Google Redirect Virus

What is Google Redirect Virus?

Is your computer corrupted by the infamous Google Redirect Virus? If “yes” – you have no time to waste as the malicious infection needs to be removed as soon as possible. Despite the urgency of the task, there are a few important things you should know. First of all, we should define the infection that is corrupting your PC. Contrary to the popular belief, the “Virus” actually deserves a category of a rootkit or a Trojan. This is due to the fact that the infection runs using rootkit functionality which may make it impossible for you to discover and delete Google Redirect Virus in time. Furthermore, just like a Trojan, this “virus” does not distribute itself, and schemers use tried-and-tested security gaps and loopholes which help infiltrate malicious files without your acknowledgement.

How I got Google Redirect Virus

One more myth that has to be broken is that Google Redirect Virus is represented through Google rerouting only. In the wild the infections has been noticed to affect browsing via Bing and Yahoo as well. Regardless of the popular name, the rootkit is also known by multiple other names, including Trojan.TDSS, W32.Tidserv or Trojan:Win32/Alureon. Needless to say, different names do not mean that the infection acts differently, as it has been created to collect private information, spy on browsing habits, reroute to malicious sites and produce misleading advertisement. Unfortunately, the infection can also disrupt the running of your operating Windows system, you may notice decreased running speeds, inability to run certain programs or access computer security websites, as the Trojan can also filter search results. Additionally, the infection alters DNS settings.

It has been reported that FBI shut down the servers, through which Google Redirect Virus was controlled, back in July of 2012. Despite this, it could be a matter of time when the infection shows up again, which is why you should take appropriate measures to protect your PC. Please use the manual removal instructions below to delete malware and restore the functionality of your PC.

Manual (Free) Google Redirect Virus Removal

Modify proxy settings

Internet Explorer:

  1. Click on Tools and select Internet Options.
  2. Click on the Connections tab.
  3. Now click on LAN settings button.
  4. Uncheck the box found under the Proxy Server and hit OK.

Mozilla Firefox:

  1. Click on Tools and select Options.
  2. Find and click on the Advanced tab.
  3. Click on the Network tab and then Settings.
  4. Now click on Manual Proxy Configuration and enter required information. Hit OK.
  5. Click OK in the Options windows.

Google Chrome:

  1. Click on the “wrench” icon on the left hand-side.
  2. Select Settings from the menu.
  3. Scroll to the bottom and click Show advanced settings.
  4. Click on Network and hit the Change proxy settings button.
  5. Click on LAN settings under the Connections tab.
  6. Uncheck the box under Proxy server and apply your changes.

Modify TCP/IP settings

Windows XP:

  1. Open the Start menu and click on Control Panel.
  2. Double-click on Network Connections.
  3. Now double-click on Local Area Connection.
  4. Click on Properties.
  5. Select Internet Protocol (TCP/IP) and click Properties again.
  6. Make sure that “Obtain an IP address automatically” and “Obtain DNS server address automatically” are chosen and click OK.

Windows 7:

  1. Click on the Control Panel found within the Start menu.
  2. Search “adapter” and click View network connections under the Network and Sharing Center.
  3. Right-click on the connection you want to change and click on Properties.
  4. Under the Networking tab select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and click on Properties again.
  5. Make sure that “Obtain an IP address automatically” and “Obtain DNS server address automatically” are chosen. Hit OK.

Windows Vista:

  1. Start menu -> Control Panel.
  2. Network and Internet -> Network and Sharing Center -> Manage network connections.
  3. Right-click on the chosen connection and hit the Properties button.
  4. Click on the Networking tab.
  5. Select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6).
  6. Click on Properties.
  7. Ensure both “Obtain an IP address automatically” and “Obtain DNS server address automatically” are chosen. Press OK.

Modify Windows Host File

  1. Double-click on the “hosts” file under C:\Windows\system32\drivers\etc.
  2. Choose to open it with Notepad.
  3. Make sure the only existing line beneath the Copyright message is “127.0.0.1 localhost” or “::1”; otherwise, remove the additional lines and save the changes.

Manage browser add-ons

Internet Explorer:

  1. Click on Tools and select Manage Add-ons.
  2. Go to Enable or Disable Add-ons.
  3. Select Downloaded ActiveX Controls under the Show.
  4. Remove suspicious add-ons.

Mozilla Firefox:

  1. Click on Tools and select Add-ons.
  2. Add-ons Manager will show up in a new tab.
  3. Click on Extensions found in the menu on your right.
  4. Remove those add-ons which raise suspicion.

Google Chrome:

  1. Locate the three bar icon on your right and click on it.
  2. Click on Tools.
  3. Select Extensions from the expanded menu.
  4. Remove illegal, unauthorized or unwanted extensions.

Automatic Google Redirect Virus removal

Once you complete the manual removal instructions, you should download a computer scanner to check if all malicious programs have been deleted from the computer successfully. Since this particular application has rootkit functionality, manual removal may be insufficient. Automatic removal software not only can delete Google Redirect Virus but can also guard your operating Windows system against schemers’ attacks in the future. Download a reliable and legitimate virus removal tool HERE.

QR Code 100% FREE spyware scan and
tested removal of Google Redirect Virus *

Remove these Google Redirect Virus Files:

%LOCALAPPDATA%\Adobe
UAC.dll
%LOCALAPPDATA%\Conduit\Babylon
%LOCALAPPDATA%\LogMeIn
%LOCALAPPDATA%\VB and VBA Program Settings
%LOCALAPPDATA%\Gabest
%LOCALAPPDATA%\BitTorrent
%LOCALAPPDATA%\Realtek
%LOCALAPPDATA%\SkypeRS
_VOID.tmp
%LOCALAPPDATA%\Vodafone
%LOCALAPPDATA%\bProtector
%LOCALAPPDATA%\CamfrogWEB
%LOCALAPPDATA%\MFAData\Deployment
%LOCALAPPDATA%\Logitech
%LOCALAPPDATA%\assembly\Adobe
%LOCALAPPDATA%\Downloaded Installations\Apple Computer
%LOCALAPPDATA%\Simutronics
%LOCALAPPDATA%\Conduit\Avg2013
%LOCALAPPDATA%\Microsoft
%LOCALAPPDATA%\Netscape
%LOCALAPPDATA%\Paint.NET
%LOCALAPPDATA%\Microsoft Games\Google
%LOCALAPPDATA%\AIM Toolbar
%LOCALAPPDATA%\IM
%LOCALAPPDATA%\Tific
%LOCALAPPDATA%\Zugo
xriotabb.dll
%LOCALAPPDATA%\Snapfish
KBDSL1B.dll
_VOID.sys
%LOCALAPPDATA%\Apple Computer
%LOCALAPPDATA%\Comical
%LOCALAPPDATA%\Apple
%LOCALAPPDATA%\Google
%LOCALAPPDATA%\Diagnostics\Apple Computer
%LOCALAPPDATA%\Intel
%LOCALAPPDATA%\SpeedyPC Software
%LOCALAPPDATA%\Adobe\Acer
%LOCALAPPDATA%\NVIDIA Corporation
%AppData%\??????
%LOCALAPPDATA%\GSpot Appliance Corp
UAC.sys
%LOCALAPPDATA%\Search Settings
%LOCALAPPDATA%\Foxit Software
%LOCALAPPDATA%\Babylon\ATI
%LOCALAPPDATA%\CyberLink\CutePDF Writer
%LOCALAPPDATA%\Apple Computer\Ahead
%UserProfile%\Local Settings\Application Data\Microsoft
%LOCALAPPDATA%\Nico Mak Computing
_VOIDtmp
%LOCALAPPDATA%\Ask.com
%LOCALAPPDATA%\GNU
%LOCALAPPDATA%\Logos4\Google
%LOCALAPPDATA%\Avg2013\AVG Secure Search
%LOCALAPPDATA%\Apple Computer\Adobe
%LOCALAPPDATA%\ATI\Adobe
%LOCALAPPDATA%\ProtectStar
%LOCALAPPDATA%\MainConcept (Muvee)
%LOCALAPPDATA%\VidSoft
%LOCALAPPDATA%\ScanSoft
%LOCALAPPDATA%\AlwaysNeat\Adobe
%LOCALAPPDATA%\DataMngr
4DW4R3.sys
%LOCALAPPDATA%\Adobe\ActiveState
%LOCALAPPDATA%\Enterbrain
%LOCALAPPDATA%\AhnLab
%LOCALAPPDATA%\Downloaded Installations\Dell Edoc Viewer
%LOCALAPPDATA%\Affinix
uacinit.dll
%LOCALAPPDATA%\APN\Adobe
%LOCALAPPDATA%\AVS4YOU
%LOCALAPPDATA%\Apple\Adobe
%LOCALAPPDATA%\Spotify
%LOCALAPPDATA%\Apple Computer\Apple
%UserProfile%\Local Settings\Application Data\RealNetworks
%UserProfile%\Local Settings\Application Data\Apple Computer\Apple
%LOCALAPPDATA%\Motive
%LOCALAPPDATA%\Inbox Toolbar
%LOCALAPPDATA%\Move Media Player
%LOCALAPPDATA%\Bodog Poker
%LOCALAPPDATA%\Ahead
uactmp.db
%LOCALAPPDATA%\LeaderTech
%LOCALAPPDATA%\Apps\APN
%LOCALAPPDATA%\7-Zip
%LOCALAPPDATA%\AIM\Adobe
%LOCALAPPDATA%\Apps\Adobe
%LOCALAPPDATA%\DT Soft
%LOCALAPPDATA%\Hewlett-Packard
%LOCALAPPDATA%\Bitberry
%LOCALAPPDATA%\Tibo Software
%LOCALAPPDATA%\Askcom
%LOCALAPPDATA%\Dell
4DW4R3sv.dat
%LOCALAPPDATA%\Softonic
%LOCALAPPDATA%\JavaSoft
%APPDATA%\Bitrix Security
%LOCALAPPDATA%\Lenovo
%LOCALAPPDATA%\VirtualDJ
%LOCALAPPDATA%\Macromedia
%LOCALAPPDATA%\Conduit\Adobe
%LOCALAPPDATA%\Mozilla
%LOCALAPPDATA%\Highway
%LOCALAPPDATA%\MainBoss
%AppData%\?????
UAC.db
%LOCALAPPDATA%\PTP
%LOCALAPPDATA%\Unity
%LOCALAPPDATA%\Winferno
%AppData%\????
%LOCALAPPDATA%\Valve
%LOCALAPPDATA%\Macrovision
%LOCALAPPDATA%\Google\Apps
_VOID.dat
wdmaud.sys
%LOCALAPPDATA%\Savings Bond Wizard
%LOCALAPPDATA%\Akamai
%LOCALAPPDATA%\Apple\Ancestry.com
%LOCALAPPDATA%\FreeCDRIP
%LOCALAPPDATA%\SSPrint
%LOCALAPPDATA%\Amazon
_VOIDmainqt.dll
%LOCALAPPDATA%\Sony Corporation
%LOCALAPPDATA%\Aimersoft\Adobe
%LOCALAPPDATA%\ArcSoft\Apple
%LOCALAPPDATA%\Dell\Adobe
%LOCALAPPDATA%\Apple\AOL
%LOCALAPPDATA%\CrashDumps\Apps
%UserProfile%\Local Settings\Application Data\Netscape
4DW4R3c.dll
%LOCALAPPDATA%\Widcomm
4DW4R3.dll
%LOCALAPPDATA%\Synaptics
%LOCALAPPDATA%\Full Tilt Poker
NOTEPAD.EXE
kbd101V.dll
%LOCALAPPDATA%\Intuit
%LOCALAPPDATA%\Sonic
%LOCALAPPDATA%\SupportSoft
%LOCALAPPDATA%\WinRAR SFX
%LOCALAPPDATA%\IADirectShow
UAC.tmp
%LOCALAPPDATA%\DeviceVM
%LOCALAPPDATA%\RuneScape
%LOCALAPPDATA%\Blizzard Entertainment
%AppData%\???
_VOID.dll
%LOCALAPPDATA%\CyberLink
%LOCALAPPDATA%\RealNetworks
%LOCALAPPDATA%\LDM
%LOCALAPPDATA%\McAfee Personal Vault
%LOCALAPPDATA%\MainConcept
%LOCALAPPDATA%\HP
%LOCALAPPDATA%\Roxio
%LOCALAPPDATA%\Red Storm Entertainment
%LOCALAPPDATA%\ClassesB
%LOCALAPPDATA%\EasyBits
%LOCALAPPDATA%\NDS
%LOCALAPPDATA%\MainConcept (Adobe2)
msdeltam.dll
%LOCALAPPDATA%\Corel
%LOCALAPPDATA%\NPE\Microsoft Help
%LOCALAPPDATA%\Diagnostics\Dell
%LOCALAPPDATA%\Chromium\Apple Computer
%LOCALAPPDATA%\Flux
UAC.dat
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *