Apparently, quite recently a worm called Conflicker (also known as downadup, downup, and kido) has been spreading over the internet at a very rapid pace. The symptomes include:
* Google search redirecting
* Antivirus updating has been disabled (you may see the "unable to connect" message when trying to update your antivirus)
* Unable to view websites related to Antivirus software (you may see the "sorry this website is not available" message)
* And alot of popups
I have found that these are all results of Conflicker. It only affects Windows operating systems based on an exploit. Search for and download this patch for Windows "MS08-067". I googled it and found it. When I installed the patch, everything on my computer went back to normal. I can even perform my Antivirus updates, and surf freely without having my google pages redirected all the time. Hopefully it will work for you too.
[link removed]
Posted by: Ricky Bohan at March 29, 2009 10:08 AMI am working a relatives desktop computer that has some kind of redirect virus. Any time you go on any browser, Internet Explorer or Firefox, the homepage will redirect you to a chinese "Prima Hosting page cannot be found" website. Before that it was Baidu chinese search engine, but i got rid of that one virus. If i use the search toolbar in the top right corner I will be redirected several times. I've tried uninstalling the web browsers and reinstalling, I've removed Norton and installed AVG, but that didn't even work. I've tried A-squared and combo-fix, still nothing. I've looked up the Google redirect virus in the registry and can't find it. Any answers please let me know. Thank you
Posted by: Bill Snyder at October 6, 2009 2:40 PM