New malware redirects all major search engine results to Gala search

13Sep, 2010

If you are being redirected to galasearch every time you search for something it may be because this shitworm planted few manual hosts on the hosts file.

First thing it does is hide the host file, so by going to C:WINDOWSSYSTEM32DRIVERSETC you will not see hosts at all. To show hosts, click on Tools from any open folder, and then go to Folder Options, switch to View tab and check “show hiden files and folders” and also uncheck “hide extension…” and ” hide protected operating system files”.

At this point you should see hosts file, but you may not be able to change it, or delete it. Rename it to some random name and create a new empty hosts file.

Here’s the list of infected or modified hosts:


  • dirk March 31, 2011 @ 7:00 am

    I got this problem, But nothing changed my host file… Tried so much nothing works…
    Im going to jump of the bridge, cause i cant google.

    • Gimeti April 1, 2011 @ 2:24 pm

      make sure your DNS settings are not highjacked on your router. Find out your routers IP address (usualy and change DNS to I’ve seen this kind of stuff at router level.

    • Brian April 1, 2011 @ 5:21 pm

      I had this problem on my daughters computer and I couldn’t delete the host file. I just copied the file from another PC onto a flash drive and replaced the one on my daughters PC. When you copy it to the System 32 folder it asks if you want to replace the existing file and that fixed the problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.