A puzzler
For the last couple of days, my computer has started going to myspace. That is, any url with google in it redirects to myspace. My various spyware and virus scanners have picked up nothing. Clearing browser caches do nothing. And it affects both chrome and firefox at the same time. It’s fixed by a reboot and nothing else. Then it will appear later. Any idea what sort of critter this is?
ETA: Affects IE too.
ETA: Ip release and renew fixes it too.
April 21st, 2010 at 11:37 am
What OS?
Did you check your hosts file?
April 21st, 2010 at 11:40 am
windows 7. i don’t know what a host file is.
April 21st, 2010 at 11:45 am
If it was a hosts file, it wouldn’t be fixed by a reboot. That was my first thought too.
It sounds like a DNS corruption. First thing to try is to flush your DNS cache, which is actually simpler than it sounds. Get to the Network Connections folder, right click on the network connection you’re using for the Internet, and click Repair. If it resolves the issue, that’s where you’d start looking for the wee beastie that’s troubling you.
April 21st, 2010 at 11:49 am
In Windows:
Start -> Run
Type “cmd” hit Enter
Type ping google.com, note the IP address
Type ping myspace.com, note the IP address
Use a tool like network-tools.com to do a WHOIS on each.
Also check your router and/or modem. It’s possible that has a bad DNS entry in it. I like to use Google for DNS 4.4.4.4, 4.4.8.8 .
April 21st, 2010 at 11:58 am
Not A clue, but mine suddenly wants a password, and user name to get email, and won’t accept ether one
April 21st, 2010 at 12:38 pm
Might try restarting the cable modem and router to see if that fixes it.
April 21st, 2010 at 12:39 pm
You said various spyware virus programs…
You are aware you shouldnt have more than 1 antivirus software installed at a time, having more than 1 is counter productive and they work against each other.
also what spyware program are you using?
I suggest SpyBot Search and Destroy from safernetworking.org
its the best, and the community behind it is AMAZING.
if you check out the forums there on safernetworking you can learn how to use “hijackthis” which is a good tool to hunt down obscure issues in your computer.
Hope this helps. Computer problems are such a headache.
April 21st, 2010 at 12:41 pm
It’s the Emo Virus. It starts with Myspace, then eventually, your computer starts writing crappy poetry and cutting itself.
April 21st, 2010 at 12:51 pm
Emo Virus.. Now that is damn funny.
Uncle, sorry to hear you are having issues with your Microsloth products…
Better get the Droid firing on all cylinders to keep up the blog…
April 21st, 2010 at 12:52 pm
i used the MS essentials and it came up nothing. so i tried another online one.
April 21st, 2010 at 1:05 pm
It’s malware of some kind. Not sure which one, or what product will fix it, but that’s what it is.
April 21st, 2010 at 1:10 pm
Superantispyware – http://www.superantispyware.com
Malwarebytes’ Anti-Malware – http://www.malwarebytes.org
Spybot Search & Destroy – http://www.safer-networking.org
Trojan Remover – 30 day free fully functional scanner
http://www.simplysup.com/tremover/download.html
If the above don’t fix it, try combofix. Be sure to follow the instructions carefully:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Try the suggestions at this page: Remove Google redirect virus
http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
April 21st, 2010 at 1:13 pm
malwarebytes doesn’t work.
April 21st, 2010 at 1:21 pm
It sounds like DNS cache poisoning to me. (Domain Name Service maps the name to the IP address.)
April 21st, 2010 at 1:24 pm
I agree with the suggestion that it is malware. They will often disable antimalware programs. Maybe the instructions here will help:
http://www.geekstogo.com/forum/How-to-fix-Google-Redirects-t267407.html
I’ve solved these problems before by making a Ubuntu USB key bootable and check the disk drives (running antimalware programs) after booting into an alternate OS from the USB key.
April 21st, 2010 at 1:31 pm
seems to be taken care of for now. if it resurfaces, will try other measures.
April 21st, 2010 at 2:18 pm
or you might get a mac…..
April 21st, 2010 at 2:27 pm
yeah he can get a mac if he wants to burn money for no reason.
April 21st, 2010 at 2:43 pm
Yeah, get a Mac. Mac 10 for starters.
April 21st, 2010 at 2:59 pm
Agreed. Get a MAC-10, and hose down the PC with it after saving personal files.
Then load a new PC as a dual-boot machine. Windows for games and other OS restrictive programs, and UNIX for internet use.
April 21st, 2010 at 3:00 pm
I thought this was on a Mac. That’s why I hadn’t suggested ccleaner.
April 21st, 2010 at 3:11 pm
It’s the Emo Virus. It starts with Myspace, then eventually, your computer starts writing crappy poetry and cutting itself.
What’s your mood? What music are you currently listening to? (j/k)
I’d second the Ubuntu idea, except that you should boot from CD-ROM instead of USB stick. If you still have the issue, it’s most defenantly downstream from you (routers, your ISP’s DNS, etc)
Ubuntu is super-easy for n00bs. Once you’ve burned the disk, you boot from the read-only media. The “live” disk has it’s own OS onboard and changes nothing about your PC unless you mount your own hard disk to read or write to it.
If you like it, it’s a super-easy way to be very secure when doing stuff like online banking.
April 21st, 2010 at 3:12 pm
s/defenantly/definitely/g
April 21st, 2010 at 3:47 pm
I had something like this a ways back, it was a really annoying redirect. The only thing that killed it was that super duper virus and bot cleaner…shit what’s it called? Not a spyware killer like Malwarebytes or CCleaner, but a DOS operated program that I can’t remember the name of.
Somebody more savvy than me will know exactly what I’m talking about. It’s really common…shit it’s pissing me off I can’t remember the name of it.
I’d say not having to deal with crap like this is a reason. 🙂
April 21st, 2010 at 3:51 pm
yeah, cause macs don’t get bugs.
April 21st, 2010 at 3:58 pm
Seeing as I use both every day…in my limited experience, it’s not even close. The usual defense of the PC folks is “well yeah, but that’s cause our OS is the huge portion of the market share so bug programmers spend more time hacking them”.
Even if that’s 100% true (and I doubt that it is), as the end user, who cares?
The iMac is way more stable than my XP machine, by a factor of 10 crashes to 1 best I can tell, and is largely glitch and bug free.
Apples aren’t perfect, but this is one particular problem they just don’t seem to have.
The biggest problem Apple has is the average American’s tendency to think that if something sells more than something else, it must be “better”. Kinda like assuming that American Idol finalists make the best music.
April 21st, 2010 at 4:07 pm
I used to encounter the problem of anything “Google” redirecting to nothing useful. It happened about every 6-weeks to two months on my wife’s Mac, (which does run spyware/virus protection as a service to those we share files with).
Using a different DNS always fixed the problem, and when I was in a hurry using google.ca or google.uk for search allowed me to work (but not use gmail or other personal services).
April 21st, 2010 at 4:18 pm
My buddy Wes to the rescue.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Combofix is what I thinking of. When I had that browser redirect bot, all of the spyware killers couldn’t fix it, but that did, and made life a lot easier.
That should probably do the trick.
April 21st, 2010 at 5:00 pm
you have a BHO, no no not a Barack Hussein Obama… A browser Hijacker Object…
Go get a program called hijackThis and run it, it will easily fix the problem and it is free.
April 21st, 2010 at 8:40 pm
If you have trouble again go here and follow this tutorial TO THE LETTER. Haven’t found anything it won’t fix yet.
April 21st, 2010 at 9:01 pm
April 21st, 2010 at 11:19 pm
Yeah, sounds like a BHO to me… hijackThis is an awesome piece of software. Had this problem on a Windows 98 machine once… cleared it right up, once I found the right string to kill.
April 22nd, 2010 at 6:37 am
Where does BHO come from? I’ve never heard of this kind of thing.
April 22nd, 2010 at 9:06 am
Uncle, I’ve seen this time and time again. First thing that sticks out is that it fixes when you reboot or flush your network settings, but comes back. this indicates an actively running application. Second, it sounds like it’s either setting you up to use a proxy, or more likely it’s hijacked your DNS entries and added its own crap into there so when you resolve a hostname, it just points it to MySpace’s IP address. This is the most likely.
Download, install, and run “Malwarebytes Anti-Malware”. It’s free and works great.
April 22nd, 2010 at 9:09 am
hasn’t recurred since flushing DNS. And, as said earlier, malwarebytes doesn’t find anything.
April 22nd, 2010 at 10:38 am
Yeah, for some reason spyware eliminators like Malware (which seem to keep you from downloading stuff you don’t want) don’t catch this sort of browser terrorist.
You need Combofix or Hijackthis.
April 22nd, 2010 at 1:48 pm
Or just drop to UNIX and be done with it, either Macintosh or free versions like Ubuntu.
You can run most Windows programs in a vmware window in UNIX, or a number of proprietary programs on the mac.
UNIX/Mac boxes don’t get virii because rooting a UNIX box is a job for the skilled. Hacking a Windows box is something any script kiddie / spammer can do.