What to do if Yandex writes oops. Removing the Yandex Oy virus. The requests coming from your IP address appear to be automatic. How to fix the Oy page on Yandex

I mainly I use Yandex as a search engine, and I use it quite often, looking for something, reading, clarifying terms and facts. Once again I clicked on the “find” button and received this response: surprise: picture is clickable

We're sorry, but the requests coming from your IP address appear to be automated. For this reason, we are forced to temporarily block access to search.
To continue the search, please enter the characters from the image in the input field and click “Submit”.

Why did it happen so?
Perhaps the automatic requests do not belong to you, but to another user accessing the network from the same IP address as you. You need to enter the characters into the form once, after which we will remember you and be able to distinguish you from other users exiting from this IP. In this case, the page with the captcha will not bother you for quite a long time.
You may have add-ons installed in your browser that can make automatic search queries. In this case, we recommend that you disable them.

It is also possible that your computer is infected with a virus program that is using it to collect information. Maybe you should check your system for viruses, for example, with the CureIt antivirus utility from Dr.Web.
If you have any problems or want to ask our support team a question, please use the feedback form.
If automatic requests actually come from your computer and you know about it (for example, your line of work requires you to send similar requests to Yandex), we recommend using the Yandex.XML service specially developed for these purposes.

So it can’t be a virus for sure, because I’ve been under reliable protection for several years now licensed Kaspersky.

The browser add-on was SeoQuake, I installed it for literally 3 days, played around with it and uninstalled it, it did me little good, and the multi-colored icons in the browser and in the search results began to irritate me.

Another 2 hours before receipt Yandex warnings about automatic requests From my IP, I used several online services to monitor external links to my site, their anchors and visibility for search engines.

On the one hand, I guess that either SeoQuake or the search for external links could send to Yandex excessive number of automated requests. On the other hand, at the time I received the above message from Yandex, I had not monitored external links for 2 hours and deleted SeoQuake.

This message was received only 1 time; after entering the captcha code, Yandex began to behave as standard.
I didn’t understand why this message appeared, but I’m glad that everything was resolved successfully.

If you are offered to send an SMS, do not do it under any circumstances.

Description of the problem:

Fraudsters replace the main page of yandex.ru, mail.ru and google.com and, as if on behalf of the search engine, temporarily block access to search. Misleading a person, scammers, as usual, ask you to provide your phone number, and in the second step, enter the activation code from the SMS message received in response. This is how you usually activate a paid SMS subscription.

An example of Yandex oh virus pages and their contents:

“Oh... We're sorry, but the requests coming from your IP address seem to be automated. For this reason, we are forced to temporarily block access to search. To continue your search, please enter your phone number in the input field and click "Submit".

What should you do if Yandex writes “Oh... We are very sorry, but the requests received from your IP address look like automatic ones”?

1) START>>SETTINGS>>Control Panel>>Scheduled Tasks.
Turn off and delete the task, the exe file of which is located - C:\Documents and Settings\All Users\Application Data\Mozilla\xxx.exe
We delete the EXE file itself!!!
2) START>>Run>>regedit
Let's go to the thread
Make the “AppInit_DLLs” parameter empty. Previously, it referred to a dll file located in the folder - C:\Documents and Settings\All Users\Application Data\Mozilla\
3) Reboot the computer, delete the dll file from the folder - C:\Documents and Settings\All Users\Application Data\Mozilla\
4) Go to “My Computer” >> Drive C (or the drive on which Windows is installed) then go to the Windows folder, then look for the System32 >> Drivers >> etc folder. We find the “hosts” file there, open it through “Notepad” or any text editor and delete everything that is written in this file. Save. Then right-click on the file and check the “hidden” checkbox.
5) Launch the browser. Congratulations, if you did everything correctly, the sites should open as before!

I wanted to install a broken FTP client and got myself a virus. The virus put me in a panic, as all my pages on social networks were hacked. An inscription appeared on vk.com:
"We detected suspicious activity and temporarily froze your page to take it out of the hands of attackers." When trying to restore access to the pages, no SMS was sent to the phone. There was a question about what to do if you don’t receive an SMS. There, an id number of some kind is issued, which needs to be sent to a short number. I sent it. Nothing. Sent it to the second number listed. Nothing. In general, I realized that something was wrong, I logged in from another computer and everything went smoothly. In the end, I sent two SMSs, and they charged me 300 rubles. The first thing I did was call Megafon and leave a request for a refund and verification of these short numbers. The second thing was to log into all accounts from another computer and change the passwords. The third thing I did was go to Yandex to start Googling how to remove this virus. Yandex was also replaced by this:
"Oh... We're sorry, but the requests coming from your IP address seem to be automated. For this reason, we are forced to temporarily block access to search.
To continue your search, please enter your phone number in the input field and click "Submit". "

The same thing happened with Google:

Thank God, the completely worthless Rambler at least worked.

Attempts to remove the virus:
1. I started the treatment by scanning the system with my Microsoft Security Essentials antivirus
This is a free antivirus from Microsoft.
Download here: http://windows.microsoft.com/ru-ru/windows/security-essentials-download
He found nothing.
2. I looked in startup and searched for the virus manually in
C:\Documents and Settings\Administrator\Application Data
C:\Documents and Settings\Administrator\Local Settings\
C:\Documents and Settings\Administrator\Local Settings\Application Data
There was nothing
3. I cleared the entire system with all cookies and caches in all browsers using CCleaner.
The program is very good, it cleans out a lot of unnecessary junk from the computer. I've been using it for 10 years now.
Download here: http://www.piriform.com/ccleaner (free)
Did not help
4. Then I manually deleted all the entries in the registry through a search where the name of the program that I installed and which caused the virus was found.
Start->Run->regedit
The combination Cntrl+F searches
Did not help.
5. Then I scanned the system with Ad-Aware from Lavasoft.
A good program for searching for any kind of malware (http://ru.wikipedia.org/wiki/Malware).
The program is old, not sure if it is supported yet.
She found some dangerous crap, deleted it, rebooted it, it didn’t help.
6. I downloaded a free utility from Dr.Web - drwebcureit.
I scanned it and found two jambs. The first is that my hosts file has been changed, but I changed it myself and everything is correct there, there were no new entries or a hidden file. Secondly, this utility complained about Multi Password Recovery, this is the program I need and I know that it wasn’t the one that hacked it all, since I’ve been using it for half a year now and everything was fine.
That is, drwebcureit didn’t help either.
7. I downloaded the avz program and scanned the computer, the program corrected something, rebooted, it didn’t help.
8. Then I read it here http://pc-polzovatel.ru/internet/oj-v-yandeks-poiske.html
that you need to check the boxes in avz in a certain way in order to get the result.
Scanned again. I flipped through the resulting report and saw that I had some kind of crap sitting in my
C:\Documents and Settings\All Users\Application Data\Mozilla
there was an executable file that none of the antiviruses deleted and the rafypfm.dll file
I deleted the exe file, rafypfm.dll could not be deleted, but I erased its extension and rebooted.
Voila it worked! Everything is fixed! I deleted the rafypfm.dll file after a reboot and created a hidden folder of the same name with the same name, this is done so that the file is not overwritten here again, a virus file with the same name cannot be overwritten over the hidden folder.

I spent about 3.5 hours fixing it.
Outcome/solution: You can’t trust anyone who asks you to send an SMS! All serious companies send SMS messages to your phone, VKontakte for example. I solved my problem using the avz program, in the report after scanning I saw where the malicious files were and deleted them manually. Theoretically, if I had searched better when trying to find viruses manually, I might not have had to poke around for so long.

Here are some other options for how to deal with the situation:
http://mdex-nn.ru/page/trojan-redirector.html
http://mdex-nn.ru/page/kak-razvodjat-na-dengi-v-socsetjah.html
http://pc-polzovatel.ru/internet/oj-v-yandeks-poiske.html

P.S. The virus pretends that you have been blocked not only on VKontakte, Yandex and Google, but also on Odnoklassniki, Facebook and Skype.

I dug through a bunch of different videos, forums and articles and put in my personal experience to find a solution.
If my post helped you, you can buy me a beer)

__________________________________
Tags for search engines: Vkontakte, VKontakte, vk.com, banned, closed, access, Yandex, yandex, closed, banned, virus, antivirus, what to do, solution, problem, issue, Odnoklassniki, Facebook, Skype, Trojan, sms, social

Yandex writes OH, what should I do now?

Well, first of all, if you want to continue searching in this search engine, then you need enter the indicated characters in the picture and press Send. And then the page we need will load. But note, you just need to enter the characters, but you DO NOT need to send any SMS or anything else!

Secondly, we need to try to figure out why this happens, and from time to time we are asked to enter some letters?

Yandex suspects that we are a bot, that is, not a real person, but a program that automatically enters the site and creates a load on the server, performing an endless search. Thereby Yandex checks us and writes OH, asking you to enter some sometimes complex code or word. And it turns out that if we entered text and clicked “ Send", then we are not a robot.

Why can this happen all the time? Why does “Yandex write OH”, because we have already entered the characters?

This can happen for several reasons!

1. Viruses

Treat viruses! The first thing you need to do is look for viruses. Scan your computer with a good antivirus, as this is a common cause of the “Oops, from Yandex” error. Especially if they ask you to enter not the characters from the picture, but to send an SMS. Then it’s definitely the tricks of malicious code.

2. Changed hosts file

This option follows from the previous one. Malware may have damaged the Hosts file. Some lines could have been written in it that would block access to the real Yandex website. Instead, some clone is loaded. Need to . If you know where this file is, then make sure it is in order, otherwise I recommend the utility Reset Hosts - quickly corrects the file we need.

3. Dynamic IP

The most difficult problem to solve is when we have a dynamic IP address, and it is distributed to a huge number of users. This is a common problem when an Internet provider provides the same IP address to dozens, or even hundreds of its users at once. But when we access Yandex, it identifies us precisely by IP address.

Imagine you and dozens of other people who are connected to the same provider as you. Everyone sits on the same IP and logs into Yandex from time to time, but he thinks that this is one person. More precisely, he is no longer a person, he already suspects that you are a robot. Therefore he gives out his error OH enter the characters from the picture.

Here you need to either accept it and enter characters from time to time, or change the provider. And it’s not a fact that it will help. There are of course some tricks, for example, at the software level. That is, install a special program that will emulate as if we had a different IP (From Germany, USA, Brazil, and so on). But this also has its downsides: sites will load much slower (and some will refuse to work altogether). In general, read the lesson (link just above), there we touched on in detail IP address change topic.

P.S. Try temporarily switching to the Google search engine, maybe it won’t pester us with requests to enter some stupid characters. I'll do that, otherwise I'm sick of it from Yandex "OH, we're very sorry".

If you are faced with the fact that Yandex does not work, and instead of displaying the standard page it says “ Oops... Requests coming from your address seem to be automatic” and asks you to enter a phone number in order to continue the search - first of all, do not believe it: this is just another way for scammers to get your money by using malicious software.

In this article we will look at how to get rid of this message and return to a normal Yandex page.

What is this and why does Yandex write this way?

First of all, the page you see is not a Yandex website at all, it just uses the same design to mislead you. Those. The essence of the virus is that when you request popular sites (in our case, Yandex), it does not display a real page, but transfers you to a fake phishing site. Something similar happens when Odnoklassniki and other social networks do not open and you are also asked to send an SMS or enter your phone number.

Requests coming from your IP address appear to be automatic

How to fix the Oy page on Yandex

Now let’s talk about how to fix this situation and remove the virus.

So, if Yandex writes Oops, then we do the following:

1. Launch the registry editor by clicking the buttons Win+R and enter the command regedit.

Quote

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

4. Open Windows Task Scheduler and look at the active tasks in the scheduler library - among others, an item should appear there that launches some exe file with the same location as the library in AppInit_DLLs. Delete this task.

6. Remove two files in the virus location - the DLL and the Exe file from the job.

After this, you can restart your computer in normal mode and, most likely, if you try to open Yandex in a browser, it will open successfully.

Another way is to use the AVZ antivirus utility

This option, in general, repeats the previous one, but perhaps it will be more convenient and understandable for someone. To do this, we will need the free antivirus utility AVZ, which can be downloaded for free from here:

After downloading, unpack it from the archive, run it, and in the main menu click " File» - « System Research" After that, click the button Start", you do not need to change any settings (the only thing is that you will need to indicate where to save the report).

Quote

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows,AppInit_DLLs.