Internet Search Virus (ezanga, stop-sign, etc.)

This problem has been occuring for about 3-4 weeks now and the problem keeps getting worse. I found some solutions to the problem on other websites but because of the search problem I cannot find those sites anymore. Every time I search google, yahoo, msn, and just about every other search engine; I get a list of "find more information about <search topic> at <website>". where the website is usually ezanga, stop-sign and many others. Please help me. Keep in mind I don't know too much about computers. I know a lot about running programs and others but not much about how to run in safe mode and dos promts.

 

I can install and attach the HijackThis log if needed.
Also Microsoft Anti-Spyware keeps finding it, but the problem keeps reinstalling itself back into my computer.

Possible Host File Hijack (Spyware)
"Host file redirection of 66.180.173.39 beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com"

I think what the spyware is doing is change the IP Address on the search engines or something allong those line. Is there any advise on removing the virus. I don't want to do a system restore.

 

Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Now, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

I ran hoster and it fixed the problem for about a minute. Then Microsoft antispyware detected a change in host, I click to block the change, but it goes through anyways. I have attached the HiJackThis log.

 

First, lets start off by running the below online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan
Panda Online Scan

After you complete all of the above scans reboot, run HOSTER once more doing the exact same thing as before except this time click the button "Mark HOST file as Read Only. After you do this attach a fresh HJT log.