Forum Moderators: open
I went to check my hosts file (I try not to get involved in my computer's innards, so this was something new for me :) )
My only file called "hosts" just has this in it -
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
I also have three backup hosts files
The first backup -
66.40.16.218 auto.search.msn.com
66.40.16.218 auto.search.msn.com
66.40.16.218 auto.search.msn.com
------------------
The second -
66.40.16.218 auto.search.msn.com
66.40.16.218 auto.search.msn.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
--------------------------------------
The third -
66.40.16.218 auto.search.msn.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
------------------------------
So far, nothing weird, right? Also, why would scumware want to change what Google datacenter I was using?
Hmm, I just checked a search on MSN, which I never do and it changes the url there too. It doesn't change when I use a proxy or AOL though.
I'll run Ad-Aware too and see if it catches anything Spybot missed.
Could there be something in the cache of my ISP that won't let the problem go for a while? I don't get the redirect while using a proxy or AOL.
It's making me all paranoid that there's something else amiss in my computer that I'm not seeing though. A search engine redirect by itself isn't such a big deal in the grand scheme of things. I have a firewall, a virus program and Spybot running all the time. What more can I do?
This happens in any browser I try on this PC which suggests an OS-level problem. Gah!
More info here:
[imilly.com...]That's not the problem I'm having. I can get to Google just fine, it just redirects to www2.google.com.
To answer one of your questions, there is a good reason that scumware might send you to www2.google.com for search results. The smarter hacks do this in order to make you think that nothing is wrong. If you are going to Google, and you are getting real Google search results, you are less likely to cry foul. 99.9% of searchers would see nothing strange about seeing the www2 subdomain. Scumware hijacks the home page, but then serves real Google results. To begin with, the scumware may even present an exact replica of the Google home page (seems like this might have been the case here). Over time, they may start to add text ads, banners, and pop-ups. The average web user might just think that Google has changed their home page - and continue this way for months.
To begin with, the scumware may even present an exact replica of the Google home page (seems like this might have been the case here). Over time, they may start to add text ads, banners, and pop-ups. The average web user might just think that Google has changed their home page - and continue this way for months.
Ah, that makes sense. Clever...and nasty. I'm glad they could educate me on hosts files though, even if it wasted almost a whole evening of doing all kinds of useless things to my computer.