A little while ago a customer needed me to clean up his laptop. He had accidentally downloaded some junk programs and search engines. He was seeing lots of ad and his search engine on his browser had changed. I figured it would be relatively simple to remove, but this one surprised me.
Here are the steps I used to remove the Yahoo redirect virus.
1. I uninstalled the junk programs I found.
2. I ran Malwarebytes and removed all the threats I found.
3. I removed all the weird search engines and home pages I found in Internet Explorer and Google Chrome.
4. I ran ccleaner to get rid of unnecessary registry files and trash that got installed.
5. I restarted the computer and it was fast and seemed to be working fine. However, when I did a search in Google Chrome this stupid Yahoo redirect came up.
So I tried a couple more things. I removed all the extensions and add-ons in Chrome. I also made a new Chrome profile. I did a couple searches and I thought I had gotten the virus finally removed, so I told the customer he was all fixed up.
It wasn’t long later the customer contacted me that he was still getting the Yahoo redirect every now and then. When he did a Google search most of the time it would return a Google search result but 10% of the time the stupid Yahoo search engine would come up.
I had a couple more things to try. I decided to try uninstall Google Chrome and reinstall it. But it wasn’t long till that Yahoo redirect was back at it. I ran another Malwarebytes scan and it returned clean. I did some searches online and I ran across a comment in one article that got me thinking. It mentioned something about the DNS servers. I decided to give that a try.
I removed the DNS servers and boom!, the Yahoo redirect issue was gone. Apparently, the virus statically assigned those DNS servers which was causing our issue.
If this still doesn’t prove to kill your Yahoo redirect, I would make sure your browser doesn’t have a proxy settings. Go to Internet Options > Connections > LAN Settings and make sure you are set to Automtically detect settings.
Update 6/27/14: Here is another troubleshooting tip I came across, that could be affecting some of you. Some malware and adware is smart enough to change the mapping of IP addresses to host names in the default Windows HOSTS file. Here is how to check if that is changed.
Check what your IP address mappings to each corresponding host name is. If you find weird IP addresses, “Google” them and see where they are coming from. If you are sure they are malicious DNS servers, remove that line in the document, and save the file again. Restart your computer and then do another search and see if the Yahoo redirect clears up.
I hope this helps you out!! This was posted by techspeeder.