New malware redirects all major search engine results to Gala search

Charm City Networks > Blog > Microsoft > New malware redirects all major search engine results to Gala search
13Sep, 2010

If you are being redirected to galasearch every time you search for something it may be because this shitworm planted few manual hosts on the hosts file.

First thing it does is hide the host file, so by going to C:WINDOWSSYSTEM32DRIVERSETC you will not see hosts at all. To show hosts, click on Tools from any open folder, and then go to Folder Options, switch to View tab and check “show hiden files and folders” and also uncheck “hide extension…” and ” hide protected operating system files”.

At this point you should see hosts file, but you may not be able to change it, or delete it. Rename it to some random name and create a new empty hosts file.

Here’s the list of infected or modified hosts:

74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
217.23.7.114 www.google.com
217.23.7.114 google.com
217.23.7.114 google.com.au
217.23.7.114 www.google.com.au
217.23.7.114 google.be
217.23.7.114 www.google.be
217.23.7.114 google.com.br
217.23.7.114 www.google.com.br
217.23.7.114 google.ca
217.23.7.114 www.google.ca
217.23.7.114 google.ch
217.23.7.114 www.google.ch
217.23.7.114 google.de
217.23.7.114 www.google.de
217.23.7.114 google.dk
217.23.7.114 www.google.dk
217.23.7.114 google.fr
217.23.7.114 www.google.fr
217.23.7.114 google.ie
217.23.7.114 www.google.ie
217.23.7.114 google.it
217.23.7.114 www.google.it
217.23.7.114 google.co.jp
217.23.7.114 www.google.co.jp
217.23.7.114 google.nl
217.23.7.114 www.google.nl
217.23.7.114 google.no
217.23.7.114 www.google.no
217.23.7.114 google.co.nz
217.23.7.114 www.google.co.nz
217.23.7.114 google.pl
217.23.7.114 www.google.pl
217.23.7.114 google.se
217.23.7.114 www.google.se
217.23.7.114 google.co.uk
217.23.7.114 www.google.co.uk
217.23.7.114 google.co.za
217.23.7.114 www.google.co.za
217.23.7.114 www.google-analytics.com
217.23.7.114 www.bing.com
217.23.7.114 search.yahoo.com
217.23.7.114 www.search.yahoo.com
217.23.7.114 uk.search.yahoo.com
217.23.7.114 ca.search.yahoo.com
217.23.7.114 de.search.yahoo.com
217.23.7.114 fr.search.yahoo.com
217.23.7.114 au.search.yahoo.com

Tags:, , ,

3 Comments

  • dirk March 31, 2011 @ 7:00 am
    Reply

    I got this problem, But nothing changed my host file… Tried so much nothing works…
    Im going to jump of the bridge, cause i cant google.

    • Gimeti April 1, 2011 @ 2:24 pm
      Reply

      make sure your DNS settings are not highjacked on your router. Find out your routers IP address (usualy http://192.168.1.1) and change DNS to 8.8.8.8. I’ve seen this kind of stuff at router level.

    • Brian April 1, 2011 @ 5:21 pm
      Reply

      I had this problem on my daughters computer and I couldn’t delete the host file. I just copied the file from another PC onto a flash drive and replaced the one on my daughters PC. When you copy it to the System 32 folder it asks if you want to replace the existing file and that fixed the problem.

Leave a Reply

Your email address will not be published. Required fields are marked *