You ran a search in Google, but somehow, for some reason, you didn’t get the result you wanted after clicking a link.
Again, and again, and again.
This is the frustration of browser redirect viruses, insipid malware designed not only to annoy you, but also to fleece you.
These days you would have to be pretty lax with PC security to end up with one, but these viruses persist in the wild. Let’s take a look at how you might end infected with, and what you need to do to remove, a browser redirect virus.
How The Browser Redirect Virus Works
You’ll know if you have the browser virus. For a start: it will annoy your socks off. Once you’ve got over the regular inconvenience of the pages you want loading, you’ll probably find that upon closer examination, there is something familiar on the page that keeps loading, such as a Google search box.
The URL might be something like:
Rootkits, bootkits and even malicious browser extensions can be held responsible for these viruses infecting your system, and their sole aim to make money and gather information about you.
How do they make money? Through your searches. Rather than, say, a standard Google search resulting in a couple of sponsored results that you select, the browser redirect virus has monetised every search result and link. Furthermore, data about you is being gathered, and recorded for use later on. This might be anything from your website favourites to personal information that can be used in identity theft.
Basically, if you have a browser redirect virus, don’t share any personal information with any browsers on your computer until it is removed.
The Rewritten Hosts File
Windows users should know about the Hosts file, a text file stored on the C:\ drive where a list of blocked website URLs can be stored. As well as blocking URLs with the Hosts file, you can also add lines that specify what websites should appear when a particular IP address is visited.
All you would need to do is find the Hosts file (Windows\System32\Drivers\etc) and open it with Notepad (right-click, then Open with…). Scroll down to the blank space, add a URL or IP address and save the Hosts file; the address is now blocked.
You can also use the same principle to create shortcuts to certain websites to save time typing. The browser redirect virus uses it too, rewriting or replacing the original hosts file with its own data. Chris Hoffman’s guide to the Windows Hosts file explains how this works in far more detail.
Removing a Browser Redirect Virus? Switch to Safe Mode First
The process of removal for a browser redirect virus is generally the same across all versions of Windows from XP to Windows 8. To start with, it is necessary to reboot the computer into Safe Mode.
For Windows XP to Windows 7, this is done by rebooting the computer and repeatedly tapping F8 as soon as the boot disk summary screen appears. If the Windows loading screen appears, you’re too late, and will have to repeat the process. Note that if you use a wireless keyboard, you’ll have little success here, so switch to a USB keyboard.
When the Advanced Boot Options screen appears, use the arrows on your keyboard to select the second option, Safe Mode with Networking, and tap Enter.
Windows 8 users can switch to Safe Mode by opening Settings and Power. Hold the Shift key before you do anything else, then select Restart, keeping your finger on Shift. When the restart menu appears click Troubleshoot then Advanced options, and from here choose Startup Settings, then Restart. Finally, press 5 on your keyboard to Enable Safe Mode with Networking, prompting Windows to start in Safe Mode, but with an internet connection.
Check Your Proxy Settings
Next, check your system’s proxy settings. Browser redirect viruses can use a remote server that isn’t the one you normally connect to the Internet through. By disabling this, you can make a big step towards removing the virus.
In the Control Panel, open Internet Options. In Windows 8, you can type “internet options” to quickly launch this screen. Click the Connections tab and look for LAN Settings. You’ll probably find that the Proxy Server option is checked, with or without an address. Clear the check box and click Automatically detect settings instead, then click OK to confirm and exit.
Manage Your Browsers
At this stage it will be unclear as to where the browser redirect virus originates, and this will be the case until you check the reports from the removal tools. So, it is advisable to remove add-ons and extensions and toolbars from your browsers, and reset your home page.
Once this is done, download and install a copy of CCleaner (although beware the frustrating attempt to install bloatware like Google Toolbar) and use this to scan your computer for junk data in the temporary internet files. Select the Cleaner tab, then check all options under Windows for Internet Explorer and repeat this in the Applications view for any other browsers you have installed. Click Run Cleaner, and wait while this completes.
With everything cleaned up (see our guide for using CCleaner to give you more idea of the options you need to select here) and then proceed to the next section.
3 Top Tools for Removing the Browser Redirect Virus
Several tools are currently available that can be used against a browser redirect virus. Some experts suggest running all of these, sometimes in order, whereas others recommend just running a couple.
This utility doesn’t require installing, so simply double-click the tdsskiller.exe file then click on the Change Parameters button. In the resulting screen, enable Detect TDLFS file system, and click OK to proceed; next, click Start Scan. Upon completion, if threats are found a summary page will be displayed, along with some recommended actions. Click Continue to accept these actions and allow TDSSKiller to deal with the viruses. Complete removal will necessitate a reboot, so keep this in mind as you will need to boot back into Safe Mode with Networking (as above) before proceeding.
MalwareBytes’ Anti-Malware Free
This will run automatically once installed, and a message will be displayed advising you to update. Click Fix Now to run the first scan. When this is complete (the software may ask you to click the Update button first) you should be shown a screen listing the threats that have been found. Click Quarantine All, then Apply Actions.
Following installation (a one-time run option, without istallation, is also available), HitmanPro will scan your computer for stubborn rootkits, malware and any related files. Files will be displayed as they are discovered, and when the scan is complete click Next to remove them. You’ll need to click Activate free license to get the free 30 day trial for HitmanPro, unless you plan to purchase.
With these scans complete, finish off by running your usual virus scanning software, which might be a free anti-virus/anti-malware utility such as Avira, AVG or Kaspersky, or a premium suite such as BitDefender Internet Security.
Finally, Reset Your Browser
With your scans completed, and the removal tools’ work done, there is one final step. To remove the last vestiges of the threat, you will need to reset your browser. Depending upon which browser you’re using, this will differ.
- Internet Explorer: click the Settings button, then Internet Options > Advanced, where you’ll find the Reset button. Ensure you select Delete personal settings before clicking Reset, then click Close when the process has completed and restart your browser.
- Mozilla Firefox: open Menu > Help > Troubleshooting Information, where you’ll find the Reset Firefox… button. Click this and confirm to reset the browser.
- Google Chrome: in the hamburger menu, choose Settings or enter the chrome://settings URL in the address bar. From here, click Show advanced settings… and scroll down to the Reset settings button. Click this, then confirm in the following box to reset the browser.
Now you’re done, it’s time to play safer online. Browser redirect viruses can be traced back to a relaxed attitude to security, so make sure you follow our guide on how to never get a virus, keep your browsers up to date and, most importantly, regularly check for operating system security updates to iron out loopholes and vulnerabilities.
Your browser redirect virus should now be removed, and you should now be able to continue with your life without the inconvenience malware presents. Let me know in the comments below if you have any questions.
Featured Image Credit: URL Phishing via Shutterstock