Hi Anup, I have followed up all your steps, but I can’t find any Virus under the ntbtlog.txt.. Are there other places that the virus hides? Because since last Sunday I have been infected by a virus, I can not use Firefox and Internet explorer effectively. Every time I am visiting a web-site I am being redirected to the following webpage: onlinefwd . I have checked the Installed programs, checked under the Task Manager and the Registry Editor, nothing.. Any Advice?
Restart the computer, keep tapping F8 when the computer starts to get the windows advanced boot menu.There is an option “enable boot logging” This should get you the log file in the specified location
Hi Andrew, Glad it helped. Yes.There are lot of scenarios where the redirection is caused only by corrupted host file and not by any infected file. That is why I insist to follow the troubleshooting in that order. some website scripts are designed to automatically corrupt the host file without being downloaded on the computer.
Man your a genius I have been trying to get a redirect virus off my computer for weeks this worked great, I think it was only in the hosts file i did not find anything any where else in the drivers of otherwise.
is it common for it to only be in the hosts file?
If a line says # 68.3456.120 xxxxxx.com, “#” tells computer to “ignore anything written in the same line” This makes the line safe. Usually you might see lot of entries like this if you use software’s such as spybot or adaware.Removing these thousands of entries is not necessary,but at time it is a good practice to keep it clean.Not sure if you are trying to edit host file correctly.Check video description,there is a link inside to how to edit host file properly.Follow the details.
I got as far as opening that page in notepad, & there were literally 100’s of websites listed, but some seem to have been put there by an anti-virus software?
I tried to copy & paste them here, but got an error message, so I can’t show you what I see.
When I deleted all of them (there was nothing aside from a LONG list of websites, prefaced by this # 127.0.0.1, & this text :# Start/End of entries inserted by Spybot - Search & Destroy) so I removed everything & went to save it, I couldn’t.
I found the following and when I google it it comes up with issues related to it possibly being a trojan. I wanted to get your advice before deleting though as I certainly don’t want to delete if it is legitimate. Below is what it says..