The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.
You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.
VIRUS ALERT
Nice tip.wiseguy wrote:The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.
You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.
Haven't tried that one, yet.
EDIT;
just had a look and I believe you mean delete everything below "for example" that is NOT preceded by a # symbol.
Yes?
Sandy
It really doesn't matter. You could delete everything in it with no ill effects. For the typical user it is probably best to just set the hosts file to read only.mnementh wrote:Nice tip.wiseguy wrote:The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.
You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.
Haven't tried that one, yet.
EDIT;
just had a look and I believe you mean delete everything below "for example" that is NOT preceded by a # symbol.
Yes?
Sandy
I have found Malwarebytes to be the best for this kind of stuff personally. You can usually download it in safe mode with networking at the very least.
When no programs will run, go to My Computer and right click - then click on Explore. Go to Tools - Folder Options. Click on File Types.
Go to New and click advanced. For File extention, enter EXE. For Associated File Type click on Application from the drop down list. Press OK. If it asks if you want to change, say yes.
What some of these Trojans do is change the EXE extention to open with something else or nothing. That's why you will get the "Open with" pop up.
Then run Malwarebytes with a full scan. It should be gone and your computer back to normal. BTW, A restore point did not work for me when I got it.
When no programs will run, go to My Computer and right click - then click on Explore. Go to Tools - Folder Options. Click on File Types.
Go to New and click advanced. For File extention, enter EXE. For Associated File Type click on Application from the drop down list. Press OK. If it asks if you want to change, say yes.
What some of these Trojans do is change the EXE extention to open with something else or nothing. That's why you will get the "Open with" pop up.
Then run Malwarebytes with a full scan. It should be gone and your computer back to normal. BTW, A restore point did not work for me when I got it.
OK slllooooowwww dddooowwwnnnn computer nerd ahead.wiseguy wrote:The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.
You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.
How do you open it in Notebook?
Where is the host files thingy?
As Wiseguy posted, the HOSTS file is here;Bigdog wrote:OK slllooooowwww dddooowwwnnnn computer nerd ahead.wiseguy wrote:The redirects that are happening are most likely the result of the Windows hosts file being highjacked. You can cure this by deleting all the entries from it. Just go find the hosts file in the C:\Windows\System32\drivers\etc\ folder and open it with Notepad. Delete everything below the words For example: and then save the changes. You should then be able to get to any of the web sites.
You might also want to right click on the hosts files, select properties, and set it to Read Only. This will prevent it from being highjacked again.
How do you open it in Notebook?
Where is the host files thingy?
C:\Windows\System32\drivers\etc\
Use My Computer or Windows Explorer to go to that folder and you will see the Hosts file.
It doesn't have an extension, so when you Right click it and select OPEN your PC should ask what program you want to use.
A dialogue box will open with a list of programs on your PC.
Scroll down the list and select Notepad.
Do NOT tick the box for "Always use the selected program".
When Notepad opens the file, carry out Wiseguys' instructions.
Sandy
The file will have no extension and will be named hosts exactly.
Follow these step by step.
1. Browse to Start -> All Programs -> Accessories
2. Right click "Notepad" and select "Run as administrator"
3. Click "Continue" on the UAC prompt
4. Click File -> Open
5. Browse to "C:\Windows\System32\Drivers\etc" (the hosts file is inside the etc folder)
6. Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7. Select "hosts" and click "Open"
8. Make the needed changes and close Notepad. Save when prompted.
Follow these step by step.
1. Browse to Start -> All Programs -> Accessories
2. Right click "Notepad" and select "Run as administrator"
3. Click "Continue" on the UAC prompt
4. Click File -> Open
5. Browse to "C:\Windows\System32\Drivers\etc" (the hosts file is inside the etc folder)
6. Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7. Select "hosts" and click "Open"
8. Make the needed changes and close Notepad. Save when prompted.
OK I have a couple issues.wiseguy wrote:The file will have no extension and will be named hosts exactly.
Follow these step by step.
1. Browse to Start -> All Programs -> Accessories
2. Right click "Notepad" and select "Run as administrator"
3. Click "Continue" on the UAC prompt
4. Click File -> Open
5. Browse to "C:\Windows\System32\Drivers\etc" (the hosts file is inside the etc folder)
6. Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7. Select "hosts" and click "Open"
8. Make the needed changes and close Notepad. Save when prompted.
I'm not sure I can run as administrator. I'm not sure if I'm running it as me or the administrator.
What's UAC mean?
I didn't see a drives file or folder. And nothing that says etc folder.
I'm in XP does that matter?
I was thinking you were running Vista. Then do this.
1. Open Notepad
2. Click on File and then on Open
3. Click the My Computer button
4. Double Click the Local Disk (C;)
5. Double Click the WINDOWS folder
6. Double Click the system32 folder
7. Double Click the drivers folder
8. Double Click the etc folder
9. Double Click the the hosts file
10. Now delete everything below # For example:
11. Click on File and then on Save
12. Close Notepad
1. Open Notepad
2. Click on File and then on Open
3. Click the My Computer button
4. Double Click the Local Disk (C;)
5. Double Click the WINDOWS folder
6. Double Click the system32 folder
7. Double Click the drivers folder
8. Double Click the etc folder
9. Double Click the the hosts file
10. Now delete everything below # For example:
11. Click on File and then on Save
12. Close Notepad
