Google Redirect Virus

What is Google Redirect Virus?

Is your computer corrupted by the infamous Google Redirect Virus? If “yes” – you have no time to waste as the malicious infection needs to be removed as soon as possible. Despite the urgency of the task, there are a few important things you should know. First of all, we should define the infection that is corrupting your PC. Contrary to the popular belief, the “Virus” actually deserves a category of a rootkit or a Trojan. This is due to the fact that the infection runs using rootkit functionality which may make it impossible for you to discover and delete Google Redirect Virus in time. Furthermore, just like a Trojan, this “virus” does not distribute itself, and schemers use tried-and-tested security gaps and loopholes which help infiltrate malicious files without your acknowledgement.

How I got Google Redirect Virus

One more myth that has to be broken is that Google Redirect Virus is represented through Google rerouting only. In the wild the infections has been noticed to affect browsing via Bing and Yahoo as well. Regardless of the popular name, the rootkit is also known by multiple other names, including Trojan.TDSS, W32.Tidserv or Trojan:Win32/Alureon. Needless to say, different names do not mean that the infection acts differently, as it has been created to collect private information, spy on browsing habits, reroute to malicious sites and produce misleading advertisement. Unfortunately, the infection can also disrupt the running of your operating Windows system, you may notice decreased running speeds, inability to run certain programs or access computer security websites, as the Trojan can also filter search results. Additionally, the infection alters DNS settings.

It has been reported that FBI shut down the servers, through which Google Redirect Virus was controlled, back in July of 2012. Despite this, it could be a matter of time when the infection shows up again, which is why you should take appropriate measures to protect your PC. Please use the manual removal instructions below to delete malware and restore the functionality of your PC.

Manual (Free) Google Redirect Virus Removal

Modify proxy settings

Internet Explorer:

  1. Click on Tools and select Internet Options.
  2. Click on the Connections tab.
  3. Now click on LAN settings button.
  4. Uncheck the box found under the Proxy Server and hit OK.

Mozilla Firefox:

  1. Click on Tools and select Options.
  2. Find and click on the Advanced tab.
  3. Click on the Network tab and then Settings.
  4. Now click on Manual Proxy Configuration and enter required information. Hit OK.
  5. Click OK in the Options windows.

Google Chrome:

  1. Click on the “wrench” icon on the left hand-side.
  2. Select Settings from the menu.
  3. Scroll to the bottom and click Show advanced settings.
  4. Click on Network and hit the Change proxy settings button.
  5. Click on LAN settings under the Connections tab.
  6. Uncheck the box under Proxy server and apply your changes.

Modify TCP/IP settings

Windows XP:

  1. Open the Start menu and click on Control Panel.
  2. Double-click on Network Connections.
  3. Now double-click on Local Area Connection.
  4. Click on Properties.
  5. Select Internet Protocol (TCP/IP) and click Properties again.
  6. Make sure that “Obtain an IP address automatically” and “Obtain DNS server address automatically” are chosen and click OK.

Windows 7:

  1. Click on the Control Panel found within the Start menu.
  2. Search “adapter” and click View network connections under the Network and Sharing Center.
  3. Right-click on the connection you want to change and click on Properties.
  4. Under the Networking tab select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and click on Properties again.
  5. Make sure that “Obtain an IP address automatically” and “Obtain DNS server address automatically” are chosen. Hit OK.

Windows Vista:

  1. Start menu -> Control Panel.
  2. Network and Internet -> Network and Sharing Center -> Manage network connections.
  3. Right-click on the chosen connection and hit the Properties button.
  4. Click on the Networking tab.
  5. Select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6).
  6. Click on Properties.
  7. Ensure both “Obtain an IP address automatically” and “Obtain DNS server address automatically” are chosen. Press OK.

Modify Windows Host File

  1. Double-click on the “hosts” file under C:\Windows\system32\drivers\etc.
  2. Choose to open it with Notepad.
  3. Make sure the only existing line beneath the Copyright message is “127.0.0.1 localhost” or “::1”; otherwise, remove the additional lines and save the changes.

Manage browser add-ons

Internet Explorer:

  1. Click on Tools and select Manage Add-ons.
  2. Go to Enable or Disable Add-ons.
  3. Select Downloaded ActiveX Controls under the Show.
  4. Remove suspicious add-ons.

Mozilla Firefox:

  1. Click on Tools and select Add-ons.
  2. Add-ons Manager will show up in a new tab.
  3. Click on Extensions found in the menu on your right.
  4. Remove those add-ons which raise suspicion.

Google Chrome:

  1. Locate the three bar icon on your right and click on it.
  2. Click on Tools.
  3. Select Extensions from the expanded menu.
  4. Remove illegal, unauthorized or unwanted extensions.

Automatic Google Redirect Virus removal

Once you complete the manual removal instructions, you should download a computer scanner to check if all malicious programs have been deleted from the computer successfully. Since this particular application has rootkit functionality, manual removal may be insufficient. Automatic removal software not only can delete Google Redirect Virus but can also guard your operating Windows system against schemers’ attacks in the future. Download a reliable and legitimate virus removal tool HERE.

QR Code 100% FREE spyware scan and
tested removal of Google Redirect Virus *

Remove these Google Redirect Virus Files:

%AppData%\????
%LOCALAPPDATA%\DataMngr
%LOCALAPPDATA%\Diagnostics\Dell
%LOCALAPPDATA%\FreeCDRIP
%LOCALAPPDATA%\Akamai
%LOCALAPPDATA%\Apple Computer
%LOCALAPPDATA%\AIM\Adobe
%LOCALAPPDATA%\ClassesB
%LOCALAPPDATA%\Askcom
NOTEPAD.EXE
%LOCALAPPDATA%\Downloaded Installations\Dell Edoc Viewer
uactmp.db
_VOIDtmp
%LOCALAPPDATA%\7-Zip
%LOCALAPPDATA%\Aimersoft\Adobe
%LOCALAPPDATA%\WinRAR SFX
%LOCALAPPDATA%\HP
%LOCALAPPDATA%\Snapfish
%AppData%\???
%LOCALAPPDATA%\Highway
%APPDATA%\Bitrix Security
%LOCALAPPDATA%\Tific
%LOCALAPPDATA%\Tibo Software
4DW4R3.dll
%LOCALAPPDATA%\Adobe\ActiveState
%LOCALAPPDATA%\Chromium\Apple Computer
4DW4R3sv.dat
%LOCALAPPDATA%\Apple Computer\Ahead
%LOCALAPPDATA%\McAfee Personal Vault
%LOCALAPPDATA%\GSpot Appliance Corp
%LOCALAPPDATA%\Flux
UAC.tmp
%LOCALAPPDATA%\Apple\AOL
%LOCALAPPDATA%\Corel
%LOCALAPPDATA%\Widcomm
%LOCALAPPDATA%\NPE\Microsoft Help
%LOCALAPPDATA%\LDM
_VOIDmainqt.dll
%LOCALAPPDATA%\IADirectShow
%LOCALAPPDATA%\MainConcept
%LOCALAPPDATA%\Dell
%LOCALAPPDATA%\Lenovo
%LOCALAPPDATA%\VB and VBA Program Settings
%LOCALAPPDATA%\Nico Mak Computing
%LOCALAPPDATA%\Inbox Toolbar
UAC.db
4DW4R3.sys
%LOCALAPPDATA%\Google
%LOCALAPPDATA%\Microsoft Games\Google
%LOCALAPPDATA%\Amazon
%LOCALAPPDATA%\CyberLink
%LOCALAPPDATA%\ATI\Adobe
%LOCALAPPDATA%\Apple
%LOCALAPPDATA%\Enterbrain
%LOCALAPPDATA%\MainBoss
%LOCALAPPDATA%\Bitberry
%LOCALAPPDATA%\NDS
%LOCALAPPDATA%\Adobe
xriotabb.dll
%LOCALAPPDATA%\Intuit
%LOCALAPPDATA%\bProtector
%AppData%\?????
%LOCALAPPDATA%\Spotify
%LOCALAPPDATA%\Sony Corporation
%LOCALAPPDATA%\IM
%LOCALAPPDATA%\Intel
%LOCALAPPDATA%\Macrovision
%LOCALAPPDATA%\Winferno
%LOCALAPPDATA%\Logitech
msdeltam.dll
4DW4R3c.dll
%LOCALAPPDATA%\Apple Computer\Apple
%LOCALAPPDATA%\NVIDIA Corporation
%LOCALAPPDATA%\CrashDumps\Apps
%LOCALAPPDATA%\SkypeRS
%LOCALAPPDATA%\AIM Toolbar
%LOCALAPPDATA%\VirtualDJ
%LOCALAPPDATA%\Softonic
%LOCALAPPDATA%\DT Soft
%LOCALAPPDATA%\Paint.NET
%LOCALAPPDATA%\ScanSoft
%LOCALAPPDATA%\Conduit\Adobe
%LOCALAPPDATA%\Bodog Poker
%LOCALAPPDATA%\Unity
%LOCALAPPDATA%\SpeedyPC Software
%LOCALAPPDATA%\Move Media Player
%LOCALAPPDATA%\Gabest
%LOCALAPPDATA%\Mozilla
%LOCALAPPDATA%\Foxit Software
%LOCALAPPDATA%\Zugo
%LOCALAPPDATA%\Adobe\Acer
%LOCALAPPDATA%\LeaderTech
%LOCALAPPDATA%\Diagnostics\Apple Computer
%LOCALAPPDATA%\Vodafone
%LOCALAPPDATA%\Ahead
%LOCALAPPDATA%\Apps\APN
%LOCALAPPDATA%\Apple Computer\Adobe
%LOCALAPPDATA%\Realtek
%LOCALAPPDATA%\SSPrint
%LOCALAPPDATA%\GNU
%LOCALAPPDATA%\BitTorrent
%LOCALAPPDATA%\Microsoft
UAC.sys
%LOCALAPPDATA%\Synaptics
uacinit.dll
%LOCALAPPDATA%\DeviceVM
KBDSL1B.dll
%LOCALAPPDATA%\CamfrogWEB
%LOCALAPPDATA%\Savings Bond Wizard
%UserProfile%\Local Settings\Application Data\RealNetworks
%LOCALAPPDATA%\AVS4YOU
%LOCALAPPDATA%\AhnLab
%LOCALAPPDATA%\CyberLink\CutePDF Writer
%LOCALAPPDATA%\Simutronics
%LOCALAPPDATA%\SupportSoft
%UserProfile%\Local Settings\Application Data\Microsoft
%LOCALAPPDATA%\Avg2013\AVG Secure Search
%LOCALAPPDATA%\PTP
_VOID.dll
kbd101V.dll
%LOCALAPPDATA%\ArcSoft\Apple
%LOCALAPPDATA%\APN\Adobe
_VOID.dat
%LOCALAPPDATA%\RuneScape
%LOCALAPPDATA%\Valve
wdmaud.sys
%LOCALAPPDATA%\Red Storm Entertainment
%LOCALAPPDATA%\Logos4\Google
%LOCALAPPDATA%\Hewlett-Packard
_VOID.tmp
%LOCALAPPDATA%\Conduit\Avg2013
%LOCALAPPDATA%\assembly\Adobe
%LOCALAPPDATA%\EasyBits
%LOCALAPPDATA%\ProtectStar
%LOCALAPPDATA%\Roxio
UAC.dll
%LOCALAPPDATA%\Motive
%LOCALAPPDATA%\Netscape
%LOCALAPPDATA%\Google\Apps
UAC.dat
%LOCALAPPDATA%\Apps\Adobe
%LOCALAPPDATA%\Apple\Adobe
%LOCALAPPDATA%\JavaSoft
%LOCALAPPDATA%\VidSoft
%LOCALAPPDATA%\Downloaded Installations\Apple Computer
%LOCALAPPDATA%\Macromedia
%LOCALAPPDATA%\AlwaysNeat\Adobe
%LOCALAPPDATA%\MFAData\Deployment
%LOCALAPPDATA%\LogMeIn
%LOCALAPPDATA%\Conduit\Babylon
%LOCALAPPDATA%\Search Settings
%LOCALAPPDATA%\Full Tilt Poker
%LOCALAPPDATA%\Blizzard Entertainment
%LOCALAPPDATA%\MainConcept (Muvee)
%LOCALAPPDATA%\Apple\Ancestry.com
%LOCALAPPDATA%\Comical
%UserProfile%\Local Settings\Application Data\Apple Computer\Apple
%LOCALAPPDATA%\Sonic
_VOID.sys
%LOCALAPPDATA%\RealNetworks
%LOCALAPPDATA%\Dell\Adobe
%LOCALAPPDATA%\MainConcept (Adobe2)
%LOCALAPPDATA%\Affinix
%UserProfile%\Local Settings\Application Data\Netscape
%AppData%\??????
%LOCALAPPDATA%\Babylon\ATI
%LOCALAPPDATA%\Ask.com
Disclaimer
Disclaimer
Error: please type a comment.

Leave a Comment

Enter the numbers in the box to the right *