Thursday, February 4, 2010

Remove Google redirect virus

In this article you will find recommendations how to remove Search Engine Redirect virus or Google Redirect virus. Most of the time it’s called Google redirect problem but please note that the redirect virus affects Yahoo and Bing search results too. This problem is very frustrating and unfortunately there is no one-click solution for it. Google redirecting virus is usually a by-product of malicious software. Many people say that this problem remains after removing rogue security software or Trojans. In some cases anti-virus and anti-spyware programs remove Trojans, but unfortunately can’t detect changes made by the virus. Anyhow, below is a list of things that you should do or check in order to remove Google Redirect virus or fix Search Engine Redirect problem.
  • Check Local Area Network (LAN) settings
  • Make sure that DNS settings are not changed
  • Check Windows HOSTS file
  • Manage Internet Explorer add-ons. Remove unknown or suspicious add-ons
  • Use TDSSKiller tool to remove malware belonging to the family Rootkit.Win32.TDSS
  • Scan your computer with legitimate anti-malware software (ComboFix)
  • Use CCleaner to remove unnecessary system/temp files and browser cache
  • Reset your Router back to the factory default settings


1. Check Local Area Network (LAN) settings
a) Open Internet Explorer. In Internet Explorer go to: Tools->Internet Options.
b) Click on “Connections” tab, then click “LAN settings” button.


c) Uncheck the checkbox under “Proxy server” option and click OK.



2. Make sure that DNS settings are not changed
a) Open Control Panel (Start->Control Panel).
b) Double-click “Network Connections” icon to open it.
c) Right click on “Local Area Connection” icon and select “Properties”.


d) Select “Internet Protocol (TCP/IP)” and click “Properties” button.


e) Choose “Obtain DNS server address automatically” and click OK.



3. Check Windows HOSTS file
a) Go to: C:\WINDOWS\system32\drivers\etc.
b) Double-click “hosts” file to open it. Choose to open with Notepad.


c) The “hosts” file should look the same as in the image below. There should be only one line: 127.0.0.1 localhost in Windows XP and 127.0.0.1 localhost ::1 in Windows Vista. If there are more, then remove them and save changes. Read more about Windows Hosts file here: http://support.microsoft.com/kb/972034



4. Manage Internet Explorer add-ons. Remove unknown or suspicious add-ons
a) Open Internet Explorer. In Internet Explorer go to: Tools->Manage Add-ons.
b) Uninstall unknown or suspicious Toolbars or Search Providers.



5. Use TDSSKiller tool to remove malware belonging to the family Rootkit.Win32.TDSS
a) Download the file TDSSKiller.exe
b) Execute the file TDSSKiller.exe.
c) Wait for the scan and disinfection process to be over.
More detailed TDSSKiller tutorial: http://support.kaspersky.com/viruses/solutions?qid=208280684



6. Scan your computer with legitimate anti-malware software (STOPzilla)
Download at least one anti-malware software from the list below and scan your computer. Don’t forget to update it before scanning. I recommend STOPzilla. Usually, it detects and removes Google redirect virus better than other programs. Just install it and follow the prompts.

Download recommend anti-malware software (STOPzilla) to remove the leftovers of this virus from your computer.

It's possible that an infection is blocking STOPzilla from properly installing. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe. Don't forget to update the installed program before scanning.

Alternate malware removal tools can be used in case STOPzilla has missed a threat:
7. Use CCleaner to remove unnecessary system/temp files and browser cache
CCleaner is a freeware system optimization. It’s not a malware removal tool. However, it’s always a good idea to get rid of unnecessary internet/system files or corrupter Windows registry values that may cause various problems to your computer. Downlaod CCleaner.

8. Reset your Router back to the factory default settings
This step is optional and should be completed only if you have followed all the above recommendations and you still have the redirect virus on your computer. First of all, please follow this guide: How to Reset a Router Back to the Factory Default Settings. Then you should flush DNS cache:

1. Go to Start->Run (or WinKey+R) and type in "cmd" without quotes.


2. In a new window please type "ipconfig /flushdns" without quotes and hit Enter. And that's it!


These recommendations shouldn’t be too complicated. I hope this article was helpful. If you have any questions don’t hesitate and ask. Comments are always welcome.

Share this information with other people: 

No comments:

Post a Comment