My Browser Search Redirects to 127.0.0.1 : Did you download something unknowingly? Are you now helpless to browser hijacking? Then you came to the right place, as I faced an entire night of cursing at my computer for succumbing to the same issue. I later apologized to my computer and we can both laugh about it now. (I have a great relationship with my machines, so what!) Our computers are simple devices and can be easily transformed into a brick by changing something seemingly harmless, so it is good to know the most common ways a hacker can take advantage of these vulnerabilities. I will explain to you how to identify when your computer is infected, undo browser hijacking, and avoid it in the future.
The first sign of an infected computer will present itself almost immediately with an annoying pop-up usually posing as Windows soliciting an anti-virus program to you because”Windows” detected Malware. The truth of the matter is, a programmer designed malware to make it look as though a computer is infected, harass the user into buying anti-virus software, and trick you into downloading it onto your computer. These programs aren’t hard to get rid of, in fact its quiet simple.
Usually all one has to do is press CTRL+ALT+DELETE and find a weird looking program name in the task manager, search for it using the Windows Search function and delete from there. These malware programs can be named something very conspicuous like”Spybot.exe” and you can get rid of it right away. Other times the program can be very hard to find and even named after critical system executables. For example, I had one instance where the windows runs a program called lsass.exe. I could not distinguish the malware running because it was named Isass.exe. The difference is that one executable is started with an “L” rather than with an “I”.
The second symptom your system exhibits is the quiet frankly the most irritating and inconvenient. It acts as the programmers insurance plan to his whole operation. It presents itself when you try to Google search for ways to get rid of the malware or to find out which programs in your task manager are legit or not. All of this mayhem would not be a problem since there is so much free software out there that can easily eradicate such annoyances. Right? Well, of course… if you can reach them. Here is where the programmer becomes crafty.
The programmer does not want you solve this using a free software, he or she wants to force the software that he or she is soliciting to you over and over. In order to do that, the programmer has now changed your hosts file in your windows directory to redirect every website you try to reach to a dud IP 127.0.0.1 (aka LocalHost – more on this monentarily). When you think to you can Google away your problems, you realize you have suddenly been propelled into the twilight zone, into the dark ages, into a world where Google, Yahoo! and MSN Search Engines does not exist.
So what are you going to? Invest in messenger pigeons? Call some foreign based technical support and wait for an answer next year? Of Course not! Your first approach will be to make sure that you are under the administrator username in Windows and not a guest account. Then goto Start > Run > and type the following directory c:windowssystem32driversetc (where is, put an actual backslash)and press enter. Look for the “host” file, right click on it, and at the bottom of the pop-up menu click Properties. At the bottom of the Properties menu, uncheck the “read only” box as this would prevent you from saving any changes. Windows will usually ask you to specify a program to open the hosts file with, so use notepad. The only text that you should find written in this file should be
127.0.0.1 Localhost
When your system has been hijacked, it will look more like this:
127.0.0.1 au.google.com
127.0.0.1 images.google.com
127.0.0.1 http://www.yahoo.com
And so on. Basically what this is doing is saying that the IP 127.0.0.1 should be the destination of google.com or yahoo.com or whatever site follows the IP. So just make sure that you only have the 127.0.0.1 Localhost entry. Now you want to save the hosts file by clicking File then select Save As… Notepad should open a window in the directory where the Hosts file is located, at the bottom of the dialog window will be a drop down box labeled File type, select All Files from the drop down box and the “hosts” file should appear. Highlight the “host” file and save. Start up your browser and you should be able to reach Google.com now. From there you are able to search research how to get rid of those pesky pop-ups that are still lingering on your desktop.
The easiest way to avoid this from happening again is to create a Guest User Account from the Control panel and do most of your surfing from there. This prevents any programs from installing on your system, and any important files like the “hosts” file we fixed from being manipulated. The only time you will need to log back into the administration username is to install any new programs which will carry over to the guest account. I hope this has been helpful and not too boring to read. Good luck and happy SAFE surfing.