Why Do My Google Searches Always Go To iCityFind.com?

Most likely your computer is infected with a form of a Google Redirect Virus. In my case, my customers system had become infected with a rogue antispyware application. After removing this infection with a combination of MalwareBytes AntiMalware and Combofix, the google redirection still was causing all searches in Google to go to a combination of sites including iCityFind.com. All logs from the removal tools showed absolutely nothing but the infection remained.


How Do I Know I Have a Google Redirect Virus on My System?

Try to search Google for something and click on the various search results that show up, if none of the results allow you to go to the appropriate site, you are infected. Instead you'll be redirected to sites like:
Also, when I opened Task Manager there were two instances of Iexplore.exe running even though I did not have Internet Explorer open at the time. There were also two instances of SVCHost.exe open when all other programs were closed. These multiple instances of system files open led me to a rootkit infection. Many times I have found Combofix to be extremely useful in removing issues like this but it did not find anything in this case.

Can I Remove the iCityFind.com Redirect?

Follow these steps in order to restore internet access, check your hosts file, and finally delete the rootkit.

Fix Proxy Settings

1) Open Internet Options in the Control Panel or via Tools menu in Internet Explorer
2) Click on the Connections tab
3) Click on LAN Settings
4) Uncheck the "Use a Proxy Server for your LAN" setting. Especially if the address spot is blank.
5) Click OK

Proxy Lan Settings

3) Download RKill from Bleeping Computer to your desktop. Double-click on it and run it. This program will try to kill any malicious processes currently running on your system.

Check Hosts File

Follow the steps on my page about how to check or reset the Hosts File

Remove the iCityFind.com Redirect with TDSSKiller

Kaspersky Labs has created a removal tool called TDSSKiller to remove the Google Redirect Virus. Follow these steps to download and run it. In some cases, you may have to run it in Safe Mode with Networking to remove it.

1) Download TDSSKiller, unzip it, and Save it to your desktop.

2) Double-click on TDSSKiller.exe to run. If the program does not run, you may have to rename it to something like explore.exe, 123.exe, or something else before running it. The virus is trying to block the program from running, so renaming it will in some cases allow it to run.

3) Click on the Start button to start a scan and allow it to completely run

4) Allow TDSSKiller to fix any issues it finds and reboot the computer afterward

5) After reboot, try Google and see if the redirect it gone.

For more detailed information on TDSSKiller visit the Kaspersky page

Results from TDSSKiller


In my case, TDSSKiller would not run. I tried renaming it and even running it in Safe Mode, but the program refused to load. Actually the redirect problem was blocking TDSSKiller from running. So, I had to run another program..

Fixing the Google Redirect with Symantec's FixTDSS.exe

In a few circumstances, I have been unable to run TDSSKiller even after renaming it. In these cases, I have turned to the other removal tool that works, FixTDSS by Symantec. Follow these steps to download and run it.

1) Download the FixTDSS.exe tool from Symantec and save it to your desktop

2) Double-click on FixTDSS.exe and run it

3) Click Start to begin the process, and then allow the tool to completely run

4) Restart the computer when prompted

5) After reboot, the program will give you the results of the scan and cleaning.

6) Try Google and see if the redirect virus is gone.

For more detailed information on FixTDSS visit the Symantec page.

After running the FixTDSS file from Symantec and rebooting the computer, the redirect was gone. The log report from FixTDDS.exe showed an infection in a Windows system driver called Volsnap.sys. Which is the Volume Shadow Copy Driver used to make System Restore Backups. The FixTDDS program was able to cure the infection and restore the system to normal.

Run a Thorough Virus Scan


Finally, as an extra precaution, scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues.
 

Online Virus Checkers
Trend Micro Housecall - will scan and remove threats
BitDefender Scan Online - will scan and remove threats
ESet (NOD32) Online Scanner
Kaspersky Online Scan - will scan and remove threats
Panda Activescan - appears to only scan for but not remove threats
McAfee FreeScan - appears to only scan for but not remove threats
eTrust Antivirus Web Scanner - will scan and remove threats
Symantec Security Check - will scan and remove threats
Dr.Web Online Check - user can upload and test for threats on particular files

Trojan Scanner
TrojanScan by WindowsSecurity.com

Spyware Scanners
Malwarebytes AntiMalware
Super AntiSpyware
Spybot Search and Destroy


Congratulations! Your computer should be free of the iCityFind.com redirect problem!

Written by Mark Hasting





Links to Other Important Information

Support for Windows XP and Windows Vista without latest service packs ends in 2010

How to Fix 500 Internal Server Error in PHP 5.4 script

Computer shows Stop error and Continously Reboots after SP3 installed.

Product Key Does Not Match Current Windows SKU Error

Review of FastAgain PC Booster and How to Uninstall it

How to Remove MSBLAST.EXE worm

How to Remove Content Advisor Password in Internet Explorer

How to Fix Google Chrome not Opening Web Pages or Settingsnew

How to Remove Incredimail Automatically

How to Fix Problem of Limited or No Connectivity After installing Windows XP Service Pack 2

How to Recover From a Corrupted Registry in Windows XP

How to Speed Up Windows Boot Time

Acer ERecovery Service is Not Available

Acer Recovery CD Restore Failed Reason: 0xf0000051

How to Fix Problem with No Active Mixer Devices Available in Windows XP

Parents Guide to MySpace.com - a report every parent should read

Save and Restore Desktop Layout of Icons

What is Windows Genuine Advantage and How to Overcome Problems With It

Change Forgotten Administrator Password in Windows XP/2000/Vista

Not Enough Server Storage Error When Connecting to Computer on Network

Installing Windows Vista Upgrade on a Blank Hard Drive

How to Delete Your Windows Vista Logon Password

Remove Unwanted Icons from the Windows Vista Welcome Center

Cannot Connect to Network Printer with Windows Vista

How to Wipe, Delete, Degauss, and Destroy Data on a Hard Drive

Fixing RTHDCPL.EXE - Illegal System DLL Relocation Error in Windows XP

How to Fix Blank or Missing Title Bar in IE9

Unable to Open New Tab in IE9 - Spinning Favicon

Fix 404 Errors for /apple-touch-icon-precomposed.png and /apple-touch-icon.png

What is the Config.Msi folder and Can I Delete It?

Flash Player Installation Issues

How to Set Yahoo Mail as your Default Email Program

Unknown File in Winsock LSP - NWPROVAU.DLL - Can it be Removed?

How to Delete a Service in Windows Vista

How to Disable the On-Screen Keyboard in Windows Vista

Make Disk Cleanup Run Faster

What is CTFMON.EXE and How Can I Remove It

How to Export MSN Favorites to Internet Explorer

How to Fix Registry Editing Has Been Disabled By Your Administrator Error

How to Change Default Editor in Windows and Fax Viewer

How to Fix Problem when Windows Security Center reports multiple antivirus programs installed

How to Fix Problem when Windows Updates will download but will not install

How to Fix Problem when Windows Automatic Updates Service wont Start

Cannot Download Files With Internet Explorer

How to Keep Your Computer Up-to-Date

How to Fix the Prompt for Click to Run an ActiveX Control on this webpage

How to Remove "This Page Contains Both Secure and NonSecure Items" Warning Message

How to Fix Problem with Blank Add/Remove Control Panel

How to Fix Windows Vista Update Error 80244019

Troubleshooting An Error Occurred During Directory Enumeration

How to View and Decipher Minidump files created by Blue Screen error messages

How to Fix BLService Error on HP Computer in Vista

Google Adsense Hijacking - How to Respond

Windows Defrag Does Not Complete

Review of BigString Recallable Email

Fix Incorrect Time Stamp on Hotmail Messages

Deleting or Editing Typed URLs in the Internet Explorer Address Bar

Belarc Advisor - Quick Computer Inventory Software

How to Get Out of Full Screen Mode in Internet Explorer

How to Correct Missing "Copy to CD" option in My Pictures Tasks

How to Fix Code 39 error with CD or DVD Drive

How to Fix Problems When Windows Installer Popups Error With Missing .MSI Files

How to Fix Problems When Network Setup Wizard and Network Connections Won't Open

How to Fix Problems with Windows Help Errors

How to Delete Individual Entries from Run Command History

Foxit - Adobe Reader Alternative

How to Fix Autochk Program Not Found error

Difference between Master/Slave and Cable Select on a Hard Drive

How to Use Microsoft SyncToy to backup your important files

How to Delete Temporary Internet Files, Cookies, and History files

Review of PCDecrapifer Software Removal Tool

How to Fix Security Flaw in Adobe Reader

Computer Speakers Sound like Chipmunks

How to SVCHOST.EXE Application Error 0x745f2780

Troubleshooting the Unmountable Boot Volume Error in Windows XP

How to Disable, Uninstall, and Remove Windows Messenger instant messaging from Windows XP

How to Remove Windows Messenger in Windows XP

Free DVD Decoder Software and Help

Free CD Burning Software and Help

How to Use Remote Desktop to Access Multiple Computer on Your LAN

HijackThis Tutorial for removing Spyware

Review of Adsense Detective, Getting Stats and Results from Adsense

How to Disable System Restore in Windows ME or Windows XP

How to Uninstall Internet Explorer 7

How to Install NetBEUI in Windows XP

What is the KB891711.exe file in Windows 98 or Windows ME?

How to Troubleshoot and Solve USB Device Error Code 10

Spooler Subsystem App has encountered a problem and needs to close Error and How to Fix it

How to Fix Problem opening Microsoft Outlook

How to Disable News Headlines in Netscape

How to Bring Back Missing Folders in Netscape Communicator

How to Fix Access Denied Error when Using MSCONFIG

How to Fix HPQKBFiltr.Sys Keylogger Error in Kaspersky Antivirus

How to Backup and Restore Outlook Express Mail, Address Book, Blocked Senders List and other Settings

How to Fix Error 501 Permission Denied when changing fonts in Outlook Express

What is the Tilde (~) File on my Desktop?

What is the thumbs.db file and can I remove it

Password is Not Saved in Outlook Express or Outlook in Windows XP

Allow Viewing of Attachments in Outlook Express 6

How to Fix Problem of No Spell Check in Outlook Express

How to Fix Problems Viewing or Accessing Secure Web Sites

How to Start or Boot Windows into Safe Mode

What is the Winmail.dat file attached to emails?

How to Correct Unreadable Fonts in Norton Antivirus or Norton Systemworks

How to correct issue with No Visible Menu Bar or Tabs in Windows XP Task Manager

How Disable/Enable the Windows XP Welcome Screen

How to Fix RTLGINA2.DLL error with Windows XP Welcome Screen and Netgear WG111

How to Fix Windows Update Error 0x80070420

PopUp Ad Removal Software and Help

Review of ErrorNuker program to identify and fix problems with the Windows Registry

Spyware and Adware Removal Help

Review of Netflix Online DVD Rental

Recommended Software for PC Hell Visitors