How to remove Google Redirect virus (95p.com/mediashifting.com)

Of late I have been encountered with this frustrating problem:

Whenever I started browsing the web with my usual Google search engine,I was unnecessarily redirected to the URL 95p.com(or it may be http;//mediashifting.com).This would lead to opening up unwanted pages I never referred to in the search engine.The reason was that my browser and the system were infected by this malicious hijacker .

It took me around 6 days to get rid of this problem. However, after having done a thorough research, I was able to overcome this disastrous problem.

95p.com is a very harmful browser hijacker. It is a severe Google Redirect virus. It is instructed to attack all types of browser. The sole purpose of such hijacker sites is mere popularity of their websites to get more and more traffic so that they are able to attract advertisers. However, none of the contents in such sites are of any help to the viewers.

The various adverse effect which follows because of this Rediect problem are:

• Such sites changes and manipulates your browser settings and redirects you to their website. It might also control your system as changing your desktop image etc.
• It slows down your computer considerably and for opening any program, turning off the computer or browsing the internet, it might take time more than usual.
• It infects your windows registry and irrelevant pop up adds are launched.
• You might receive too much of pop ups including giving fake warnings and security alerts.
• It might corrupt your anti-virus, anti-malware and anti-spyware programs.
• It might track which site you visit the most and in a way try to control your browsing .
• It connects itself to the internet indicating that it also takes control of your system and security information. As a result your system is at a risk.

• The malicious sites to which the Google directs unnecessarily should be blocked and terminated. Go to your browsers setting for blocking the sites.

• The associated files of this malicious malware should be removed effectively. Check Windows HOSTS file. For this go to:

a)C:\WINDOWS\system32\drivers\etc.
b) Double-click on “hosts” file to open it. Right click to open with Notepad.

At the end of the notepad content , there should be only one line: 127.0.0.1 local host in Windows XP and 127.0.0.1 local host::1 in Windows Vista. If there are more, then delete them. Remember to save the changes after having done the modifications.

(Note: One of the few files that every browser shares is your hosts file. It tells the browser what websites it can and cannot visit)

• Stop the processing of this malicious malware using the windows task manager. For this:

a) Press CTRL+ALT+DELETE to open the Windows Task Manager.

b) Click on the “Processes” tab. Search for the virus random .exe or its associated .exe, then right-click it and select “End Process” key.

• Search for the installation of this malicious malware in Add/Remove Programs of the windows control panel.

• Using encrypted Google search engine prevents some of these viruses. It gives you a much secured web browsing without any interference from the third party.

• Check Local Area Network (LAN) settings. For this:

a)Open Internet Explorer. When the browser opens go to:"tools". From there click on "Internet options".

b)In the "Internet Option" dialog box select the “connections” tab, Click on “LAN settings” button which is the very last tab at the end.

c) In the "Local Area Network (LAN) settings" dialog box, uncheck the checkbox which says as"Use a proxy server for your LAN” option and click on "OK" tab.

• Check that the DNS settings are not changed. For this:

a) Open the Control Panel from the start menu or you may directly go to " Connect to" option from the start menu.
b) Go to " Network Connections" from the "Network and Internet Connections" category and double click to open it ( or you might just click on" show all connection if going by the second option).
c)You would see the “Local Area Connection” icon in both the cases. Right click on it and select “Properties” options. The "Local area Connection Properties" dialog box opens. Select the box indicating “Obtain DNS server address automatically” and click OK.

• Remove any add-ons from internet explorer that might seem to be irrelevant to you.They might affect your system in a destructive way. For this:

a) Open Internet Explorer. When the browser opens go to:"tools".From there choose" Manage Add-ons" option to open it.
b)From there click on "Disable" for any add-ons that you are suspicious of or have no knowledge of. They might track your browsing searches and the most visited sites of yours to hack your security information.

• The registry entries of the treacherous malware should be deleted. For this:

a)Click on the start button and then the " Run" menu which opens file, folders and documents.Type in “regedit” into the open box and click on "Ok".”

b)As soon as the Registry Editor is open , find and remove all malware or trojan registry files. For example:

HKEY_CURRENT_USER\Software\[random]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”

• Reset the cache i.e delete the contents of the DNS resolver cache .For this:

a)From the start menu go to "Run" and type in "cmd".Select "Ok".

b) In the cmd.exe windows, type "ipconfig /flushdns" and hit Enter.

(please note that this command does not renew your IP address)

If none of the above methods solve your problem then go for the following softwares :

Superantispyware : (more details can be found out from their websites).

Malwarebytes: (more details can be found out from their websites).

TDSSKiller: it is the best recommended for removing the Google redirect viruses, Trojans and malwares (more details can be found out from their websites).

Combofix: (more details can be found out from their websites).

All of these sofwares detects and removes spy-ware, ad-ware, Trojan horses, computer worms,root-kits and potentially harmful softwares.

It should be noted that ComboFix site owner does not recommend you to run this software without the consent of an expert or a person having good knowledge about running this software. Combofix automatically deletes some system's software which might cause some changes in your system functioning.

However in most cases, the TDSSKiller tool removes malware belonging to the family of Rootkit.Win32.TDSS . If the problem still persists after running the TDSSKiller then go for Combofix as your last resolution.