Florida-Traffic.com redirect virus SOLVED

[RegEdit]

Anyone had any experience removing the Florida-Traffic.com redirect virus (AKA the Google redirect virus)? Click a link to a free anti-virus site and get rudely redirected to Florida-Traffic.com, Stopzilla and other unrelated sites.

This one is tricky. Neither Malwarebytes, SuperantiSpyware, Security Essentials, TDSSKiller, Sophos, or Process Explorer could detect it. SpyBot Search & Destroy found many issues but was unable to fix them due to errors. Finally I noticed that the hosts file was mysteriously MISSING from System32/drivers/etc/ I tried to drop in a hosts file but then Windows asked me if I would like to replace the EXISTING hosts file(!). Hold everything! This damn virus had placed about 30 HIDDEN hosts files in there! I deleted all but the last hosts file which was write protected, so that took a little extra effort to delete before replacing it with a real hosts file. I guess the lesson learned is among other things to remember to enable viewing of protected operating system files under folder options, which had been disabled in the registry.

Anyway I couldn't find ANY correct solutions to this one on the Internet so hopefully this post helps someone in the future.

 

[datadatau]

Thanks for the update, I have a call scheduled for tomorrow that sounds a little like this one.

 

[Cambridge PC Support]

remember to enable viewing of protected operating system files under folder options

usually do this as soon as I go into Explorer out of habit - but must remember to set back to defaults before giving back to customer

 

[georgenoise]

I ran across something like that not to long ago and found this little batch file to reset the permission so you can move in the proper hosts file. I keep this .bat and all copy of a blank hosts file on my thumbdrive. Here's the code:

@echo off
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f
attrib -s -h -r "%WinDir%\system32\drivers\etc\hosts"

Hope it helps someone.

 

[RegEdit]

found this little batch file to reset the permission so you can move in the proper hosts file.

What is that? Command prompt commands?
I was able to just uncheck "read only" although I think I may have done that within Bart PE.