? asked in Computers & InternetSecurity · 9 years ago

How can I remove the Google Redirect virus?

Hello everyone,

I was recently infected (recently as in yesterday) with a malicious virus that (after extensive research) I now know is called the 'Google Redirect' virus. It constantly redirects Google search websites to different ones that are probably infested with malware. I first downloaded Kaspersky Lab's TDSSKiller, which I hoped would solve the problem. I ran it, and it detected the problem. I rebooted my computer, but unfortunately, it didn't work. I ran it again and it detected no problems, but the virus was still there. Now I've downloaded Windows Security Essentials, and am currently running a Full Scan. I am crossing my fingers and HOPING that this will work. However, if the virus is not removed through that, then I'd need an alternative program. Can anyone who has had experience dealing with this rogue virus help me? I've heard that Hitman Pro and ComboFix have worked for others. Are those programs any good?

P.S. I wanted to do a system restore, but of course it was turned off. I really need this thing off of my computer as soon as possible...

8 Answers

Relevance
  • Anonymous
    9 years ago
    Favorite Answer

    This generic solution seems to work for most people.

    First

    click on Start > Run. Type in the following into the open box.

    devmgmt.msc

    then Click on OK. This will run Device Manager. In Device Manager,

    click on View > Show Hidden Devices.

    expand all the devices by clicking on the "Plus" sign. Now try to find

    TDSSserv.sys or clbdriver.sys or oUltraf or seneka.sys,

    right click on whatever one you found and select Disable.

    Please make sure that you do not select the Un-Install option

    otherwise infection will be back once you reboot your computer.

    if none of them are there do not worry,

    it could be something simpler but follow what comes next.

    you will have to enable view hidden folders in folder options > view.

    Delete everything in the windows temp folder,

    C > Windows > Temp

    Delete all cookies,

    Delete all temporary internet files(not to be confused with windows temp files)

    these are best deleted via your internet browsers.

    it will save you messing about in the the hidden system files

    reset internet explorer,

    tools > internet options > Advanced tab > reset .

    Delete everything in the prefetch folder.

    C > Windows > Prefetch

    Delete the hosts file,

    C > Windows > System32 > drivers > etc > HOSTS

    A clean hosts file will be written by windows when you reboot later.

    Note: if you were using a custom Hosts file

    you will need to replace any of those entries yourself.

    Delete the flash cookies found in the macromedia, #Shared Objects folder.

    c > users > "your name" > App Data > Roaming > macromedia > Flash player > #Shared Objects

    delete everything you find in the #Shared Objects folder

    Run a full scan with this

    Sophos Anti-Rootkit : http://www.sophos.com/products/free-tools/sophos-a...

    and remove everything suspicious it finds.

    When you run this,

    DO NOT have any windows open or any other programs running.

    Sophos Anti-Rootkit DOWNLOAD : https://secure.sophos.com/support/cleaners/sar_15_...

    Then run a full scan with this and remove what it finds.

    Super anti spyware Pro : http://www.superantispyware.com/

    Super anti spyware Pro DOWNLOAD : http://downloads.superantispyware.com/downloads/SU...

    this has a tool built in that can reset the URL prefix's

    USE IT.

    reset your router to default.

    your redirect virus should now be gone.

    download then run,

    Hitman pro : http://www.surfright.nl/en to double check.

    .

    • Login to reply the answers
  • Anonymous
    9 years ago

    The problem with the Google Redirect Virus is the ability of it to "hide" from your anti virus. It can do this by infecting a system file. Your typical anti virus will only detect viruses that are installed along with malware or when a process is run. Infecting a system file allows the virus to circumvent this protection.

    I had to deal with this problem many times before. The best way to deal with it, in my experience, has to be to use a program called ComboFix. This has worked wonders before and I have heard many positive reviews about it. You can get ComboFix here, free, along with a decent tutorial:

    http://www.personalcomputerfixes.com/spyware/how-t...

    • Login to reply the answers
  • 4 years ago

    Click on the link below for a free Emsisoft Anti-Malware program. That eliminated the Google redirect virus in my computer. My Mozilla Seamonkey update gave me the virus in the first place, and it kept updating an reinfecting me until I shut it down. Mozilla insists that the various anti-virus companies that detect a redirect virus in their programs are false positives, yet they all persist.

    • Login to reply the answers
  • Mike
    Lv 5
    9 years ago

    Ausra, here's an excellent Google redirect virus removal guide and anlysis: http://deletemalware.blogspot.com/2010/02/remove-g...

    I hope this helps. Good luck!

    • Login to reply the answers
  • How do you think about the answers? You can sign in to vote the answer.
  • 9 years ago

    Um, disable proxy server in your browser as well.

    There are "TDSS remover" tool, that is alternative for TDSS Killer as well

    Also, google redirects might be located in your router, hosts file, or just change your DNS server settings and couple other locations : http://www.2-viruses.com/how-to-fix-google-results...

    • Login to reply the answers
  • 9 years ago

    'Google Redirect' = TDSS

    I first downloaded Kaspersky Lab's TDSSKiller, I ran it, and it detected the problem

    I ran it again and it detected no problems - so it removed TDSS

    then run free rkill

    http://www.technibble.com/rkill-repair-tool-of-the...

    then run:

    Free Malwarebytes:

    http://www.malwarebytes.org/

    Free Superantispyware:

    http://www.snapfiles.com/get/SuperAntiSpyware.html

    Source(s): trojan TDSS rootkit, is a malware backdoor & can hide many things, you have remove TDSS now remove what its hiding. I wanted to do a system restore, but of course it was turned off = malware. Do NOT use ComboFix unless an expert tell you to & the first thing a expert would ask for is a HJT log.
    • Login to reply the answers
  • Anonymous
    9 years ago

    You can get help here:

    http://www.geekpolice.net/virus-spyware-malware-re...

    Fast, efficient and best of all, free.

    Or

    You can try using Malwarebytes Anti-Malware to remove it:

    http://www.geekpolice.net/malware-removal-guides-f...

    • Login to reply the answers
  • 6 years ago

    Easiest way is to use this http://bit.ly/1gmu579

    Unless your a pc wizz that is

    • Login to reply the answers
Still have questions? Get your answers by asking now.