I’m usually pretty good at removing viruses and crap from my computer, and I generally avoid using anti-virus software to do it. I’ve got good reasons. First, I’m a control freak, and I can’t stand the idea of something restricting my movements on the web. I don’t even run Windows Firewall. Second, they slow down your computer, and they might just delete stuff that you don’t want them to. Third, I know the Windows Registry like a freaking maniac.
Seriously though, when you do such processor-heavy stuff like video editing or playing Bulletstorm, you don’t want some resource hog hiding in the background, ready to jump up and say stuff like “CNN.COM IS TRYING TO REFRESH ITSELF, BUT DON’T WORRY, WE CLOSED YOUR ENTIRE BROWSER. PROBLEM SOLVED!” Your online Black Ops team will wonder why you suddenly decided to stand still in the middle of a battlefield and get shot to death.
Then there’s the boot-up issue, and this is the main reason I tell people to avoid Norton Antivirus at all costs. For years I’ve nicknamed this bloated software the Black Icy Hand of Death, turning an otherwise fully-functional computer into a crawling zombie who can’t even take commands from its master, spending half its life running a series of processes on every boot to ensure the maximum protection possible. It’s like putting bars on all the windows in your house, then boarding them up, putting 20 locks on your front door and then pushing all your furniture up against it. You’ve gotta take some risks if you want some freedom.
Usually, when I suspect I’ve got a virus, my normal routine goes like this:
- Start the Task Manager (Ctrl+Alt+Del) and look for weirdly-named processes
- Google those executables to find out if they’re known viruses
- If it’s a virus, search both the entire file system and the registry for that file name and delete all references to it
The Asshole Search Hijacker
I noticed that my normal Google searches were taking me to suspiciously amateur-looking websites. I googled the IP addresses I was being sent to and discovered that I had what is called a “search hijacker,” also known as a “Google search hijacker,” "Scour Redirect Virus," and other names. But it didn’t stop at Google. It affected Bing, too. Not that I cared about that.
And it wasn’t just Firefox. It was Internet Explorer and Chrome, too. For days I used Ask.com, and not for the usual ironic reasons, but because this search hijacker was ignoring it. I couldn’t find a process. I couldn’t find anything weird in the registry. It was baffling me.
Here’s what was happening: I would do a Google search, and normally, I could just click on results to move on to the linked website like we all do a jillion times a day, every day. But the moment I’d click that link, the URL would be replaced by a hijacked URL, linking me to one of many asshole websites. If I hovered the mouse over the link, it’d look like this:
And then, right-clicking the URL, it would immediately change to this:
For every single result. Here’s a list of IP addresses and domains that I was being redirected to (*WARNING* DO NOT VISIT ANY OF THESE URLS):
I ran ClamWin, and it didn’t find anything. I ran Ad-Aware, and it didn’t fix the problem. I then went on a free anti-virus installing spree, during which time I also used TFC (Temp File Cleaner), Malwarebytes’ Anti-Malware, and SUPERAntiSpyware. None of them solved the problem.
It wasn’t until I installed ComboFix, a curiously low-key program, that the problem finally went away. If you’ve got some variant of search hijacker, this should fix the problem.
Finally, the Details of How to Remove this Stupid Search Hijacker
TFC won’t harm your computer, and it may have helped solve the problem in my case since it removed 7 gigabytes of temp files. If ComboFix doesn’t solve the problem, I’d suggest running TFC first, then running ComboFix again.
So, download and install ComboFix, choosing all the standard options, and then let it run. It’ll close all your browsers without prompting you, so save anything you need before it does this. It’s all text in a box—no fancy graphics here. It could take up to an hour, but it probably won’t, and then it’ll automatically reboot your computer. When the computer boots, don’t do anything until it spits out a text file log. You might want to save that, just in case.
When you see that text file, all should be well. You no longer need to cry yourself to sleep using Ask.com for your web queries. Remember, if this doesn’t work, try running TFC, then ComboFix. Hopefully you’ll be back to normal again. Follow @torqtorq