I’ve seen this one a lot lately. Basically, it shows a fake version of the Google and Yahoo! search engines in the attempt to track all of your personal information that you enter into those sites. Even if you don’t care about your information getting stolen, it prevents you from using Google Apps services such as Gmail, Google Voice, and in many situations, even the basic Google search engine will not work at all.
The biggest problem with repairing this virus is that it is technically not so much a virus as a setting. There is no malicious software causing it, no secret tracking cookie, no browser extension. It is simply caused by a Windows setting, not in the Internet Options, the Windows Registry, it is not found in the Control Panel, or even in the Network and Sharing Center or the Computer Management. Therefore very few anti-virus software options will ever find it.
Diagnosing the Problem
Obviously you need to see if you actually have this problem before trying to remove it. The easiest way to see the problem is to look at the Google Home Page. That link will show a security warning if your connection to Google has been compromised. Another method of checking it is to go to Gmail. If the page returns a 404, 403, or 500 error, you’ve got the virus.
Repairing the Problem
Windows Vista/7
- Open the Start Menu, click “All Programs”, click Accessories, then right-click Notepad, and click ”Run As Administrator”.
- Allow access if a confirmation message is shown.
- In Notepad, click “File”, then “Open…”, then type
%SystemRoot%\system32\drivers\etc\hosts
and click “Open”. - Remove any lines from the file containing
google
oryahoo
and save the file. The virus should now be repaired!
Windows NT/2000/XP
- Open the Start Menu, click “All Programs”, click Accessories, then right-click Notepad, and click ”Run As…” and select “Administrator” or a user account with administrative privileges.
- In Notepad, click “File”, then “Open…”, then type
%SystemRoot%\system32\drivers\etc\hosts
and click “Open”. - Remove any lines from the file containing
google
oryahoo
and save the file. The virus should now be repaired!
Mac OS X
- Open
/private/etc/
in Finder and open thehosts
file in a text editor. - Remove any lines from the file containing
google
oryahoo
and save the file. The virus should now be repaired!
Other UNIX/Linux
- Using a text editor as root, open
/etc/hosts
. - Remove any lines from the file containing
google
oryahoo
and save the file. The virus should now be repaired!
Android
- Using a text editor with root access, open
/system/etc/hosts
. - Remove any lines from the file containing
google
oryahoo
and save the file. The virus should now be repaired!
To verify that it worked, open a web browser and go to Google and follow the Diagnosing the Problem section of this guide.