Google redirect virus removal

[FNH]

I got the google/bing/etc. redirect virus and would like to remove it, however, I can't seem to locate it with spyware tools or AV. Also Kapersky's TDSSkiller app didn't catch it either. Need some help, hopefully I won't have to reformat.

[izembo]

honestly you know it and you've said it. but backup and reformat.

otherwise, are you running the scans in safe mode? have you turned off system restore?

[izembo]

edit: double post <_<

[Cephius]

I wrote a guide, it's sticky'd. If that doesn't fix it, you're better off just reformatting.

[Hosom]

It's likely this isn't a process that is doing this, but an edited hosts file. Try doing the following:

For Windows XP/Vista/7 x86:

Root(typically C: )\Windows\System32\drivers\etc

There is a file named 'hosts' - it has no extension.

Open the file with notepad and delete anything after the following:

Code:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost

If you're under another OS let me know and I can direct you to the hosts file.

[FNH]

Well thanks for the replies but I got impatient and went ahead and reformatted, I guess I needed to it has been a while.

[Senoska]

It was very likely an edit of your host file incase this happens again