Way Off Topic: Google Redirects - I Win So Far

From "Hill Street Blues" Sergeant Phil Esterhaus: 

Hey, let's be careful out there.

Pre-post Note: I'm not really sure I should post this but it may help somebody so here I go.

A public service announcement. For the last two weeks, I have spent many hours (20 hrs plus) trying to fix a computer problem. While not an expert, I have reasonable skills and a ton of experience. I'm usually the guy that others bring their computers to for "the fix". We have had many "visiting" computers over the years. I have current virus and other protection. I'm behind a router firewall and software firewall and above all, I practice "safe computing".

So somehow I caught a worm/virus. Very irritating one. Almost all my searches were redirected. Click a search result and no matter what it was, it went to sham web sites. "find.answers.fast" was the most common but many other of that class also appeared. So since I'm mainly a Google guy, I thought initially it was a Google issue and reported to them. No answer. It turns out to also effect other search engines. Bing and Yahoo definitely.


Many Norton scans, a deep scan and an CD boot disk scan. Many other antivirus and anti-spyware programs (maybe 10 different ones). Nobody found anything significant. I knew I had a problem but all the help boards had multiple of the standard suggestions and nothing worked. Scan with this and post a log.  I felt it was a "redirect" more than anything and I'm smart enough not to click the links or popups on these page. If you click, you will get a significant infection.

It looked like reformat time and the computer was 3-4 years old and two days reloading seemed like too much work.  I was due for another computer soon anyways so one is on the way. So of course, I fixed it.  The answer is in the hosts file in the system folder that had been corrupted. The fix is HERE at computing.net who will be my GO-TO SITE FOREVER. Edit Sept 1 2011 See below.

KEY WORD TIME OUT: (I'm adding a bunch of key words for the Googlebot to index this for others): redirect, search redirect, Firefox redirect, Google redirect, searchweb redirect, mozilla redirect, search worm.

Be careful searching for solution with many of the results also "dicey". You need their special tool and of course you get to pay for it. I suspect they are the same ones that infected you to begin with. Go to the one I suggested. It works and is easy.

NOTE: I'm not a computer tech and all redirect will NOT be all the same cause but this seem to be a common one. Let's be careful out there.

Update Sept 1 2011
I took this post down for about a week because above fix worked for about 24 hours and then relapsed. So it may be part of the answer but it was not THE answer for me.

If you have not updated and ran your antivirus. Do it now. Follow the usual advice of deleting temp files and cookies. Here is several Norton links to try. Didn't work for me but you should try.  Link 1  Link 2  Also please try several other scanners and do a registrar cleaning with something. I used Ccleaner.    

I assume you did all the usual stuff above before trying this.

The below fix is now about 5 days and no relapse. It is some of the advice I had seen given and I have added to it. I have tested maybe 100 Google searches and no problem yet.

My Java was apparently infected/corrupted. My Java (how embarrassing) was a 2008 version that apparently came with the computer. I always update everything so who would have thought it. Everything else always wants to auto update. I didn't think of this one. I also checked but didn't need to update Adobe reader. I uninstalled "Google updater" that some how was installed about the same time as the problem started. What does Google need to update on my computer anyways?

Even if your Java is not outdated, I guess it could be corrupted. You might try this depending on your present frustration level.

So what worked (so far):
Check your Adobe reader. You should be using version 10 now. If not the go to ADOBE and get the newest version and install. Mine was up to date but I put this in since some seem to think it could be a problem. It was not mine.

The Java issue:

1. Download the latest version of Java Runtime Environment (JRE) 7 .  Click the big JAVA button and choose the Java SE Development Kit 7 that is right for your computer. Save to desktop.
2. My addition: In any browser you have, go in and delete any Java related extensions/plugins. In Firefox it is under Tools/addons.
3. Close ALL programs especially browsers.
4. Go to Start/Control Panel/Add or Remove Programs and remove all older versions of Java including any Java Runtime Environment. If Java is in the name remove it. My addition: While here also look and see if you installed anything about the time this started. I had Google updater. Get rid of anything you installed at about that time.
5. Reboot and run the new Java installer from your desktop.
6. After the install is complete, go into the Control Panel/Java
   • Go to General/Temporary Internet Files/click the Settings button.
   • Next, click on the Delete Files button.
   • There are three options. Be sure the top two boxes are checked ("Applications and Applets" and "Trace and Log Files") but not the third box.
   • Now click OK and it may take a few moments to do it's thing. 
   • Now back out of the windows clicking ok as you go.
7. You are now done.

The above is largely from a post I can not find now on bleepingcomputer.com
I have added some to it. This is what so far has worked for me. I don't believe any of this is dangerous to your system but as with all internet advice, you sometimes get what you pay for. You are responsible if you trash your system not me...

What I think happened. I think a web site got me. Norton or one of the other files eventually eliminated the original virus. There were several scanners I used that found thinks that I did not recognize. The file was killed. It had modified Java and that was invisible to the scanners.

Post your results here if you try this. We will then have a sample size of more than one. Also briefly describe the issues you were having if different than mine so others can decide if they want to try this. I will not be responding to questions on how to do this. This is all I know and what appears to have worked for me.

POST YOUR RESULTS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

PS Still working Sept 8---14 days and no relapse.. I declare VICTORY!
Updated

September 14 2011

DrDan