redirect virus
 

I am having just a total fit with this redirect virus. I've had it before, and usually combofix.exe fixes it..but this time around, no luck with combo, malwarez, hitmanpro.exe, superantispyware, supersplybot, etc etc..and
it still redirects..google, yahoo and bing..

Has anyone come across a DIFFERENT program that actually works..or knows how to MANUALLY remove it?

Many thanks in advance!

try anti rootkit software. and a proper virus scanner as well.

use malwarebytes, free trial download. it usually is pretty good with shit like that.

Realize that each time you get these things your entire security is severely at risk. You have to do something (even if it means switching Operating Systems) to stop yourself from getting them in the first place or eventually the results will be disastrous. Playing cleanup just isn't enough. As a webmaster, if the wrong thing gets in your system and you update your sites it could potentially mean infecting thousands of users or worse.

I'd probably reinstall to be safe. But if you don't want to do that make sure you are running those programs in safe mode. And are you sure the problem isn't an infected router? Don't forget to check to make sure it didn't set a proxy somewhere either. Sometimes these utilities will leave the errant proxy in place within the settings.

did and do..no luck

did..several times..no luck

Should probably mention I run windows xp pro

Run msconfig and go to the startup tab. Uncheck everything and restart. If the redirect is gone, it means that one of the items in your startup is doing it. Enable one item and restart - do this one item at a time until you find the one that is doing the redirect. Look carefully at the line that is causing the redirect to determine the actual program and its registry entry - then remove them.

Did you check your host file? Combofix should get rid of the redirect virus on an XP pro machine. Check to be sure your host file isn't modified.

I did check that early on and it was infected..so I got rid of everything except the line for local host that should be there. I just ran combofix a 2nd time and it said the same things as hitman pro said..that explorer.exe in windows.0 was infected and restored it..and that winlogon.exe in windows.0 was also infected, but was NOT able to restore it for some reason. So that's the latest thing I am working on.

Did that early on..made no difference.

For what it is worth (and this applies to those who use winxp pro btw)
I did manage to get rid of the virus..turns out the explorer.exe and winlogon.exe file in windows.0 was infected. Deleting them and restoring them off of your installation disk did that for me.

BUT..also check your host file..c:\windows\system32\drivers\etc
look at that file..and there should be only ONE entry in the first file..and that is the local host ip address. Anything else should be deleted out.

Thanks for everyone's input too!:thumbsup

Bump for you. I have something on my system too and followed all the info about along with about 15 different spyware killers and virus programs and I still have it.

What happens is when I go to google images and it will display the first 3 lines then I will not be able to use anything connected to google for another 10 minutes. It does this with other sites too like gfy and cnn. I have no idea what it is but nothing I do is working.

Is that like yours?

Over the last 3-4 days..I was really frustrated with problems like this..and I tried MANY different proggies and read so many forums I was sick of it.
Don't know if you are running xp, vista, or win7..but the BEST program I could find that finally narrowed down the culprits in my case (explore.exe and winlogon.exe in windows.0 being infected and having to be deleted and re-installed), was hitmanpro..so would suggest getting that proggie and trying it and see what you come up with . Combofix.exe found the same problem but for some reason could re-install the new files..but could do that with hitmanpro.exe

safest way to run a pc online is to run inside VMware,
Partition your drive into 4,
1- windows
2- saved local data/trusted data
3- email
4- saved internet files

Or learn to use Linux and uses vmware to run windows applications.

You can try the following as its not always something in your root system sometimes its just a cache issue
ipconfig /flushdns in a command prompt to fix it.

You can also do the following
To edit your local DNS lookup file, explore this folder:
C:\Windows\System32\Drivers\etc
the file name is hosts
search for anything you feel is not needed

If you've never edited your HOSTS file before, this is what it should look like:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

format harddisk, install fresh OS if it's not full of installed stuff