Announcement

Collapse
No announcement yet.

esurf.biz re-directive virus ESURF.BIZ BIG PROBLEM! ESURF.BIZ BIG PROBLEM!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • esurf.biz re-directive virus ESURF.BIZ BIG PROBLEM! ESURF.BIZ BIG PROBLEM!


    Hi,

    I recently had big problem with a virus on my PC

    It is called 'esurf.biz' . The Malware fighter failed to detect it and stop it.

    I finally was able to stop it, but I had to follow complicated proceedure to do so.

    I hope you add it to your update soon, it was very bad virus. I hope it doesn't get me again...

    Here is a link that discusses the problem....

  • #2

    Here's how I finally removed it.... (this is my post on Microsoft website also)...


    To remove this 'esurf.biz' virus, use your 'file explorer' or 'search bar' and go to-


    C:/Windows/System32/drivers/etc/hosts

    Open up the 'hosts' file using 'Notepad'

    on the bottom of the page will look like this-

    _________________________________________________________________________
    These 5 lines are good and you should leave them alone:

    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    # localhost name resolution is handled within DNS itself.
    # 127.0.0.1 localhost
    # ::1 localhost


    _________________________________________________________________________


    However, if there are additional lines underneath, such as:

    # 127.0.0.1 down.baidu2016.com
    # 127.0.0.1 123.sogou.com
    # 127.0.0.1 www.czzsyzgm.com
    # 127.0.0.1 www.czzsyzxl.com

    then you need to delete them (I had to delete these 4 lines here).

    However, the 'system' (administrator) will not let you delete those lines! , so you need to do a 'work-around'. so here is a 'work-around'...

    To erase them, make a copy of the file named 'host' and paste the copy of it on your desktop.

    Then, delete the original 'host' file in the 'etc' folder.

    Then, open the 'host' file which is on your desk top and delete the last 4 lines mentioned above beginning with
    # 127.0.0.1 down.baidu2016.com... etc, etc, (the last 4 lines).

    then save this new file named 'hosts' and put this new 'hosts' file back into the 'etc' folder.



    Now, you can go back and open your browser and it should not open to 'esurf.biz' anymore.

    But, if it does, then you need to delete your old browser shortcut on your desktop, or taskbar, or wherever you keep it.... and make a fresh shortcut on your desktop...

    For instance, I deleted my old short-cut for 'Opera', and then made a new fresh shortcut for it by going to the source 'Opera Icon' and making a new shortcut from it.

    To do this, go to C/ Program files x86 / Opera (or whatever browser you use). Look around in the files there until you find the familiar icon for that browser.

    Right click on that icon, and select 'send to desktop' (create shortcut).
    This will make a new shortcut which will then work properly

    and the 'esurf.biz' page will no longer appear when you start up your browser.


    After doing this also, your browser will start up a lot faster now, because this 'esurf virus'won't be slowing it up anymore!! Horray!!

    Comment


    • #3
      Hi lamptree,

      Thanks for your feedback.

      We will collected the related informaiton in our database to ensure it can be removed completely.

      Thanks for helping us improve our products.
      IObit Support Team --
      If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

      Comment


      • #4
        I would recommend resetting your web browser to get rid of esurf.biz.. It seems that one of browser hijackers that are very popular right now.

        Comment


        • #5
          GabrielRoss, unfortunately simply reseting browser would hardly give you any results with this.

          Firslty remove it with some anti-malware software.
          Secondly Esurf.biz made a entry in hosts file, and only propper way to remove it is to remove it from the hosts file.

          Iamptree gave a nice tutorial on how to get this done, GJ Iamptree!


          Cheers

          Comment

          Working...
          X