As I mentioned in one of my earlier post, Google Redirect virus is without doubt, the toughest and the most annoying computer infection of all time. You might be wondering, what gives me the authority to speak on this topic? For this, I need to give you a small introduction about myself before justifying my post.
My exposure to computer security issues was at its peak while working for a software giant in the field of computer security. I was a trainer and lead a small but elite team of technicians who specialize in handpicking and removing computer infections which could not be detected by our security software. My team members were well experienced and brilliant troubleshooters to the point that just by the name of the infection or even by listening to a customer’s description about symptoms, they could directly go the location where the file is hiding and remove it fixing the issue. Whenever a new infection was released, it never bothered us much cos we know that the troubleshooting steps we devised over the years of experience were so powerful that no computer infection can escape detection. The team had a resolution rate of 95%. Most of the remaining 5% of unresolved issues were related to complicated Operating system issues and those customers were promptly redirected to Microsoft for further assistance.
In the middle of 2008, we first came across the first documented browser redirect issue. At first, it was just one of the many strange case that lands in our bin once in a blue moon. We could not fix it and left it as just another strange unresolved case. But then there were more instances of this strange issue happening again and again. When the numbers kept increasing, we could not ignore it anymore. By this time, these issues were widely reported on the internet and we found that it was even given a name “google redirect virus”. We immediately put up a research team to investigate and find a fix for this infection. It was tough, but yes we finally did it.
Why couldn’t we detect google redirect virus using our usual methods?
Removing a typical computer infection manually is quite easy. All you need is to search and remove the infection from certain locations inside the computer called as loading points. Loading points are locations inside the computer, where once the infection gets loaded it interacts with the operating system files and start altering the way it normally works. To be precise, let’s assume that I got a virus file “abc.exe” and I copy it to c:\ in my computer. Even though I have an infected file inside my computer, technically my computer is still not infected. The reason, the infection is not inside any of the loading points and is still not capable of creating any issues on my computer. C:\ is not considered as a loading point. But if I click on the file abc.exe, it goes through a series of process which places the viral code or virus files inside the loading point. Now my computer is technically infected.
We follow an 18 step troubleshooting procedure which allow us to manually go through all the loading points, find the infection and remove it from there. Any normal malware or computer infection can easily be removed just by following these methods. (These steps are mentioned in my book virus removal secrets revealed)
In case of redirect virus, it was not easy as the infections were not directly found inside the loading points. Some of these infected files were well hidden, what we used to call“super hidden” files. Super hidden files are those files which are hidden even when you select the option “show hidden files” under folder options. The failure of our normal manual troubleshooting was that, we were never able to find the google redirect virus file residing inside the loading point as those files were supper hidden.