Google Redirect Virus

First it needs to be stated that what the users call "Google Redirect Virus does not only affect the Google search engine. The name simply originated because of the high use of Google as a default search engine/home page. The virus affects Yahoo, Bing, Ask, Aol, etc. Thus the virus is kind of generic for all of the search engines mentioned and probably so much more of those that are not as popular. But for the sake of it and popularity of the term in this article I’ll refer to this particular virus as Google Redirect Virus. Thus some reports state the Google Redirect Virus have effected as much as 45.00.000 systems worldwide, which is quite a figure! Get rid of Google Redirect Virus to avoid becoming another number in the statistics.

Where does Google Redirect Virus come from?

Just like a lot of malware these days, Google Redirect Virus is commonly spread in a few different ways. One of the most popular ways would be malicious e-mail attachments. Another way would be a phishing strategy that might be used via social networks e.g. Facebook messaging system. Also there is a possibility to catch Google Redirect Virus by visiting suspicious sites and clicking on dubious pop-up within them. Although not common, it was reported the there is a possibility to get infected by a drive-by-download. Safe browsing habits should be encouraged in order to avoid this parasite. Othervise follow the guide provided in order to delete Google Redirect Virus.

What does Google Redirect Virus do?

The Google Redirect Virus is one of the most annoying, frustrating, and dangerous infections that could hit your system. And so the removal of Google Redirect Virus is recommended. It’s not a simple hijacker as it might seem at the first glance. Google Redirect Virus acts in a different way (yes, it might alter your browser settings, but that is not the core concern) it redirects your search results to a most likely malicious website thus all your search attempts and results will be useless. The websites that a user gets redirected are mostly related to advertisement, a webpage that gathers traffic, or just a malicious site that could expose you to an even more dangerous type of malware. There even might be a website that was created by a cyber criminal that would mimic something that you’re familiar with and it even could look absolutely legit in order to lure your bank account details, social security number, address, login details for various social networks/e-mails etc. These are just few reasons why uninstalling Google Redirect Virus is required! The main reason behind such malware is money, by generating traffic, placing targeted adverts stealing data, someone is making quite a bit of cash. All these malicious activities could leave your system secretly compromised and corner you with the only option: that is reinstalling your entire Windows system. Not to mention that this infection on your system makes all your sensitive data exposed which you certainly don’t want! Don’t hesitate and remove Google Redirect Virus!

Probably the most frustrating trait that Google Redirect Virus possesses is the difficulty of its removal. Not a lot of inexperienced users realize that Google Redirect Virus is actually a rootkit, if infected, those are one of the most difficult ones to entirely remove from the system. Rootkits are a piece of software that is extremely stealthy and are designed to hide certain processes of programs from detection i.e. not all and even the most powerful of AV or Anti-Spyware programs are able to detect it. The malware achieves this by hiding and removing its footprints across the system. It digs deep into the system (could even gain access into kernel) and spreads all around it. By doing so the malware might make itself look like a legit process running in your system. It's really important you complete every step of the guide in order to fully uninstall Google Redirect Virus.

How to remove Google Redirect Virus?

As mentioned above Google Redirect Virus can be really difficult to remove, but the removal is unavoidable. Manual Google Redirect Virus removal requires advanced knowledge of your system. Very few AV/Anti-Spyware programs provide rootkit elimination options thus this should be your number one concern.  You have to remove Google Redirect Virus from your system at any cost, its best that you do it ASAP! Below, I'll provide a detailed manual guide for Google Redirect Virus removal, follow this guide and you will be able to delete Google Redirect Virus once and for all.

Google Redirect Virus removal guide:

Remember that this removal might alter your system thus you should follow all the steps carefully.

1: Making all the files/folders visible

First of you’ll have to make all of the folders within your system visible. You can do so by opening any folder within your system and clicking on Organize, then select Folder and search options. The Folder Options tab will appear click on View and select Show hidden file, folders, and drives.

Screens:

2: Enabling Boot Log

Now click on Windows start button and type run. As the Run command window appears type msconfig and hit enter. The System Configuration window will appear. Click boot in the above section and select Boot log. Apply the changes and reboot your system so these changes can take place.

Screens:


3: Uninstall TDSSserv.sys form the System Configuration

Now we’ll open up the device manager in the same way we opened up System Configurations. Once again click on Windows start button and type in run. In the Run command line type devmgmt.msc and hit enter. Select the view tab on the top section and select show hidden devices. Now expand the non-plug and play drivers, search the list for TDSSserv.sys. Now right click on this entry and uninstall it. Do not reboot your system just yet, continue with the removal.

4: Cleaning the Windows registry

Screens:



The next step will be cleaning up the Windows registry. Once again click on Windows start button and type regedit, then hit enter, the registry editor will appear. The easiest way of removing the registry keys/values will be by clicking on edit and then selecting find. Within the find window type in TDSS. By doing so you should be able to find all the registry entries that the parasite has added/tweaked . Remove all of the registry keys/values that are associated with the TDSS.

5: Removing the TDSSmain.dll file

Screens:


Now we’ll remove the TDSSmain.dll file form that is located in C:WindowsSystem32. Open up the directory and search for the mentioned file and delete it.

Screens:

6: Removing TDSS associated strings from ntbtlog.txt

Now we’ll check ntbtlog.txt for any corrupted files, this is possible because of the second step that we applied during this guide. The ntbtlog.txt is located in the C:Windows  directory. Open up the file and just like cleaning the registry you’ll have to see and find items associated with TDSSserv.sys, most of the time it will carry the TDSS name. So open up the file and in notepad click on edit and select find, in the find section type TDSS and click find. Remove all the associated items with this file form the ntbtlog.txt.

Screens:


Now your system should be clean of the Google Redirect Virus, but running a professional AV/Anti-Spyware program is always recommended as you never know what you have missed while removing Google Redirect Virus manually. 100% FREE spyware scan and
tested removal of Google Redirect Virus*
%LOCALAPPDATA%\Vodafone
%LOCALAPPDATA%\Apps\Adobe
%LOCALAPPDATA%\AhnLab
%LOCALAPPDATA%\AlwaysNeat\Adobe
%LOCALAPPDATA%\APN\Adobe
%LOCALAPPDATA%\ProtectStar
%LOCALAPPDATA%\Google\Apps
%LOCALAPPDATA%\Paint.NET
%LOCALAPPDATA%\Adobe\Acer
%LOCALAPPDATA%\Bitberry
%LOCALAPPDATA%\Conduit\Adobe
%LOCALAPPDATA%\Affinix
%LOCALAPPDATA%\JavaSoft
%LOCALAPPDATA%\Nico Mak Computing
%LOCALAPPDATA%\Apps\APN
%LOCALAPPDATA%\ArcSoft\Apple
NOTEPAD.EXE
msdeltam.dll
%LOCALAPPDATA%\Highway
_VOID.dat
xriotabb.dll
%LOCALAPPDATA%\SupportSoft
%LOCALAPPDATA%\FreeCDRIP
%LOCALAPPDATA%\ScanSoft
%LOCALAPPDATA%\Adobe\ActiveState
%LOCALAPPDATA%\Zugo
%UserProfile%\Local Settings\Application Data\RealNetworks
_VOID.dll
%LOCALAPPDATA%\Apple
%LOCALAPPDATA%\Synaptics
%LOCALAPPDATA%\Babylon\ATI
%LOCALAPPDATA%\Logitech
%LOCALAPPDATA%\Move Media Player
%LOCALAPPDATA%\Ahead
UAC.sys
%LOCALAPPDATA%\Flux
%LOCALAPPDATA%\IADirectShow
%LOCALAPPDATA%\Diagnostics\Dell
%LOCALAPPDATA%\AIM\Adobe
%LOCALAPPDATA%\CyberLink\CutePDF Writer
%LOCALAPPDATA%\Microsoft Games\Google
%LOCALAPPDATA%\Sonic
%LOCALAPPDATA%\Softonic
%LOCALAPPDATA%\Apple\Adobe
%LOCALAPPDATA%\Conduit\Avg2013
%AppData%\?????
%LOCALAPPDATA%\Valve
KBDSL1B.dll
%LOCALAPPDATA%\VB and VBA Program Settings
%LOCALAPPDATA%\LogMeIn
4DW4R3sv.dat
%LOCALAPPDATA%\Akamai
%LOCALAPPDATA%\Apple\AOL
%LOCALAPPDATA%\Conduit\Babylon
%LOCALAPPDATA%\PTP
%LOCALAPPDATA%\Downloaded Installations\Dell Edoc Viewer
%LOCALAPPDATA%\Apple Computer\Apple
%LOCALAPPDATA%\ATI\Adobe
%LOCALAPPDATA%\Red Storm Entertainment
%LOCALAPPDATA%\MainBoss
4DW4R3c.dll
%LOCALAPPDATA%\Blizzard Entertainment
%LOCALAPPDATA%\SkypeRS
%LOCALAPPDATA%\Tific
uactmp.db
%LOCALAPPDATA%\Apple Computer
%LOCALAPPDATA%\Dell
%LOCALAPPDATA%\Search Settings
%LOCALAPPDATA%\GSpot Appliance Corp
%LOCALAPPDATA%\Comical
%LOCALAPPDATA%\IM
%LOCALAPPDATA%\NVIDIA Corporation
%LOCALAPPDATA%\Inbox Toolbar
%LOCALAPPDATA%\Aimersoft\Adobe
%LOCALAPPDATA%\Logos4\Google
UAC.dll
%LOCALAPPDATA%\Mozilla
%LOCALAPPDATA%\DeviceVM
%LOCALAPPDATA%\NDS
_VOIDtmp
_VOID.tmp
%LOCALAPPDATA%\Gabest
%LOCALAPPDATA%\WinRAR SFX
%APPDATA%\Bitrix Security
%LOCALAPPDATA%\Intuit
%LOCALAPPDATA%\Enterbrain
%LOCALAPPDATA%\Snapfish
%LOCALAPPDATA%\ClassesB
%LOCALAPPDATA%\Downloaded Installations\Apple Computer
%LOCALAPPDATA%\Foxit Software
%LOCALAPPDATA%\AIM Toolbar
%LOCALAPPDATA%\BitTorrent
%LOCALAPPDATA%\DT Soft
%LOCALAPPDATA%\Savings Bond Wizard
%LOCALAPPDATA%\Spotify
%LOCALAPPDATA%\HP
%LOCALAPPDATA%\Macromedia
_VOIDmainqt.dll
%LOCALAPPDATA%\7-Zip
%LOCALAPPDATA%\Chromium\Apple Computer
%LOCALAPPDATA%\CamfrogWEB
%LOCALAPPDATA%\McAfee Personal Vault
%LOCALAPPDATA%\Tibo Software
%LOCALAPPDATA%\LeaderTech
%LOCALAPPDATA%\Adobe
%LOCALAPPDATA%\Corel
%AppData%\????
%LOCALAPPDATA%\EasyBits
%LOCALAPPDATA%\CrashDumps\Apps
%LOCALAPPDATA%\Macrovision
%LOCALAPPDATA%\MainConcept
kbd101V.dll
UAC.tmp
%LOCALAPPDATA%\NPE\Microsoft Help
%LOCALAPPDATA%\Simutronics
%LOCALAPPDATA%\Realtek
%LOCALAPPDATA%\MainConcept (Muvee)
%LOCALAPPDATA%\MFAData\Deployment
%UserProfile%\Local Settings\Application Data\Apple Computer\Apple
%LOCALAPPDATA%\Roxio
%LOCALAPPDATA%\bProtector
%AppData%\??????
_VOID.sys
%LOCALAPPDATA%\Askcom
%LOCALAPPDATA%\Sony Corporation
%LOCALAPPDATA%\CyberLink
uacinit.dll
%LOCALAPPDATA%\LDM
%LOCALAPPDATA%\Bodog Poker
%LOCALAPPDATA%\Full Tilt Poker
%LOCALAPPDATA%\VirtualDJ
%LOCALAPPDATA%\Apple Computer\Adobe
%AppData%\???
%LOCALAPPDATA%\RuneScape
%LOCALAPPDATA%\Dell\Adobe
%LOCALAPPDATA%\Motive
%LOCALAPPDATA%\Winferno
%LOCALAPPDATA%\Hewlett-Packard
%LOCALAPPDATA%\Google
%LOCALAPPDATA%\Avg2013\AVG Secure Search
%LOCALAPPDATA%\AVS4YOU
%LOCALAPPDATA%\MainConcept (Adobe2)
4DW4R3.dll
wdmaud.sys
%LOCALAPPDATA%\Lenovo
%LOCALAPPDATA%\Netscape
%LOCALAPPDATA%\Apple\Ancestry.com
%LOCALAPPDATA%\Amazon
%LOCALAPPDATA%\VidSoft
%LOCALAPPDATA%\SpeedyPC Software
%LOCALAPPDATA%\assembly\Adobe
%LOCALAPPDATA%\RealNetworks
%LOCALAPPDATA%\Diagnostics\Apple Computer
%LOCALAPPDATA%\Unity
%LOCALAPPDATA%\Apple Computer\Ahead
%LOCALAPPDATA%\Widcomm
%LOCALAPPDATA%\Ask.com
%UserProfile%\Local Settings\Application Data\Netscape
%LOCALAPPDATA%\Intel
%LOCALAPPDATA%\DataMngr
%LOCALAPPDATA%\GNU
%LOCALAPPDATA%\Microsoft
UAC.dat
%UserProfile%\Local Settings\Application Data\Microsoft
4DW4R3.sys
UAC.db
%LOCALAPPDATA%\SSPrint

Leave a Comment

Enter the numbers in the box to the right *