What we found about google redirect virus?
The need for a different approach in removing this infection came when we realized that the infection is actually a rootkit and not like any of the other type of infection that usually infects a PC. You may find the details of different type of computer infection in this link. Rootkits are the toughest infection to fix when it comes to virus removal. Our only solution at that point was running a software that specializes in rootkit removal. But the truth is, even these softwares were not able to remove rootkits every time which again required us to find a manual solution.
How we finally tackled google redirect virus?
The challenge for us now was “how to find details about the file which is super hidden”? Soon we found out that the details were readily available in 2 locations namely ntbtlog.txt and msinfo32. All you have to do is to go through the list, find the name and location of the supper hidden file. Once the location was found, all we have to do is go to the location where the supper hidden files are hiding and then use the command for removing these supper hidden files. Bingo…. That worked and finally we had a solution for removing google redirect virus. The article on how to remove google redirect virus manually might help you in understanding it better.
Still I am proud that to be part of the team which had success in nailing this threat manually.(Unfortunately, like the title “first man on moon” “who invented electricity”, we didn’t get any title for finding the most effective method for fixing google redirect virus manually. But yes, we did get some appreciation for our work from some lesser know, but big shots inside the organization)
Did we finally nail the google redirect virus?
Honestly….not really. The happiness was short lived. Even though we had success in removing the infection using the new method, there were rare instances of this issue still not be resolved.
We again researched on it and found out that there is a case of atapi.sys infected. atapi.sys is a file located inside the C:\Windows\Drivers folder. As I am writing this post, I just checked the size of my atapi.sys file and it is 22KB which is normal. But in some case of redirection issue, we found that the size of this file was more than 200-300 KB. The solution was replacing the corrupted atapi.sys file with a fresh one using the operating system disk. But it is risky, had a 50-50 chance of success as it might even crash your computer.
The good news. The case I said above, regarding atapi.sys infected is found very rarely and I sincerely hope, none of you get that infection.
I am no more working with any of these software giants, but I am still in touch with some of my team members. Google redirect virus is still one of the hot topics that we discuss over a cup of tea. Lately it was found that redirect virus might be infecting more system files like atapi.sys. If that is the case, finding each and every infected system file is going to be a herculean task and it is almost impossible to do troubleshooting manually. But as I said before, the incidence of infecting atapi.sys happens very rarely.