Google links redirection virus help

[shukudai]

I seem to have got a virus/malware/whatever.

It will at random points, redirect links from Google to it's own sites, usually random search engines that forward me to other sites.

Multiple AV programs don't locate it. I removed some shit it put in my hosts.ini, had me surfing by proxy which I also removed, and I have not been able to find any of the supposed associated files / registry entries that i've been able to google up.

The sites it most often sends me to are get-answers-fast.com bifsearch.net and expandsearch, which then forward me god only knows where. Anyone have experience with this?

[Kazen]

This should remove it, it sounds like a tdss virus. http://support.kaspersky.com/viruses...?qid=208280684

[shukudai]

Tried that too It found nothing. Combofix is supposed to have some success, I ran that, and so far no redirects, but it's difficult to tell if only because the redirects happen at random times, might not get any for hours, or even half a day, then bam :3

[Brill Weave]

I actually have it as well. Kaspersky, Hijack This, Combofix, Malwarebytes all were unsuccessful. I ended up just reformating the hard drive(I was planning on doing this next weekend before I got the virus anyways lol.)

[Omnipotent]

I actually have it as well. Kaspersky, Hijack This, Combofix, Malwarebytes all were unsuccessful. I ended up just reformating the hard drive(I was planning on doing this next weekend before I got the virus anyways lol.)

Had the same issue, ended up reformatting. Took it to my Best Buy I work @, all of the Tech's basically just gave up and said reformat or bust.

[djzombie]

have you tried this?

http://siri.geekstogo.com/SmitfraudFix.php

smitfraudfix, it's fixed many problems i've had other programs haven't been able to successfully.

http://siri.geekstogo.com/Bitmaps/Fix01b.png

This tool removes Desktop Hijack malware: Advanced Antivirus, Advanced Virus Remover, AdwarePunisher, AdwareSheriff, AlphaCleaner, AntiSpyCheck, AntiSpyware Expert, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntiVirGear, Antivirus 2009, Antivirus 2010, Antivirus 360, AntiVirus Lab 2009, Antivirus Master, Antivirus Sentry, Antivirus System Pro, Antivirus XP 2008, AntivirusGolden, AV Antispyware, AVGold, Awola, BraveSentry, Coreguard Antivirus, Extra Antivirus, HomeAntivirus 2009, IE Defender, IE-Security, Internet Antivirus, Malware Defender 2009, MalwareCrush, MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro, MalwareWiper, Micro Antivirus 2009, MS AntiSpyware 2009, MS Antivirus, PC Protection Center 2008, Personal Defender 2009, PestCapture, PestTrap, Power Antivirus, Power-Antivirus-2009, PSGuard, quicknavigate.com, RegistryFox, Registry Cleaner, Renus 2008, Security iGuard, Smart Antivirus 2009, Smitfraud, SmitFraudFixTool, Spy Protector, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Guard 2008, Spyware Protect 2009, Spyware Vanisher, Spyware Soft Stop, SpywareLocked, SpywareQuake, SpywareKnight, SpywareRemover, SpywareSheriff, SpywareStrike, Startsearches.net, System Antivirus 2008, System Guard 2009, TheSpyBot, TitanShield Antispyware, Total Protect 2009, Total Secure 2009, Trust Cleaner, Ultimate Antivirus 2008, UpdateSearches.com, UnVirex, Virtual Maid, Virus Heat, Virus Protect, Virus Protect Pro, VirusBlast, VirusBurst, VirusRay, Virus Remover 2008, Virus Shield, VirusResponse Lab 2009, VirusTrigger, Win32.puper, WinHound, WinPC Defender, WiniBlueSoft, Vista Antivirus 2008, WinDefender 2009, XLG Security Center, XP Deluxe Protector, XP Security Center, XPert Antivirus, XP Police Antivirus, Brain Codec, ChristmasPorn, DirectAccess, DirectVideo, EliteCodec, eMedia Codec, EZVideo, FreeVideo, Gold Codec, HQ Codec, iCodecPack, IECodec, iMediaCodec, Image ActiveX Object, Image Add-on, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, LookForPorn, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, NetProject, Online Image Add-on, Online Video Add-on, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, Pornovid, PrivateVideo, QualityCodec, Silver Codec, SearchPorn, SexVid, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX Object, Video ActiveX Object, Video Add-on, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec, WinCoDecPRO...

[shukudai]

I has not tried it, so for Combofix seems to have worked, no redirection in a day or so now, keeping my fingers crossed. Glad to see i'm somehow not the only idiot who got this thing and found it so damn hard to remove.

[Byrthnoth]

I'm doubtlessly way out of date about this, but did you open up your Hosts file and make sure it only had your local host in it?
http://en.wikipedia.org/wiki/Hosts_%28file%29

Iirc, people can put their server above your local host file and direct your traffic through them. Sort of a really basic way to do a redirection attack, but also one that I have to imagine almost every security program would protect against.