I am Anup Raman, a Tech enthusiast, Blogger and Technical trainer with 10+ yrs of experience in IT related services. My experience includes 5+ yrs working for Microsoft and the remaining with Symantec and McAfee. My expertise includes fixing and finding solutions to operating system issues and removing virus manually from computer. Also authored Virus Removal Secrets Revealed, a guide on removing computer infections manually without using any security software. The troubleshooting steps mentioned here are tried and tested, same exact steps followed by professional technicians for removing google redirect virus manually. Hope you find this guide helpful in getting rid of this dangerous infection. Feel free to share this article, you might be able to help someone in need.
Google redirect virus is one of the most annoying, dangerous and toughest infection ever released on internet. Google redirect virus is responsible for redirecting google search results or normal website links to a malicious webpage. This redirected webpage is mostly related to some advertisement page or a hacker created page which is designed to gain viewers trust and extract information from them.
Google redirect virus is also called Yahoo Redirect Virus or Bing Redirect Virus, cos this not only redirects google search result, but also yahoo and bing search engine results. Recently a modification of this infection has popped up as Nginx Redirect Virus and Happili Redirect Virus. In reality, all these infections are same but with some changes in the way it attacks a program.
Not much computer users know that Google redirect virus is not a virus, but a rootkit. Rootkit infections unlike virus, spyware or trojan infections are very difficult to remove. Rootkits are designed in such a way that, once it gets inside the computer it gets attached itself to the core operating system file. They are also designed brilliantly to avoid detection by removing their footprints. To make issues worse, google redirect rootkit is seen associated with Trojans which makes it more deadly. According to a 2011 report, Google redirect virus have already infected 45,00,000 computers wide, out of which 1/3rd is from US.
Why is Google Redirect Virus hard to remove?
Google redirect virus is tough to remove because of its ability to hide deep inside the operating system and also its ability to remove traces and footprints on how it got inside the computer. Once it gets inside, it attaches itself with core Operating System files making it looks like a legitimate file running inside the computer. Even if the infected file is detected, at times it is hard to remove cos of its association with operating system file. As of today, not a single security software in the market can guarantee you 100% protection from this infection. This explains, why your computer got infected in the first place even with a security software installed.
The article here explains on how to handpick and remove google redirect virus. From a computer technicians point of view, this is the most effective method ever developed to remove google redirect virus manually. Technicians working for some of the biggest security software brands follow the same method when they have to resort to removing google redirect virus manually. Every attempt is made to make the tutorial simple and easy to follow.
The methods mentioned here are the most effective and the original steps followed by tech support professionals all over the world to manually get rid of google redirect virus. But some of you might find the methods mentioned here complicated and too technical to follow or maybe taking too much of your time. If you don’t want to get your hands dirty and would like professional help, try fixredirectvirus.org, a dedicated group of professionals dedicated to finding fix for browser redirection and related infections. This is currently rated as the No.1 service available in the market for removing google redirect virus. Rather than paying couple hundreds for a tech shop repair, I find this service cheaper and more effective. Also you get the issue fixed in less time.
Please Note: I don’t own this service or is involved in developing any tools. The entire credit goes to the organization. My recommendation is only based on honest user reviews and personal feedback through comments and mail, some of which are listed under the comments section.
Highlights of their service:
- Collection of tools which are constantly updated for handling the latest variants of this infection. Free access to their future updates. Guidance on how to use the tools also provided.
- Quick resolution. Saves you time and countless unproductive hours.
- Presence of multiple tools inside the package to ensure that if one tool fails, you still have other tools to try out to get rid of google redirect virus.
- Dedicated team providing 24/7 support.
- Service provided at an affordable price. Professional services such as tech shop repairs and virus removal services charge more than 100$ for getting rid of this infection.
- Guaranteed Virus Removal or Get Refund.
Two of the most popular methods to remove Google Redirect Virus
- Try tools available online or go for a professional tool
There are plenty of security tools available in the market for different purposes. But none of these tools are developed specifically for removing google redirect virus. While some had success in removing the infections using one software, the same may not work for another computer. A few end up trying all different tools which create more problems by corrupting OS and device driver files . Most of the free tools are hard to trust as they have a reputation for corrupting operating system files and crashing it. So take a back up of important data before trying any free tools to be on the safer side.
You can also get help from professionals who specialize in removing this infection. I am not talking about taking your computer to a tech shop or calling geek squad which costs you lot of money. I did mention a service before which you can try it as a last resort.
- Try to remove google redirect virus manually
There is no easier way to remove an infection other than running a scan using a tool and fixing it. But what if you already done that and failed to fix the problem. The last resort is to try removing the infection manually. This is my most favored method, but may not be the same for everyone. This is time consuming and some of you might find it hard to follow instructions cos of its technical nature. This method is very effective, but failure to follow instructions properly or possibility of human error in identifying the infected file can render your efforts ineffective. To make it easier for everyone to follow, I created a step by step video explaining details. It shows same exact steps used by virus removal experts to remove virus infection manually. You can find the video towards end of this post.
Troubleshooting steps for removing Google Redirect Virus manually
Unlike most of the infections, in case of Google Redirect Virus you will find only one or two files which is related to the infection. But if the infection is ignored initially, the number of infected files seems to increase over a period of time. So better get rid of the infection as soon as you find redirect problems. Follow the troubleshooting methods mentioned below to get rid of google redirect virus. There is also a video below.
1) Enable hidden files by opening folder options (start –>run –> control folders),under view tab
- enable show hidden files, folders and drives
- uncheck hide extensions for known file types
- uncheck hide protected operating system files
2) Open msconfig (start –>run –> msconfig)
- Click “Start” –> run –> msconfig)
- Go to “boot” tab if you are using Vista or Win 7. In case of XP, select “boot.ini” tab
- check bootlog
3) Restart computer
Restart computer for making sure that changes you made are implemented. (On restarting computer a file ntbttxt.log is created which is discussed later in troubleshooting steps)
4) Do a complete IE optimization
Read this article on how to do an Internet Explorer optimization. Internet explorer optimization is done to ensure that redirection is not as a result of problem with IE or corrupted internet settings. Even if you use a different browser other than Internet explorer, IE optimization is compulsory as IE settings acts as the basic settings for any web browser using windows operating system.
5) Open device manager (start –>run –> devmgmt.msc)
- Click “Start” –> run –> devmgmt.msc
- Click “view” tab on top. Select “show hidden devices”
- Look for “non-plug and play drivers”. Expand it to see entire list under option.
- Check if you have any entry TDSSserv.sys. Note down name carefully. Right click on entry and uninstall it. Don’t restart computer yet, cancel it. Continue troubleshooting without restarting.
6) Open registry (start –>run–>regedit). Take a backup of registry before making changes
- Click on edit –> find. Enter first few letters of infection name. In this case, I used TDSS and searched for any entries starting with those letters. Every time there is an entry starting with TDSS, it shows the entry on the left and value on right side.
- If there is just an entry, but no file location mentioned, then delete it directly. Continue searching for next entry with TDSS
- The next search took me to an entry which got details of file location on right which says C:\Windows\System32\TDSSmain.dll.You need to utilize this information. Open folder C:\Windows\System32, find and delete TDSSmain.dll mentioned here.
- Assume that you were not able to find file TDSSmain.dll inside C:\Windows\System32.This shows entry is super hidden. You need to remove file using command prompt. Just use command to remove it. del C:\Windows\System32\TDSSmain.dll
- Repeat same until all entries in registry starting with TDSS is removed. Make sure if those entries are pointing towards any file inside folder remove it either directly or by using command prompt.
Assume that you were not able to find TDSSserv.sys inside hidden devices under device manager, then go to Step 7.
7) Check ntbtlog.txt for corrupted file
By doing Step 2, a log file called ntbtlog.txt is generated inside C:\Windows. It’s a small text file containing lot of entries which might run to more than 100 pages if you take a printout. You need to scroll down slowly and check if you have any entry TDSSserv.sys which shows that there is an infection. Follow steps mentioned in Step 6.
In above mentioned case, I mentioned only about TDSSserv.sys, but there are other types of rootkits which do same damage. Let’s take case of 2 entries H8SRTnfvywoxwtx.sys and _VOIDaabmetnqbf.sys listed under device manager in my friends PC. The logic behind understanding if it is a dangerous file or not is mainly by their name. These name makes no sense and I don’t think any self respecting company will give a name like this to their files. Here, I used first few letters H8SRT and _VOID and did steps mentioned in Step 6 to remove infected file. (Please Note: H8SRTnfvywoxwtx.sys and _VOIDaabmetnqbf.sys are just an example. The corrupted files can come in any name, but it will be easy to recognize because of the long file name and presence of random numbers and alphabets in the name.)
Please try these steps at your own risk. steps mentioned above won’t crash your computer. But to be on the safer side, it is better to take a backup of important files and ensure that you have option to repair or re-install operating system using OS disk.
Some users might find troubleshooting mentioned here complicated. Let’s face it, infection itself is complicated and even the experts struggle in order to get rid of this infection.
You now have clear instructions including step by step video on how to get rid of google redirect virus. Also you know what to do if this didn’t work out. Take action immediately before the infection spreads to more files and render the PC unusable. Share this tutorial. It makes a huge difference to someone facing the same problem. Good Luck.