Google Redirect Virus

What is Google Redirect Virus?

Is your computer corrupted by the infamous Google Redirect Virus? If “yes” – you have no time to waste as the malicious infection needs to be removed as soon as possible. Despite the urgency of the task, there are a few important things you should know. First of all, we should define the infection that is corrupting your PC. Contrary to the popular belief, the “Virus” actually deserves a category of a rootkit or a Trojan. This is due to the fact that the infection runs using rootkit functionality which may make it impossible for you to discover and delete Google Redirect Virus in time. Furthermore, just like a Trojan, this “virus” does not distribute itself, and schemers use tried-and-tested security gaps and loopholes which help infiltrate malicious files without your acknowledgement.

How I got Google Redirect Virus

One more myth that has to be broken is that Google Redirect Virus is represented through Google rerouting only. In the wild the infections has been noticed to affect browsing via Bing and Yahoo as well. Regardless of the popular name, the rootkit is also known by multiple other names, including Trojan.TDSS, W32.Tidserv or Trojan:Win32/Alureon. Needless to say, different names do not mean that the infection acts differently, as it has been created to collect private information, spy on browsing habits, reroute to malicious sites and produce misleading advertisement. Unfortunately, the infection can also disrupt the running of your operating Windows system, you may notice decreased running speeds, inability to run certain programs or access computer security websites, as the Trojan can also filter search results. Additionally, the infection alters DNS settings.

It has been reported that FBI shut down the servers, through which Google Redirect Virus was controlled, back in July of 2012. Despite this, it could be a matter of time when the infection shows up again, which is why you should take appropriate measures to protect your PC. Please use the manual removal instructions below to delete malware and restore the functionality of your PC.

Manual (Free) Google Redirect Virus Removal

Modify proxy settings

Internet Explorer:

  1. Click on Tools and select Internet Options.
  2. Click on the Connections tab.
  3. Now click on LAN settings button.
  4. Uncheck the box found under the Proxy Server and hit OK.

Mozilla Firefox:

  1. Click on Tools and select Options.
  2. Find and click on the Advanced tab.
  3. Click on the Network tab and then Settings.
  4. Now click on Manual Proxy Configuration and enter required information. Hit OK.
  5. Click OK in the Options windows.

Google Chrome:

  1. Click on the “wrench” icon on the left hand-side.
  2. Select Settings from the menu.
  3. Scroll to the bottom and click Show advanced settings.
  4. Click on Network and hit the Change proxy settings button.
  5. Click on LAN settings under the Connections tab.
  6. Uncheck the box under Proxy server and apply your changes.

Modify TCP/IP settings

Windows XP:

  1. Open the Start menu and click on Control Panel.
  2. Double-click on Network Connections.
  3. Now double-click on Local Area Connection.
  4. Click on Properties.
  5. Select Internet Protocol (TCP/IP) and click Properties again.
  6. Make sure that “Obtain an IP address automatically” and “Obtain DNS server address automatically” are chosen and click OK.

Windows 7:

  1. Click on the Control Panel found within the Start menu.
  2. Search “adapter” and click View network connections under the Network and Sharing Center.
  3. Right-click on the connection you want to change and click on Properties.
  4. Under the Networking tab select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and click on Properties again.
  5. Make sure that “Obtain an IP address automatically” and “Obtain DNS server address automatically” are chosen. Hit OK.

Windows Vista:

  1. Start menu -> Control Panel.
  2. Network and Internet -> Network and Sharing Center -> Manage network connections.
  3. Right-click on the chosen connection and hit the Properties button.
  4. Click on the Networking tab.
  5. Select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6).
  6. Click on Properties.
  7. Ensure both “Obtain an IP address automatically” and “Obtain DNS server address automatically” are chosen. Press OK.

Modify Windows Host File

  1. Double-click on the “hosts” file under C:\Windows\system32\drivers\etc.
  2. Choose to open it with Notepad.
  3. Make sure the only existing line beneath the Copyright message is “127.0.0.1 localhost” or “::1”; otherwise, remove the additional lines and save the changes.

Manage browser add-ons

Internet Explorer:

  1. Click on Tools and select Manage Add-ons.
  2. Go to Enable or Disable Add-ons.
  3. Select Downloaded ActiveX Controls under the Show.
  4. Remove suspicious add-ons.

Mozilla Firefox:

  1. Click on Tools and select Add-ons.
  2. Add-ons Manager will show up in a new tab.
  3. Click on Extensions found in the menu on your right.
  4. Remove those add-ons which raise suspicion.

Google Chrome:

  1. Locate the three bar icon on your right and click on it.
  2. Click on Tools.
  3. Select Extensions from the expanded menu.
  4. Remove illegal, unauthorized or unwanted extensions.

Automatic Google Redirect Virus removal

Once you complete the manual removal instructions, you should download a computer scanner to check if all malicious programs have been deleted from the computer successfully. Since this particular application has rootkit functionality, manual removal may be insufficient. Automatic removal software not only can delete Google Redirect Virus but can also guard your operating Windows system against schemers’ attacks in the future. Download a reliable and legitimate virus removal tool HERE.

QR Code 100% FREE spyware scan and
tested removal of Google Redirect Virus *

Remove these Google Redirect Virus Files:

%AppData%\????
%LOCALAPPDATA%\Widcomm
%LOCALAPPDATA%\Babylon\ATI
%LOCALAPPDATA%\Spotify
%LOCALAPPDATA%\Corel
4DW4R3sv.dat
%LOCALAPPDATA%\Avg2013\AVG Secure Search
%LOCALAPPDATA%\Apple Computer\Ahead
%LOCALAPPDATA%\Adobe\Acer
%UserProfile%\Local Settings\Application Data\RealNetworks
%LOCALAPPDATA%\Apple\AOL
%LOCALAPPDATA%\DT Soft
%LOCALAPPDATA%\Highway
%LOCALAPPDATA%\Paint.NET
%LOCALAPPDATA%\RealNetworks
%LOCALAPPDATA%\Hewlett-Packard
%LOCALAPPDATA%\bProtector
%LOCALAPPDATA%\Apple\Ancestry.com
%LOCALAPPDATA%\Apple Computer\Apple
%LOCALAPPDATA%\MFAData\Deployment
%LOCALAPPDATA%\Sony Corporation
_VOID.dat
%LOCALAPPDATA%\Roxio
%LOCALAPPDATA%\AlwaysNeat\Adobe
%LOCALAPPDATA%\Conduit\Babylon
%LOCALAPPDATA%\GNU
%LOCALAPPDATA%\Bitberry
%LOCALAPPDATA%\VidSoft
%LOCALAPPDATA%\Tific
%LOCALAPPDATA%\MainConcept
%LOCALAPPDATA%\Intel
%LOCALAPPDATA%\CrashDumps\Apps
%LOCALAPPDATA%\WinRAR SFX
%LOCALAPPDATA%\SSPrint
%LOCALAPPDATA%\Apple
%LOCALAPPDATA%\ProtectStar
UAC.tmp
%LOCALAPPDATA%\LogMeIn
%LOCALAPPDATA%\AVS4YOU
%LOCALAPPDATA%\Bodog Poker
%LOCALAPPDATA%\Flux
%LOCALAPPDATA%\BitTorrent
%LOCALAPPDATA%\MainConcept (Muvee)
%APPDATA%\Bitrix Security
%LOCALAPPDATA%\Macromedia
%LOCALAPPDATA%\Macrovision
%LOCALAPPDATA%\Akamai
_VOID.sys
%LOCALAPPDATA%\Foxit Software
%LOCALAPPDATA%\Apps\Adobe
%LOCALAPPDATA%\JavaSoft
%UserProfile%\Local Settings\Application Data\Netscape
%LOCALAPPDATA%\7-Zip
%LOCALAPPDATA%\IM
%LOCALAPPDATA%\MainConcept (Adobe2)
%LOCALAPPDATA%\Logos4\Google
%LOCALAPPDATA%\Zugo
%LOCALAPPDATA%\NVIDIA Corporation
%LOCALAPPDATA%\PTP
4DW4R3.dll
%LOCALAPPDATA%\SupportSoft
_VOID.tmp
_VOIDmainqt.dll
%LOCALAPPDATA%\Sonic
%LOCALAPPDATA%\Microsoft
%LOCALAPPDATA%\Inbox Toolbar
%LOCALAPPDATA%\Lenovo
%LOCALAPPDATA%\AhnLab
%LOCALAPPDATA%\AIM\Adobe
%LOCALAPPDATA%\ATI\Adobe
4DW4R3c.dll
%LOCALAPPDATA%\Tibo Software
%LOCALAPPDATA%\Aimersoft\Adobe
%LOCALAPPDATA%\ScanSoft
%LOCALAPPDATA%\Mozilla
%LOCALAPPDATA%\Simutronics
%LOCALAPPDATA%\CyberLink\CutePDF Writer
%AppData%\?????
kbd101V.dll
%LOCALAPPDATA%\SpeedyPC Software
%LOCALAPPDATA%\Full Tilt Poker
%LOCALAPPDATA%\CamfrogWEB
%LOCALAPPDATA%\GSpot Appliance Corp
UAC.dat
%LOCALAPPDATA%\Apple\Adobe
%LOCALAPPDATA%\Move Media Player
%LOCALAPPDATA%\AIM Toolbar
NOTEPAD.EXE
UAC.sys
%LOCALAPPDATA%\MainBoss
KBDSL1B.dll
%LOCALAPPDATA%\Chromium\Apple Computer
%LOCALAPPDATA%\Apple Computer
%LOCALAPPDATA%\Adobe
%LOCALAPPDATA%\Apple Computer\Adobe
%LOCALAPPDATA%\NPE\Microsoft Help
%LOCALAPPDATA%\Microsoft Games\Google
%LOCALAPPDATA%\NDS
%LOCALAPPDATA%\Dell\Adobe
%LOCALAPPDATA%\SkypeRS
%LOCALAPPDATA%\FreeCDRIP
%LOCALAPPDATA%\Ask.com
%LOCALAPPDATA%\Intuit
%LOCALAPPDATA%\Netscape
%LOCALAPPDATA%\Downloaded Installations\Dell Edoc Viewer
%LOCALAPPDATA%\Askcom
%LOCALAPPDATA%\assembly\Adobe
uacinit.dll
%LOCALAPPDATA%\Apps\APN
%LOCALAPPDATA%\Logitech
%LOCALAPPDATA%\VB and VBA Program Settings
%LOCALAPPDATA%\EasyBits
%AppData%\??????
%LOCALAPPDATA%\McAfee Personal Vault
%LOCALAPPDATA%\Ahead
%AppData%\???
%LOCALAPPDATA%\Softonic
%UserProfile%\Local Settings\Application Data\Apple Computer\Apple
%LOCALAPPDATA%\Amazon
msdeltam.dll
%LOCALAPPDATA%\Google\Apps
%LOCALAPPDATA%\DataMngr
%LOCALAPPDATA%\RuneScape
%LOCALAPPDATA%\ArcSoft\Apple
%LOCALAPPDATA%\Snapfish
%LOCALAPPDATA%\Realtek
%LOCALAPPDATA%\Dell
%LOCALAPPDATA%\Unity
4DW4R3.sys
UAC.db
%LOCALAPPDATA%\Google
%LOCALAPPDATA%\Diagnostics\Dell
%LOCALAPPDATA%\Synaptics
%LOCALAPPDATA%\LDM
%LOCALAPPDATA%\IADirectShow
%LOCALAPPDATA%\Gabest
%LOCALAPPDATA%\Valve
%LOCALAPPDATA%\Diagnostics\Apple Computer
%LOCALAPPDATA%\Red Storm Entertainment
%LOCALAPPDATA%\APN\Adobe
%LOCALAPPDATA%\Downloaded Installations\Apple Computer
%LOCALAPPDATA%\CyberLink
%LOCALAPPDATA%\Conduit\Adobe
%LOCALAPPDATA%\LeaderTech
%LOCALAPPDATA%\VirtualDJ
_VOIDtmp
%LOCALAPPDATA%\DeviceVM
uactmp.db
%LOCALAPPDATA%\Nico Mak Computing
%LOCALAPPDATA%\Search Settings
%LOCALAPPDATA%\Affinix
%LOCALAPPDATA%\Enterbrain
_VOID.dll
%LOCALAPPDATA%\Savings Bond Wizard
%LOCALAPPDATA%\HP
%LOCALAPPDATA%\Comical
wdmaud.sys
%LOCALAPPDATA%\Blizzard Entertainment
%LOCALAPPDATA%\Winferno
xriotabb.dll
%UserProfile%\Local Settings\Application Data\Microsoft
%LOCALAPPDATA%\Vodafone
%LOCALAPPDATA%\Conduit\Avg2013
%LOCALAPPDATA%\Motive
%LOCALAPPDATA%\ClassesB
%LOCALAPPDATA%\Adobe\ActiveState
UAC.dll
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *