Google redirecting

I use Firefox on Windows XP to browse the net with google. After google finds so many sites, I click on a site of interest and it re-directs me to a different one, mostly real estate companies or some other balderdash that I do not want, using some weird engine other than google. It occurs 9 out of 10 times.
I do not know where to send messages directly to Google. It seems that they hide from the rest of the world.
This situations has been occurring in the last month. July 2009.
Do you know of some weird problem with Google? I don't think I have a virus because if I browse with Ixquick or I-e the situation doesn't occur and I go where I want without being re-directed.
I'll appreciate any information about the matter.
Thanks for your time
Oscar

 

Hi, Oscar. Welcome to Windows BBS!

As Broni alludes, you likely have malware issues that need to be fixed according to the instructions given above by Broni.

===================

First off, I do not recommend you make any changes to your system until your computer is clean and you are comfortable about safely making those changes. In other words, regarding my information below, look but do not edit.

Since you described yourself as "experienced" and I can relate to the notion of understanding why something is occurring, here's my description of what I think is happening.

I suspect your computer's "HOSTS" file has been hacked by malware to redirect Google traffic to a different address. When using a network such as the Internet, your computer checks this HOSTS file for an IP address before it queries your ISP's DNS server for the IP address.

Your HOSTS file (with no extension) is probably located in C:\WINDOWS\System32\Drivers\etc\ (if you're using Windows XP) and you can open the HOSTS file with Notepad to view its contents. If you're curious, you can try looking at the HOSTS file in notepad before you start your malware removal efforts that Broni specified you should to.

The first "active" line of that HOSTS file should be as follows.

Code:

127.0.0.1   localhost

The "127.0.0.1" is the IP address of your computer. This line MUST remain as the first line of your HOSTS file. In a default Windows OS, this is typically the ONLY "active" line of the HOSTS file.

Then, after that line, are likely more "active" lines that were put there by malware with IP addresses of dubious sites followed by www.google.com, google.com, www.yahoo.com, yahoo.com, etc.

Therefore, when you type www.google.com or yahoo.com into your browser, or you click on your Google bookmark, or you use your Google toolbar, you will be directed to the dubious IP address instead of Google's official IP address.

The malware probably did not put in any HOSTS entries for IxQuick or your other search engines (probably because those search engines are not as widely used).

=======

There ya go...a brief explanation of what I think is up with your computer. If you want further clarification, then feel free to ask in this forum.


EDIT: Some malware hacks the HOSTS file a little differently. Some malware will put lines in the HOSTS file similar to what I show below.

Code:

127.0.0.1   www.windowsbbs.com
127.0.0.1   windowsbbs.com
127.0.0.1   www.symantec.com
127.0.0.1   symantec.com
127.0.0.1   www.malwarebytes.org
127.0.0.1   malwarebytes.org
127.0.0.1   www.bleepingcomputer.com
127.0.0.1   bleepingcomputer.com

etcetera

Those HOSTS entries would effectively prevent the computer from accessing those sites (i.e., to prevent the computer user from getting expert help).

When the user tries to go to www.windowsbbs.com seeking malware removal help from our esteemed Broni for example, the hacked HOSTS file will direct the web browser to the person's own computer and simply display a blank page.