Google Redirect Virus

First it needs to be stated that what the users call "Google Redirect Virus does not only affect the Google search engine. The name simply originated because of the high use of Google as a default search engine/home page. The virus affects Yahoo, Bing, Ask, Aol, etc. Thus the virus is kind of generic for all of the search engines mentioned and probably so much more of those that are not as popular. But for the sake of it and popularity of the term in this article I’ll refer to this particular virus as Google Redirect Virus. Thus some reports state the Google Redirect Virus have effected as much as 45.00.000 systems worldwide, which is quite a figure! Get rid of Google Redirect Virus to avoid becoming another number in the statistics.

Where does Google Redirect Virus come from?

Just like a lot of malware these days, Google Redirect Virus is commonly spread in a few different ways. One of the most popular ways would be malicious e-mail attachments. Another way would be a phishing strategy that might be used via social networks e.g. Facebook messaging system. Also there is a possibility to catch Google Redirect Virus by visiting suspicious sites and clicking on dubious pop-up within them. Although not common, it was reported the there is a possibility to get infected by a drive-by-download. Safe browsing habits should be encouraged in order to avoid this parasite. Othervise follow the guide provided in order to delete Google Redirect Virus.

What does Google Redirect Virus do?

The Google Redirect Virus is one of the most annoying, frustrating, and dangerous infections that could hit your system. And so the removal of Google Redirect Virus is recommended. It’s not a simple hijacker as it might seem at the first glance. Google Redirect Virus acts in a different way (yes, it might alter your browser settings, but that is not the core concern) it redirects your search results to a most likely malicious website thus all your search attempts and results will be useless. The websites that a user gets redirected are mostly related to advertisement, a webpage that gathers traffic, or just a malicious site that could expose you to an even more dangerous type of malware. There even might be a website that was created by a cyber criminal that would mimic something that you’re familiar with and it even could look absolutely legit in order to lure your bank account details, social security number, address, login details for various social networks/e-mails etc. These are just few reasons why uninstalling Google Redirect Virus is required! The main reason behind such malware is money, by generating traffic, placing targeted adverts stealing data, someone is making quite a bit of cash. All these malicious activities could leave your system secretly compromised and corner you with the only option: that is reinstalling your entire Windows system. Not to mention that this infection on your system makes all your sensitive data exposed which you certainly don’t want! Don’t hesitate and remove Google Redirect Virus!

Probably the most frustrating trait that Google Redirect Virus possesses is the difficulty of its removal. Not a lot of inexperienced users realize that Google Redirect Virus is actually a rootkit, if infected, those are one of the most difficult ones to entirely remove from the system. Rootkits are a piece of software that is extremely stealthy and are designed to hide certain processes of programs from detection i.e. not all and even the most powerful of AV or Anti-Spyware programs are able to detect it. The malware achieves this by hiding and removing its footprints across the system. It digs deep into the system (could even gain access into kernel) and spreads all around it. By doing so the malware might make itself look like a legit process running in your system. It's really important you complete every step of the guide in order to fully uninstall Google Redirect Virus.

How to remove Google Redirect Virus?

As mentioned above Google Redirect Virus can be really difficult to remove, but the removal is unavoidable. Manual Google Redirect Virus removal requires advanced knowledge of your system. Very few AV/Anti-Spyware programs provide rootkit elimination options thus this should be your number one concern.  You have to remove Google Redirect Virus from your system at any cost, its best that you do it ASAP! Below, I'll provide a detailed manual guide for Google Redirect Virus removal, follow this guide and you will be able to delete Google Redirect Virus once and for all.

Google Redirect Virus removal guide:

Remember that this removal might alter your system thus you should follow all the steps carefully.

1: Making all the files/folders visible

First of you’ll have to make all of the folders within your system visible. You can do so by opening any folder within your system and clicking on Organize, then select Folder and search options. The Folder Options tab will appear click on View and select Show hidden file, folders, and drives.

Screens:

2: Enabling Boot Log

Now click on Windows start button and type run. As the Run command window appears type msconfig and hit enter. The System Configuration window will appear. Click boot in the above section and select Boot log. Apply the changes and reboot your system so these changes can take place.

Screens:


3: Uninstall TDSSserv.sys form the System Configuration

Now we’ll open up the device manager in the same way we opened up System Configurations. Once again click on Windows start button and type in run. In the Run command line type devmgmt.msc and hit enter. Select the view tab on the top section and select show hidden devices. Now expand the non-plug and play drivers, search the list for TDSSserv.sys. Now right click on this entry and uninstall it. Do not reboot your system just yet, continue with the removal.

4: Cleaning the Windows registry

Screens:



The next step will be cleaning up the Windows registry. Once again click on Windows start button and type regedit, then hit enter, the registry editor will appear. The easiest way of removing the registry keys/values will be by clicking on edit and then selecting find. Within the find window type in TDSS. By doing so you should be able to find all the registry entries that the parasite has added/tweaked . Remove all of the registry keys/values that are associated with the TDSS.

5: Removing the TDSSmain.dll file

Screens:


Now we’ll remove the TDSSmain.dll file form that is located in C:WindowsSystem32. Open up the directory and search for the mentioned file and delete it.

Screens:

6: Removing TDSS associated strings from ntbtlog.txt

Now we’ll check ntbtlog.txt for any corrupted files, this is possible because of the second step that we applied during this guide. The ntbtlog.txt is located in the C:Windows  directory. Open up the file and just like cleaning the registry you’ll have to see and find items associated with TDSSserv.sys, most of the time it will carry the TDSS name. So open up the file and in notepad click on edit and select find, in the find section type TDSS and click find. Remove all the associated items with this file form the ntbtlog.txt.

Screens:


Now your system should be clean of the Google Redirect Virus, but running a professional AV/Anti-Spyware program is always recommended as you never know what you have missed while removing Google Redirect Virus manually. 100% FREE spyware scan and
tested removal of Google Redirect Virus*
%LOCALAPPDATA%\Unity
UAC.sys
%LOCALAPPDATA%\Vodafone
%LOCALAPPDATA%\Sonic
%LOCALAPPDATA%\Diagnostics\Dell
%LOCALAPPDATA%\LeaderTech
%LOCALAPPDATA%\Spotify
%LOCALAPPDATA%\Gabest
%LOCALAPPDATA%\MainConcept (Muvee)
%LOCALAPPDATA%\Apple Computer\Ahead
%LOCALAPPDATA%\bProtector
4DW4R3.sys
%LOCALAPPDATA%\Simutronics
%LOCALAPPDATA%\Downloaded Installations\Apple Computer
%LOCALAPPDATA%\VB and VBA Program Settings
4DW4R3.dll
%LOCALAPPDATA%\Akamai
%LOCALAPPDATA%\BitTorrent
%LOCALAPPDATA%\Google
%LOCALAPPDATA%\GNU
%LOCALAPPDATA%\Savings Bond Wizard
%LOCALAPPDATA%\CyberLink\CutePDF Writer
%LOCALAPPDATA%\Babylon\ATI
%UserProfile%\Local Settings\Application Data\Apple Computer\Apple
%LOCALAPPDATA%\Adobe\ActiveState
%LOCALAPPDATA%\Apple
_VOID.sys
%LOCALAPPDATA%\GSpot Appliance Corp
%LOCALAPPDATA%\Mozilla
%LOCALAPPDATA%\Logos4\Google
%LOCALAPPDATA%\IM
NOTEPAD.EXE
xriotabb.dll
%AppData%\???
%LOCALAPPDATA%\RuneScape
wdmaud.sys
uactmp.db
%LOCALAPPDATA%\DeviceVM
%LOCALAPPDATA%\Hewlett-Packard
%LOCALAPPDATA%\Intel
%LOCALAPPDATA%\MFAData\Deployment
%LOCALAPPDATA%\Adobe
%LOCALAPPDATA%\MainBoss
%LOCALAPPDATA%\Logitech
%LOCALAPPDATA%\ScanSoft
%APPDATA%\Bitrix Security
UAC.dll
UAC.db
uacinit.dll
%LOCALAPPDATA%\Macromedia
%LOCALAPPDATA%\Synaptics
%LOCALAPPDATA%\Apple\Ancestry.com
%LOCALAPPDATA%\SupportSoft
%LOCALAPPDATA%\Bodog Poker
%UserProfile%\Local Settings\Application Data\Microsoft
%LOCALAPPDATA%\Snapfish
%LOCALAPPDATA%\NDS
%LOCALAPPDATA%\Move Media Player
%LOCALAPPDATA%\Inbox Toolbar
UAC.tmp
%LOCALAPPDATA%\Google\Apps
%LOCALAPPDATA%\Blizzard Entertainment
%LOCALAPPDATA%\RealNetworks
%LOCALAPPDATA%\WinRAR SFX
%LOCALAPPDATA%\Corel
%LOCALAPPDATA%\Sony Corporation
%LOCALAPPDATA%\LogMeIn
%LOCALAPPDATA%\Avg2013\AVG Secure Search
%LOCALAPPDATA%\Flux
%LOCALAPPDATA%\Macrovision
%LOCALAPPDATA%\JavaSoft
%LOCALAPPDATA%\AVS4YOU
%UserProfile%\Local Settings\Application Data\RealNetworks
_VOID.dat
%LOCALAPPDATA%\Affinix
%LOCALAPPDATA%\APN\Adobe
%LOCALAPPDATA%\Microsoft Games\Google
%LOCALAPPDATA%\Adobe\Acer
%LOCALAPPDATA%\IADirectShow
%LOCALAPPDATA%\Motive
%LOCALAPPDATA%\ClassesB
%LOCALAPPDATA%\Comical
%LOCALAPPDATA%\Ahead
%LOCALAPPDATA%\Conduit\Babylon
%LOCALAPPDATA%\Paint.NET
%LOCALAPPDATA%\Apps\APN
4DW4R3sv.dat
%LOCALAPPDATA%\Dell
%LOCALAPPDATA%\Highway
%LOCALAPPDATA%\Dell\Adobe
%LOCALAPPDATA%\assembly\Adobe
%LOCALAPPDATA%\Askcom
%LOCALAPPDATA%\Softonic
%LOCALAPPDATA%\EasyBits
%LOCALAPPDATA%\Realtek
4DW4R3c.dll
%LOCALAPPDATA%\ArcSoft\Apple
%LOCALAPPDATA%\FreeCDRIP
%LOCALAPPDATA%\Diagnostics\Apple Computer
%LOCALAPPDATA%\Bitberry
%LOCALAPPDATA%\Foxit Software
%LOCALAPPDATA%\PTP
%LOCALAPPDATA%\AhnLab
%LOCALAPPDATA%\Apple Computer\Apple
%UserProfile%\Local Settings\Application Data\Netscape
%LOCALAPPDATA%\Tibo Software
%LOCALAPPDATA%\Valve
%LOCALAPPDATA%\MainConcept (Adobe2)
%LOCALAPPDATA%\HP
%LOCALAPPDATA%\ProtectStar
%LOCALAPPDATA%\Apple Computer
%LOCALAPPDATA%\Apps\Adobe
%LOCALAPPDATA%\Search Settings
_VOID.tmp
%LOCALAPPDATA%\Red Storm Entertainment
%LOCALAPPDATA%\Conduit\Adobe
%LOCALAPPDATA%\CrashDumps\Apps
%LOCALAPPDATA%\Enterbrain
%LOCALAPPDATA%\LDM
%LOCALAPPDATA%\SSPrint
%AppData%\????
_VOIDmainqt.dll
%LOCALAPPDATA%\NPE\Microsoft Help
%LOCALAPPDATA%\Apple\Adobe
%LOCALAPPDATA%\Conduit\Avg2013
%LOCALAPPDATA%\Apple\AOL
%LOCALAPPDATA%\Lenovo
_VOID.dll
%LOCALAPPDATA%\Aimersoft\Adobe
%LOCALAPPDATA%\Widcomm
%LOCALAPPDATA%\McAfee Personal Vault
%LOCALAPPDATA%\Downloaded Installations\Dell Edoc Viewer
%AppData%\??????
%LOCALAPPDATA%\Apple Computer\Adobe
%LOCALAPPDATA%\Intuit
%LOCALAPPDATA%\Winferno
%LOCALAPPDATA%\Chromium\Apple Computer
%LOCALAPPDATA%\Amazon
%LOCALAPPDATA%\Roxio
%LOCALAPPDATA%\MainConcept
%LOCALAPPDATA%\7-Zip
%AppData%\?????
%LOCALAPPDATA%\CyberLink
%LOCALAPPDATA%\AIM\Adobe
%LOCALAPPDATA%\DataMngr
%LOCALAPPDATA%\Ask.com
%LOCALAPPDATA%\VidSoft
%LOCALAPPDATA%\NVIDIA Corporation
%LOCALAPPDATA%\ATI\Adobe
KBDSL1B.dll
kbd101V.dll
_VOIDtmp
%LOCALAPPDATA%\DT Soft
UAC.dat
%LOCALAPPDATA%\AIM Toolbar
%LOCALAPPDATA%\AlwaysNeat\Adobe
%LOCALAPPDATA%\CamfrogWEB
%LOCALAPPDATA%\Full Tilt Poker
msdeltam.dll
%LOCALAPPDATA%\Microsoft
%LOCALAPPDATA%\Nico Mak Computing
%LOCALAPPDATA%\VirtualDJ
%LOCALAPPDATA%\SpeedyPC Software
%LOCALAPPDATA%\Zugo
%LOCALAPPDATA%\Tific
%LOCALAPPDATA%\SkypeRS
%LOCALAPPDATA%\Netscape

Leave a Comment

Enter the numbers in the box to the right *