Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirecting websites - gala virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 irish94

irish94

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 23 January 2011 - 04:06 PM

I've wasted much of this weekend trying to remove this thing from a home computer. Not sure how it was downloaded, since the kids and my wife mainly use it. I have run malware multiple times in safe mode (full scans). It removes several files, but on restart, the problem returns. I have cleaned the LAN settings from redirecting firefox and IE, but any search results you click on get redirected to random sites and some sites (e.g., gmail.com) cannot be accessed at all. I hope the creators of this are prepared for their long and hot afterlife. Thanks for your help. See the attached DDS and GMER files. I ran these in safe mode. I also ran TDSSKiller (as seen on some other threads), but it returned clean.

Attached Files



BC AdBot (Login to Remove)

 


#2 irish94

irish94
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 23 January 2011 - 09:54 PM

After posting this, I tried yet another search for solutions (on another computer). This one from a google group seems to have fixed it:
- Open the Start menu, then select Run...
- In the blank next to Open, type "c:\windows\system32\drivers\etc" without the quotes, then hit OK.
- Select the Tools menu (toward the top, between Favorites and Help)
- Select Folder Options in the Tools menu, then click the View tab
- Under Advanced Settings, select the radio button beside "Show hidden files and folders"
- Uncheck the box next to "Hide protected operating system files..."
- A warning window will appear, select Yes, then hit OK
- Right-click the file named "hosts" and select Properties.
- Under the General tab, uncheck the box next to Read-only (if it is blank, leave it as is).
- Hit OK.
- Right-click the file named "hosts" again and select Open-With…
- In the Programs list, select Notepad, then hit OK
- Delete everything in the Notepad windows except “127.0.0.1 localhost”
- Hit File, then Save, then exit Notepad
- Restart your computer

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:03 PM

Posted 24 January 2011 - 01:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users