Thursday, 21 March 2013

Remove Why do I see this page? virus - Attention Required survey scam

Why do I see this page? - Attention Required warning is a clear indicator that your computer is infected with malware which hijacks Windows Hosts file. Most of the time, this virus modifies Hosts files and denies or restricts access to the following websites:
  • Facebook
  • eBay
  • MySpace
  • Tumblr
  • Twitter
  • Google
  • Youtube
  • IMDB
  • and many other sites


The fake waning says:

We have noticed some unusual activity from you recently

To get Access to all of these pages again please verify that you are human

After completing a survey you will receive instructions how to access these pages again.


If you are unable to access one of the sites listed below or for example your favorite forum and you get this "Why do I see this page?" notification instead then you should either recreate or clean a Windows Hosts file. Please note that this virus is not the same for everyone. I've found a few samples that did more than just Hosts file hijacking. Virus also installed a potentially unwanted web browser extension and in one particular case, I even found Trojan.Droppper installed on my PC. Hosts file hijacking can hardly be introduced as something new. It's pretty much like a Trojan ransom infection, except that in this case you have to verify that you are a human first by doing a quick survey. Well, I actually did the survey but still could't access any of these sites, so it's not just another infection, it's even worse -- a non-working scam.

You may ask how do they block such popular sites? The answer is pretty simply. Each website has it's own IP address, so for example if you type facebook.com your web browser takes you to Facebook's main web server. What scammers did here, they basically instructed your web browser to use modified Hosts file and as a result all these sites are redirected through scammmers' web server where they inject the Why do I see this page? - Attention Required warning. Please note that your web browser still displays the correct URL but the content is completely different.

If your computer is infected, do not follow the on screen instructions and do not fill in any surveys, especially those which ask for personal information, for instance your email address or phone number.

To remove Why do I see this page? virus from your computer, please follow the removal instructions below. I hope this helps. If you have any other questions or maybe you would like to share the removal method that worked for you, please leave a comment below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Why do I see this page? removal instructions:

1. Download recommended anti-malware software and run a full system scan to remove this virus from your computer.





2. Reset Windows HOSTS file.

Go to: C:\WINDOWS\system32\drivers\etc.
Double-click "hosts" file to open it. Choose to open with Notepad or any other text editor.



The Windows hosts file should look the same as in the image below (Windows XP). There should be only one line:

127.0.0.1 localhost (Windows XP)

127.0.0.1 localhost ::1 (Windows Vista/7/8).

If there are more lines, then remove them and save changes. Read more about Windows Hosts file here: http://support.microsoft.com/kb/972034



Alternate method: to reset the Hosts file back to the default automatically, download and run Microsoft Fix it tool and follow the steps in the Fix it wizard.

3. Remove malicious extensions from your web browser.

Google Chrome:
1. Click on Chrome menu button. Go to ToolsExtensions.
2. Click on the trashcan icon and remove the extensions that might be causing the fake warning to show up. Basically, remove all extensions that you didn't install. It's perfectly OK to remove all extensions since by default Google Chrome comes without any extensions.

Mozilla Firefox:
1. Go to ToolsAdd-ons.
2. Select Extensions. Remove all extensions that you didn't install. Please note, by default Firefox comes without any extensions.

Internet Explorer:
1. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.
2. Select Toolbars and Extensions. Remove all add-ons that you didn't install or you believe may cause those annoying pop-ups to show up.

4. Download CCleaner and tidy up your computer, remove temp files, etc.

5. If the problem persists, please read this web document and follow the steps carefully: http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html

No comments:

Post a Comment