Learn How to Remove Google Redirect Virus

What is Google Redirect virus and why it is so important to remove it?

There are plenty of articles already on the Web about Google redirect virus, Google hijacker, Google virus and so on… Why then I am writing on that specific theme again? Because from my searches I found that no article or blog post is good enough to provide Internet users a real, working and most important, a free solution for dealing with the Google redirect virus. That is why I collected almost all possible information available on that problem, cleaned all the garbage and useless stuff, and summarized the most important things people should know about Redirect virus.

Google hijacker or Google redirect virus is rather a symptom of a computer infection than an actual virus. The name comes because of the fact that when a user makes a search on Google (same with Yahoo! And Bing by the way) and clicks on a certain link, his browser is redirected to completely unrelated site that has nothing common with the one in Google’s list. On Table 1 you can find a short list of some of the possible sites here Google search is redirected to:

Webiste Online at the moment
best-search-results .com No
find-quick-results .com Yes
bestclicksnow .com Yes
bestsearchpage .com No
asklots .com No
alltheservices .com Yes
alive-finder .com Yes
admarketplace .com No
adf .ly Yes
adorika .com Yes
7search .com Yes
10-directory .com Yes
btcar .com Yes
sites.securepaynet .net/redirect_0.html No
dollartrade .com No
hapilli .com Yes
overclick .com Yes
Table 1. Redirect virus hijacks Google searches to these sites

This happens as a side effect of a very dangerous rootkit dubbed TDSS (also known as Alureon, TDL3, TDL4). You must keep in mind that if your Google searches are hijacked then this is the least problem you have, because there is 99% chance to have a rootkit installed on your computer.

What if you got a TDSS rootkit, deeply hidden in your Windows operating system?

TDSS rootkit is one of the most sophisticated computer infections made ever. From the time of its birth in 2008, it always has been respected by security researchers for its capabilities and features. Think of it like the Stealth aircraft in the US army, no radar can find it, it is literally invisible. With the use of low-level instructions TDSS becomes invisible for almost all anti-virus programs. Also, TDSS encrypts all the communication traffic between the infected computer and the Command and control (C&C) center (hacker’s side) with strong SSL encryption. That helps it to stay out of the radar of the network-monitoring tools.

I will not start talking about all the tech specifications of this parasite and confusing you with strange and incomprehensible IT terms. I just want to visualize all the problems that can come to your head if you have this Google redirect virus. You must be aware that if spot Redirect virus symptoms, then you have a rootkit installed on your machine. If you have a rootkit, then you are in a great danger because:

  1. Your computer is part of a Botnet (a network of infected computers that have been set up to forward transmissions (including viruses or spam) to other computers on the Internet.)
  2. Once installed, TDSS rootkit communicates with its C&C center, receives and executes commands.
  3. TDSS can (and most probably will) download and install additional malware to your PC (such as Trojans, keyloggers and rogue anti-virus software)

Here are some real-life examples of the destructive power of TDSS rootkit:

By using rootkit’s communication abilities, hackers can remotely install a keylogger on your computer. Then, they will receive every keystroke your make on a plate. Your privacy, your financial information and your whole life are fully exposed to them. Let’s face the facts – hackers are not nice, geeky kids anymore, they are aggressive, greedy Internet thieves. Do you bank online? Do you use your credit card to pay for various stuff ordered on the Internet? You risk all your hard earned money because you got infected with TDSS rootkit!

Another possible harm can be done if TDSS installs a rogue anti-virus program on your computer. As many of you already know, rogue anti-viruses are very hard to deal with, because in most cases they:

  • block other programs from running
  • prevent legal anti-virus program from launch (even if the infected user already has some anti-virus software installer, he can not run a scan for the threat)
  • disable Task manager (thus making harder for the infected user to stop the rogue`s running process disable regedit.exe (preventing the user from modifying the auto-run mechanism of the rogue)
  • kill almost all Internet traffic from and to the infected computer
  • block computer security sites from being opened via Web browser
  • trick many infected users to pay for its “full version”

To summarize everything I wrote so far: if you have Google redirect, then there is a great chance you have TDSS rootkit installed on your PC. If you have TDSS rootkit, then your private information and your money are in a real, great danger!

I am infected with TDSS rootkit, now what?

First of all, stop using the computer for any activities like online banking and credit card payment!

Next, install and run a computer security suite named Spyhunter. During my 3-week tests, I found that this software cleaned 9 out of 10 TDSS infections I used on my testbeds. Some other tools I tried hardly cleaned four. Not only that, but Spyhunter found and cleaned a dozen of additional Trojans running on the infected test machines, as long as 3 keyloggers. This was not the end – Spyhunter figured out also that the DNS settings on some of the test machines were poisoned and fixed that too. So I was really amazed how the guys that make this software stacked everything together.

Last, but not least – check all your recent bank and credit card statements for illegal transactions. If you find something wrong, call the bank immediately and let them know you became a victim of Internet fraud.

I hope that my article helped to understand that is Google redirect virus and what dangers it brings to you. I heartily recommend to not download and use cracks or keygens, they are often vector for very nasty infections. Also, avoid shady and doubtful Websites, as many of them are infected with Java drive-by-download exploits and become incubators for computer malware.

Stay sharp and surf safe!