If you've ever found your web browser home page inexplicably changing to a search page you've never heard of (or even Google.com), or you notice that the default search engine in your browser's search bar has changed, you could say that you have been a victim of a browser redirect virus. There is no single 'Browser Redirect Virus' though. Rather, the term covers myriad software that hijacks and redirects your web browser to a page other that the one you were trying to reach.
You might call it a virus, but others might call it unwanted software or a browser hijacker. We're not here to debate this though: we want to help you clean up your browser and restore order.
Why do browser redirect viruses exist?
Like all malware, the answer is cold hard cash. The people who propogate such unwanted software do so in order to generate revenue via Google search or another third-party search engine. Every time you search via Google adverts appear. Thus every search generates money for someone.
Many web browsers block pop-ups and redirects automatically. But sometimes a virus can override this setting. Websites can use Google Custom Search to improve the search experience on their own pages, and to generate a little extra revenue. So when you search a site you like and see Google ads on the results page, it is likely that they are using Google Custom Search.
At the simplest level browser redirect 'malware' uses this functionality to take you to a custom search page and then generate tiny amounts of money every time you use that page to search and adverts are delivered. Those annoying virus-like search toolbars and pages such as Delta and Babylon take this a step further, building legitimate search engine functionality into their own 'search engines', and delivering ads they themselves sell. These tend not to be high-class ads for high-class products.
In order to force you to use their search services as often as possible the many variants of the redirect virus can change your browsers' home pages. They'll mess with the default, managed, and provided search engines. You may even find that your PC's browser shortcuts and Windows hosts files are tweaked without your conscious permission - although you may have unwittingly clicked an EULA (End User Licence Agreement) when trying to install what appeared to be unrelated, legitimate and useful software.
It's not a good idea to have software on your PC or laptop doing things you don't know about. And it can be worse than simply irritating. They may be collecting your passwords, account names and home addresses. And you really don't know what you are getting in to when you click any link on any infected site.
How to get rid of a browser redirect
As with removing unwanted browser toolbars, there are various things you can do, and we recommend trying them all. Follow them in the order we've set: if you do only one thing it should be a virus scan, because it should isolate any further infection. But to properly resolve the irritating symptoms that brought you to this page you'll have to at least change your browser settings and remove the unwanted toolbars and extensions.
1. Scan and remove malware
We're going to assume that you have up-to-date antivirus. If you don't: get it. Now. Read our Best security software guide and install the tool that takes your fancy.
Once you are confident you have the correct software installed, and you have used it to scan for malware and removed anything you have found, you need to do a second sweep. This is not as simple as installing a second antivirus or security suite. Such programs are not designed to run together and will often wrongly identify other security software as malware. Instead we would use Malwarebytes' Anti-Malware Free, which is free software dedicated to run as a second virus scan. Install and run Malwarebytes to ensure the infection is removed.
2. Remove browser add-ons, extensions & toolbars
In Google Chrome click the three vertical dots near the top-right corner, then choose More tools... and then Extensions (you can also type chrome://extensions in the address bar). Click 'REMOVE' below the extension(s) you want to get rid of.
Chrome also has a built-in 'Clean-up tool' which you'll find by clicking those three vertical dots and choosing Settings. Scroll down to where it says Advanced and click on it. Now scroll to the bottom and click 'Clean up computer' and click 'FIND' next to Find and remove harmful software.
In Firefox click the three horizontal bars near the top-right and choose Add-ons, or press Ctrl-Shift-A. Now click on Extensions in the left-hand menu and click Remove next to those you want to delete.
In Microsoft Edge, click the three horizontal dots (top-right) and choose Extensions from the menu. Hover over the one you want to delete, click the cog icon then click the Uninstall button.
3. Change your home page(s)
If the virus has changed your web browser's home page you need to manually change it back. Here's how:
In Google Chrome click the icon in the top right-hand corner of the screen (it's three vertical dots). Go to Settings, and then scroll down to 'On start-up' and make sure 'Open a set of specific pages' is enabled. Then click 'Add a new page' and type https://www.techadvisor.co.uk (or some inferior site, if you must).
In Firefox, click the hamburger menu (three horizontal lines, top-right). Choose Options. Then make sure that next to 'When Firefox Starts:' the option selected is 'Show your Home Page'. Then in the 'Home Page:' field below insert https://www.techadvisor.co.uk or whichever site you want to be your home page.
If you use Internet Explorer go to Tools, Internet Options. Now type or paste in its address in the field for your home page and click Ok.
4. Change default browser and remove unwanted search engines
Click the three vertical dots (as in the previous section) and scroll down to Search Engine. Simply use the drop-down menu to choose a search engine.
Open the menu (the three horizontal lines) and choose Options. Click Search from the left-hand menu and use the drop-down menu below Default Search Engine to pick the one you want.
Microsoft doesn't want you using anything other than its own search engine, Bing, so it makes it difficult to change it.
First, go to the website of the search engine you want and then click the three horizontal dots, choose Settings, then View Advanced Settings. Scroll down to Privacy and Services and click Change the search engine. You should see the name of the search engine you visited, so long as it supports the 'OpenSearch' standard.
5. Optional: Repair browser settings
Your web browsers should now be back in sparkling form, but let's take a belt-and-braces approach and make sure. Install the free CCleaner utility. Now go to Cleaner, Windows/Applications. Click Analyze, and when the analysis is complete click the Run Cleaner button.
Go to Tools, Startup and search through each tab. Click Disable and Delete for any entry that includes 'search' in the title or filename.
6. Optional: Repair Windows host file, reset proxy settings
For almost everyone the redirect virus will now be a thing of the past. But if you want to be super sure that you are in the clear we recommend undertaking the following tasks.
First up repair the Windows hosts file - if you don't know what you are doing here, this may be something best left to the experts. But as we will explain, you can open Notepad with administrator privileges, by right clicking Notepad in the Start menu and clicking Run as administrator. Now open the Hosts file, you'll find it here: C:\Windows\System32\drivers\etc\hosts.
Before you do anything, copy the whole file and paste it into another text document that you save to your desktop, with the same filename as the Hosts file. If the changes you make mess up anything, you can replace the Hosts file with this document.
Delete any entries that look anything like this: '000.00.00.00 botcrawl.com' or '000.00.00.00 google.com'. They'll appear as additions at the bottom of the file. Resave the Hosts file.
Finally, let's repair each browser's proxy settings so that the Google redirect virus definitely can't hijack your browser.
To do so with IE, launch Internet Explorer, and go to Tools, Internet Options. Click the Connections tab, select Local Area Network (LAN) Settings and unselect everything, press Ok. (If you are at work this is something for which you should ask help from the network admin.)
In Chrome, as before go to Google Chrome Options. Scroll down to the System section and click Open Proxy settings. The same window will appear as for Internet Explorer, so do the same as instructed above: un-check 'Use Proxy server for your LAN' and click Ok.
In Firefox, click on the hamburger menu and go to Options. Scroll down to Network Proxy and select No proxy and click Settings... Choose No Proxy and then click OK. (Again, if you are at work this is something for which you should ask help from the network admin.