Pinterest Stumbleupon Whatsapp
Ads by Google

You ran a search in Google, but somehow, for some reason, you didn’t get the result you wanted after clicking a link.

Again, and again, and again.

This is the frustration of browser redirect viruses, insipid malware designed not only to annoy you, but also to fleece you.

These days you would have to be pretty lax with PC security to end up with one, but these viruses persist in the wild. Let’s take a look at how you might end infected with, and what you need to do to remove, a browser redirect virus.

How The Browser Redirect Virus Works

You’ll know if you have the browser virus. For a start: it will annoy your socks off. Once you’ve got over the regular inconvenience of the pages you want loading, you’ll probably find that upon closer examination, there is something familiar on the page that keeps loading, such as a Google search box.

The URL might be something like:

Ads by Google
  • icityfind.com
  • scour.com
  • fastsfind.com
  • amusede.in
  • 1freefiledownload.com
  • find-quick-results.com
  • bidvertiser.com

Rootkits, bootkits and even malicious browser extensions can be held responsible for these viruses infecting your system, and their sole aim to make money and gather information about you.

How do they make money? Through your searches. Rather than, say, a standard Google search resulting in a couple of sponsored results that you select, the browser redirect virus has monetised every search result and link. Furthermore, data about you is being gathered, and recorded for use later on. This might be anything from your website favourites to personal information that can be used in identity theft.

Basically, if you have a browser redirect virus, don’t share any personal information with any browsers on your computer until it is removed.

The Rewritten Hosts File

Windows users should know about the Hosts file, a text file stored on the C:\ drive where a list of blocked website URLs can be stored. As well as blocking URLs with the Hosts file, you can also add lines that specify what websites should appear when a particular IP address is visited.

Hosts_MUO_Net

All you would need to do is find the Hosts file (Windows\System32\Drivers\etc) and open it with Notepad (right-click, then Open with…). Scroll down to the blank space, add a URL or IP address and save the Hosts file; the address is now blocked.

You can also use the same principle to create shortcuts to certain websites to save time typing. The browser redirect virus uses it too, rewriting or replacing the original hosts file with its own data. Chris Hoffman’s guide to the Windows Hosts file 6 Surprising Uses for the Windows Hosts File 6 Surprising Uses for the Windows Hosts File The Windows Hosts file allows you to define which domain names (websites) are linked to which IP addresses. It takes precedence over your DNS servers, so your DNS servers may say facebook.com is linked to... Read More explains how this works in far more detail.

Removing a Browser Redirect Virus? Switch to Safe Mode First

The process of removal for a browser redirect virus is generally the same across all versions of Windows from XP to Windows 8. To start with, it is necessary to reboot the computer into Safe Mode.

muo-security-browser-redirect-restarty

For Windows XP to Windows 7, this is done by rebooting the computer and repeatedly tapping F8 as soon as the boot disk summary screen appears. If the Windows loading screen appears, you’re too late, and will have to repeat the process. Note that if you use a wireless keyboard, you’ll have little success here, so switch to a USB keyboard.

When the Advanced Boot Options screen appears, use the arrows on your keyboard to select the second option, Safe Mode with Networking, and tap Enter.

Windows 8 users can switch to Safe Mode by opening Settings and Power. Hold the Shift key before you do anything else, then select Restart, keeping your finger on Shift. When the restart menu appears click Troubleshoot then Advanced options, and from here choose Startup Settings, then Restart. Finally, press 5 on your keyboard to Enable Safe Mode with Networking, prompting Windows to start in Safe Mode, but with an internet connection.

Check Your Proxy Settings

Next, check your system’s proxy settings. Browser redirect viruses can use a remote server that isn’t the one you normally connect to the Internet through. By disabling this, you can make a big step towards removing the virus.

In the Control Panel, open Internet Options. In Windows 8, you can type “internet options” to quickly launch this screen. Click the Connections tab and look for LAN Settings. You’ll probably find that the Proxy Server option is checked, with or without an address. Clear the check box and click Automatically detect settings instead, then click OK to confirm and exit.

Manage Your Browsers

At this stage it will be unclear as to where the browser redirect virus originates, and this will be the case until you check the reports from the removal tools. So, it is advisable to remove add-ons and extensions and toolbars from your browsers, and reset your home page.

Once this is done, download and install a copy of CCleaner (although beware the frustrating attempt to install bloatware like Begin The Fight Back Against Toolbar Installer Bloatware! [Opinion] Begin The Fight Back Against Toolbar Installer Bloatware! [Opinion] Recently I had cause to install some free video conversion software and was amazed to find so many attempts to fool me into installing additional software, not to mention attempts to upsell at the end... Read More  Google Toolbar) and use this to scan your computer for junk data in the temporary internet files. Select the Cleaner tab, then check all options under Windows for Internet Explorer and repeat this in the Applications view for any other browsers you have installed. Click Run Cleaner, and wait while this completes.

muo-security-browser-redirect-ccleaner

With everything cleaned up (see our guide for using CCleaner Optimize Your System To Run At Its Best With CCleaner Optimize Your System To Run At Its Best With CCleaner Over the last two years, CCleaner has changed quite a bit in terms of version numbers...up now to version 3.10 at the time of this writing. While visually the program actually hasn't changed much (it's... Read More to give you more idea of the options you need to select here) and then proceed to the next section.

3 Top Tools for Removing the Browser Redirect Virus

Several tools are currently available that can be used against a browser redirect virus. Some experts suggest running all of these, sometimes in order, whereas others recommend just running a couple.

The optimum path would be to download and run Kaspersky’s rootkit remover, TDSSKiller, followed by the reliable MalwareBytes’ Anti-Malware Free. For extra checks, use HitmanPro.

Kaspersky TDSSKiller

muo-security-browser-redirect-tdss

This utility doesn’t require installing, so simply double-click the tdsskiller.exe file then click on the Change Parameters button. In the resulting screen, enable Detect TDLFS file system, and click OK to proceed; next, click Start Scan. Upon completion, if threats are found a summary page will be displayed, along with some recommended actions. Click Continue to accept these actions and allow TDSSKiller to deal with the viruses. Complete removal will necessitate a reboot, so keep this in mind as you will need to boot back into Safe Mode with Networking (as above) before proceeding.

MalwareBytes’ Anti-Malware Free

muo-security-browser-redirect-mbam

This will run automatically once installed, and a message will be displayed advising you to update. Click Fix Now to run the first scan. When this is complete (the software may ask you to click the Update button first) you should be shown a screen listing the threats that have been found. Click Quarantine All, then Apply Actions.

HitmanPro

muo-security-browser-redirect-hitman

Following installation (a one-time run option, without istallation, is also available), HitmanPro will scan your computer for stubborn rootkits, malware and any related files. Files will be displayed as they are discovered, and when the scan is complete click Next to remove them. You’ll need to click Activate free license to get the free 30 day trial for HitmanPro, unless you plan to purchase.

With these scans complete, finish off by running your usual virus scanning software, which might be a free anti-virus/anti-malware utility such as Avira, AVG or Kaspersky, or a premium suite such as BitDefender Internet Security Bitdefender Internet Security 2015: The Ideal Choice For Home PCs [Giveaway] Bitdefender Internet Security 2015: The Ideal Choice For Home PCs [Giveaway] Offering anti-virus, privacy protection, safe banking, firewall and parental control for just $79.95, Bitdefender Internet Security 2015 would seem to be the optimum choice for anyone looking to give their home computer security a boost. Read More .

Finally, Reset Your Browser

With your scans completed, and the removal tools’ work done, there is one final step. To remove the last vestiges of the threat, you will need to reset your browser. Depending upon which browser you’re using, this will differ.

  • Internet Explorer: click the Settings button, then Internet Options > Advanced, where you’ll find the Reset button. Ensure you select Delete personal settings before clicking Reset, then click Close when the process has completed and restart your browser.
  • Mozilla Firefox: open Menu > Help > Troubleshooting Information, where you’ll find the Reset Firefox… button. Click this and confirm to reset the browser.
  • Google Chrome: in the hamburger menu, choose Settings or enter the chrome://settings URL in the address bar. From here, click Show advanced settings… and scroll down to the Reset settings button. Click this, then confirm in the following box to reset the browser.

Now you’re done, it’s time to play safer online. Browser redirect viruses can be traced back to a relaxed attitude to security, so make sure you follow our guide on how to never get a virus 9 Easy Ways To Never Get A Virus 9 Easy Ways To Never Get A Virus It's a curious fact that the people who are most worried about viruses get them more often. With a little basic training you can completely avoid the problem of viruses and malware, so you can... Read More , keep your browsers up to date and, most importantly, regularly check for operating system security updates to iron out loopholes and vulnerabilities Five Tips For Managing Your Security In Windows 8.1 Five Tips For Managing Your Security In Windows 8.1 Read More .

Your browser redirect virus should now be removed, and you should now be able to continue with your life without the inconvenience malware presents. Let me know in the comments below if you have any questions.

Featured Image Credit: URL Phishing via Shutterstock

  1. Pooja Mishra
    October 12, 2016 at 9:30 pm

    Hey guys !

    I hv having this same issue since last one week, i tried doing each n everything thats available on the internet, but MalwareBytes’ Anti-Malware Free seems to have worked like a magic! Truely love this free software. Makers of d software, u guys rock !!!

    Thanks.

  2. Anne Fulmer
    September 25, 2016 at 11:32 pm

    I have a situation I'm not sure if this is what it is. For instance, I click on something in my email, and it usually opens that link in a new tab. But when I click on something in THAT tab, instead of going where I directed it, a new tab opens up that is obviously wrong. I did a scan with Kaspersky TDSSKILLER, but they found nothing. I have new laptop using Windows 10. Any help or ideas? I have this problem mostly in Chrome. Anne

  3. argfbzs
    July 24, 2016 at 8:45 pm

    h
    i for mobrevflwms redirect virus dosent work

  4. ewhij6weq35w4WRH
    April 20, 2016 at 1:04 pm

    IDIOOT!

  5. g u nair
    February 29, 2016 at 10:46 am

    How to proceed in an android phone?

  6. Riley Mullins
    March 8, 2015 at 12:35 am

    I use all these listed, usually I try to get clients to buy Malwarebytes, I buy them for family as stocking stuffers, it keeps the family free cleaning down before it happens. I also added JRT (Google search junk removal tool) to my USB rescue drive, along with Allister suggestion of Adwcleaner, very nice program. It never hurts to scan with other programs to verify that a PC is clean, they can get infected easily with deceptive notices that you need to update and toolbars.

  7. Allister
    March 7, 2015 at 1:34 pm

    Adwcleaner also works well.

  8. WinDork
    March 6, 2015 at 7:48 pm

    Those sketchy re-directed search engines can also be removed manually by going into the settings of your browser and deleting them.

    • patan
      March 9, 2015 at 3:23 pm

      repariere sound for free

Leave a Reply

Your email address will not be published. Required fields are marked *