Why it is that your web browser redirects to what appears to be the Google home page, and how to stop it doing so. Here's how to remove the Google redirect virus. (See all internet security tips.)
What is the Google redirect virus?
First we should explain that there is no single 'Google redirect virus'. Rather, the term covers myriad infections of malware that redirects your web browser to Google.com, or something that looks like it. If you've ever found your web browser home page inexplicably changing to a Google search page, or notice that the default search engine in your browser's search bar has changed, you could say that you have been a victim of the Google redirect virus. We've covered this territory before and you can find specific help in our article: How to get rid of unwanted web browser toolbars: remove Babylon, Snap.do Delta, iLivid, Yahoo, Ask toolbars from your browser.
Why does the Google redirect virus exist? Like all malware, the answer is cold hard cash. The people who propigate such malware do so in order to generate revenue via Google search or another third-party search engine. Every time you search via Google adverts appear. Thus every search generates money for Google.
Websites can use Google Custom Search to improve the search experience on their own pages, and to generate a little extra revenue. So when you search a site you like and see Google ads on the results page, it is likely that they are using Google Custom Search. (Firefox and other browsers generate revenue in a similar way.)
At the simplest level Google redirect malware uses this functionality to direct your browser to a custom search page and then generate tiny amounts of money every time you use that page to search and adverts are delivered. Those annoying virus-like search toolbars and pages such as Delta and Babylon take this a step further, building legitimate search engine functionality into their own 'search engines', and delivering ads they themselves sell. These tend not to be high class ads for high class products.
In order to force you to use their search services as often as possible the many varients of the Google redirect virus can change your browsers' home pages. They'll mess with the default, managed, and provided search engines. You may even find that your PC's browser shortcuts and Windows hosts files are tweaked without your conscious permission - although you may have unwittingly clicked an EULA (End User Licence Agreement) when trying to install what appeared to be unrelated, legitimate and useful software.
It's not a good idea to have software on your PC or laptop doing things you don't know about. And it can be worse than simply irritating. A version of the Google redirect virus can also be used to collect your data to be used as a sales lead for other suspicious sites. You don't know if your passwords, account names and home addresses are safe. And you really don't know what you are getting in to when you click any link on any infected site.
Let's get rid of it.
How to remove Google redirect virus
As with removing unwanted browser toolbars, there are multiple things you can do, and we recommend trying them all. Follow them in the order we've set: if you do only one thing it should be a virus scan, because it should isolate any further infection. But to properly resolve the irritating symptoms that brought you to this page you'll have to at least change your browser settings and remove the unwanted toolbars and extensions.
Remove Google redirect virus step 1: scan and remove malware
We're going to assume that you have up-to-date antivirus, antispyware and firewall. If you don't: get it. Now. Read our Best security software article and install the tool that takes your fancy. There's further security software buying advice here.
Clearly having up-to-date security software is not enough. The Google redirect virus seems to have snuck past your PC's defences. So once you are confident you have the correct software installed, and you have scanned for malware and removed anything you have found, you need to do a second sweep. This is not as simple as installing a second antivirus or security suite. Such programs are not designed to run together and will often wrongly identify other security software as malware. Instead we would use Malwarebytes' Anti-Malware Free, which is free software dedicated to run as a second virus scan. Install and run Malwarebytes to ensure the infection is removed.
Remove Google redirect virus step 2: remove browser add-ons, extensions, toolbars
This is quite an involved process. Fortunately for you we have explained the process in some detail here: how to remove browser extensions and toolbars.
Remove Google redirect virus step 2: manually change home page(s)
If the virus has changed your web browser's home page to the Google search page (and you don't want that) you need to manually change it back.
Open Internet Explorer and go to Tools, Internet Options. Type http://www.pcadvisor.co.uk in the field for your home page and click Ok.
In Google Chrome click the 'hamburger' icon in the top righthand corner of the screen (it's three short horizontal bars). Go to Settings, and then scroll down to 'On start-up' and make sure 'Open a set of specific pages' is enabled. Then click 'set pages' and type in http://www.pcadvisor.co.uk (and some other inferior sites, if you must).
In Firefox, click the Firefox tab in the top lefthand corner of the window. Choose Options. Then select General, and make sure that next to 'When Firefox Starts:' the option selected is 'Show my Home Page'. Then in the 'Home Page:' field below insert http://www.pcadvisor.co.uk and that will be your home page.
Remove Google redirect virus step 3: manually change default browser and remove unwanted search engines
Again, this is an involved process, and again we have detailed information on these pages:
How to change default search engine in Internet Explorer, How to change the default search engines used by Firefox and How to change the default search engine on Chrome.
Remove Google redirect virus step 4: repair browser settings
Your web browsers should now be back in sparkling form, but let's take a belt-and-braces approach and make sure. Install the free CCleaner utility. Now go to Cleaner, Windows/Applications. Click Analyze, and when the analysis is complete click the Run Cleaner button.
Go to Tools, Startup and search through each tab. Click Disable and Delete for any entry that includes 'search' in the title or filename.
Remove Google redirect virus step 5: repair Windows host file, reset proxy settings
For almost everyone the Google redirect virus will now be a thing of the past. But if you want to be super sure that you are in the clear we recommend undertaking the following tasks.
First up let's repair the Windows hosts file - if you don't know what you are doing here, this may be something best left to the experts. But as we will explain, you can Open MS Notepad with administrator privileges, by right clicking Notepad and clicking Run as administrator. Now open the Hosts file, you'll find it here: C:\Windows\System32\drivers\etc\hosts. Before you do anything, copy the whole file and paste it into another text document that you save to your desktop, with the same filename as the Hosts file. If the changes you make mess up anythig, you can replace the Hosts file with this document.
Delete any entries that look anything like this: '000.00.00.00 botcrawl.com' or '000.00.00.00 google.com'. They'll appear as additions at the bottom of the file. Resave the Hosts file.
Finally, let's repair each browser's proxy settings so that the Google redirect virus definitely can't hijack your browser.
To do so with IE, launch Internet Explorer, and go to Tools, Internet Options. Click the Connections tab, select Local Area Network (LAN) Settings and unselect everything, press Ok. (If you are at work this is something for which you should ask help from the network admin.)
In Chrome, as before go to Google Chrome Options. Select Under the Hood, then Network, Change proxy settings. In the Internet Properties window, click the Lan settings button. Now select Local Area Network (LAN) Settings. Uncheck Use Proxy server for your LAN, click Ok.
In Firefox, hit the Firefox tab and go to Tools, Options. Press Advanced, open the Network tab, and press Settings. Select No proxy and press Ok. (Again, if you are at work this is something for which you should ask help from the network admin.)
Visit Security Advisor
Security Advisor is the place to visit for the latest internet security news, PC security advice, security software reviews and useful software downloads.
No comments:
Post a Comment