How to Remove the Google Redirect Virus

Written by: Donna Buenaventura • Edited by: Lamar Stonecypher
Updated Aug 5, 2011 • Related Guides: Search Engine | Google | Anti-malware

TDL3 Rootkit has caused the Google redirect virus infection. A person who is using Google as a home page or search engine is redirected to visiting unwanted websites. Google redirect virus removal is detailed in this article.

If you are being redirected to an unwanted website or another search engine, your browser is not only hijacked by a Trojan, but the

click to enlarge

computer is also infected with a TDL3 rootkit as well. This threat is also known as the TDSS or Alureon rootkit. Many anti-malware vendors have failed to detect and prevent the infection in the past months, but to date, the latest variant of TDL3 rootkit is possible to remove using several tools and malware removal programs.

The first method to use is to run a scan using an anti-malware removal program that is fast in detecting the TDL3 rootkit. By fast detection, I mean that the security vendors that are able to release a detection and removal in no time. Using anti-malware programs to scan and remove is important, enabling you to find other malware that has resided in your computer as well as the TDL3 rootkit.

A-squared Free or A-squared Anti-Malware – both versions provide a scanner and remover of Google redirect virus (AKA TDL3 rootkit). A-squared flags the said infection as Rootkit.Win32.TDSS!IK. Note the IK in the threat name which means, the Ikarus detection. Ikarus is another antivirus engine that is integrated in A-squared programs.
Malwarebytes Anti-malware Free (AKA MBAM) and its paid edition – another anti-malware vendor that is fast in adding detection to latest threats. Free and paid editions of MBAM offer a scan and removal of Google redirect virus.
SUPERAntiSpyware Free and SUPERAntiSpyware Pro – like A-squared and MBAM, both programs of SUPERAntiSpyware provides a scan and removal options. SUPERAntiSpyware will detect and remove the said Google redirect virus infection as well.

If, for some reason the removal is not successful, this can happen if the infection is a new variant of TDSS rootkit. You should start using standalone removal tool. Choose any of the free tools below to remove the Google redirect virus:

Win32/Olmarik Removal tool by ESET
TDSSKiller by Kaspersky Labs.
Windows Malicious Software Removal Tool by Microsoft
BlackLight by F-Secure
Stinger by McAfee
CureIt! by Dr.Web. The alternative download location is in CNET.com. You need to update the detection to get the latest detection updates.

If you rather use an online scanner and remover, I suggest using Trend Micro Housecall and ESET Online Scanner.

Note that there are other removal tools for the Google Redirect virus infection such as ComboFix, which is easy to use, but you are better off using it only if you can follow a self-help guide. If not, just use one of the above-mentioned scanners or standalone removal tools or visit the malware removal forum over at Aumha.org or BleepingComputer.com. There are resident malware analysts in these forums to help you remove the Google redirect virus.

MrBonez Dec 4, 2011 6:04 PM

RE: How to Remove the Google Redirect Virus

The Google search redirect virus is a total pain - it's actually a browser hijack. When you conduct a Google search and click on a link, the virus injects itself into your computer during the redirection process, sends you to another website and then disappears. This is why tradition antivirus, malware and spyware programs cannot detect it - it doesn't stay active long enough. To find out more information on this virus and how to remove it, visit: <a>href="http://www.squidoo.com/how-to-remove-the-google-redirect-virus">http://www.squidoo.com/how-to-remove-the-google-redirect-virus</a>

clint Nov 23, 2011 7:22 AM

The only sure way to correct the problem is to delete the partition table. doing so you will loose everything. But you must delete the partition table. Do back everything up first. For all of you that say get Linux or Apple is safer, they are only safer because windows holds like 75% of the market. So it makes sense to create viruses that can cause the most damage to the largest amount of people (windows users).

Paula Oct 28, 2011 3:53 PM

Thank you for this information! Nothing I tried was working but then I found this article and tried the TDSSKiller. It worked like a charm and my laptop is now running better than it has in months!

Redirect Virus Oct 25, 2011 5:03 PM

Thanks for this Great Post , i am now able to solve my problem that happen on my pc

Xzavier Xzan Oct 24, 2011 5:28 PM

Sorry for the late response Wbi and thank you very much for you comment! I do currently work in IT. I have work in large corporations for the past 12 years!

Alexis Holcomb Oct 21, 2011 11:50 PM

I have linux and have this problem with google and bing (not dogpile yet, thankfully)...so where's your argument now?

JU Oct 10, 2011 4:45 AM

To Dan Ries

(To find Dan Ries comment, press Ctrl+F and copy paste Dan Ries Mar 5, 2011 5:12 AM )
Thanks a TON for the link. I was able to use TDSS Killer to find and eliminate the rootkit!
(Rootkit.Boot.SST.a) Plus, the link had som other interesting info.

JU Oct 10, 2011 4:42 AM

To Xzavier

(Press Ctrl+F and copy/paste this Xzavier Aug 9, 2011 4:38 PM
to find Xzavier's comment)
Thanks very much for the info. I've learned something new because of it.

Jason Sep 12, 2011 11:37 PM

Check your DNS settings in router

All Anti-Virus checks come back "0". Nothing picks up anything but yet you still get re-directed. Re-Imaged machine and went online and immediately had the same problem. Problem....."Router" The DNS settings in the router had changed to 213.... something. malwarebytes picked up the blocking of known malicious site but nothing on computer. The ONLY way to get rid of this is to reset router to factory settings and resetup router with different password. Use ipconfig /flushdns to clear all dns settings on computer as well.

HI Sep 3, 2011 6:07 PM

it doesnt work...

I tried all of them and only TDSSKiller started running. Then it said tht it deteced roorkit so i pressed cure. but when it was rebooted, the virus was still there. So i tried other ones, but at first they would start running but then it shuts off automatically. Im guessing its because of the virus. I have no idea what to do now. this is frustrating so much right now

kristina Sep 3, 2011 5:23 PM

TDSS KILLER

i used TDSS KILLER and it said that it detected the rootkit so then i pressed cure and it said that the computer needs to be rebooted. Once it was rebooted the virus was still there....

wbi Aug 25, 2011 11:13 AM

The Best

XZAVIER , thanks, solved the problem that no program was able to solve, you are very good, you should be working the best software companies. no one had solved the problem. your the best.

Xzavier Aug 9, 2011 4:38 PM

Guys, here is the FIX!

Guys, here is the removal for the redirect virus. You will know this is your solution beyond the shadow of a doubt once you see where all of those annoying redirects are hiding at. Having some experience with the registry is very helpful. If you don’t have any find somebody who does, backup your registry entries before making any changes and this info is for information purpose.

1.) Click on start, run, type in cmd press enter, type in ipconfig /flushdns press enter
2.) You need to check your Host file and lmHost file for domain entries.
3.) You will know them when you see them because your list will be HUGE! You will see THOUSANDS of domain entries in there. Next open the registry and go to these 2 hives. HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains delete everything except microsoft.com
4.) Next go to the Key P3P 2 folders up and delete the history entries. That will be all of the places you have been redirected to. You will see HUNDREDS of redirect domain entries! If you can replace the entire KEY on both Hives that would be better!!!
5.) You also need to check many other small things however these are the major identifiers.
6.) The reason why Virus scans and Spyware programs can’t find the so called Virus. Because it is not one! Scanning the registry is pointless because those new registry KEY's are legit KEY's. Think of it as you have a Google or Yahoo or Bing search bar in your browser. Let’s say you change the default search to a porn site. Is there anything wrong with your browser or default search engine? No! All spyware will scan past this because people have different search engines. It took me a month and a half to figure this out and I just happen to stumble upon the answer!
7.) I don’t know how the registry entries were changed so be alert that you might catch this annoying issue again!
8.) Get another PC registry KEY running the same version of I.E. That is what I did.

Gone Jul 23, 2011 11:24 PM

Redirect Solved after months and months

Hi all just thought I would post my solutions! All tests and software fixes would not work so I thought it may not be in my HD so I bypassed my wireless router and problem solved! It hides in wireless routers as well I pressed the reset button while on for about 30 seconds and then I had to reset the username and password again of course and the redirect is history It was never in my computer! Hope this helps others

bob Jun 14, 2011 1:03 AM

thank you!!!

I used "Win32/Olmarik Removal tool by ESET" and cleaned that in 2 seconds :)

Noel May 28, 2011 2:05 AM

TDSS Trojan getting nastier

thanks for your helpful article, however the latest tdss trojan is a nasty little bugger.

the only tool that worked was Cure It! by Dr. Web. the trojan prevented rkill and tdsskiller from running, even in safe mode.

stinger ran and found other infections, but did not detect tdss.

Donna Buenaventura Apr 24, 2011 8:45 PM

Hi Jake,
Have you tried using Malwarebytes Anti-Malware, Ad-aware by Lavasoft or SUPERAntiSpyware to scan the computer?
Can you please try checking how many Java program do you have in your computer? Go to Control Panel > Add or Remove Programs. Locate Java in the list.
If you find many version of Java, remove all of them. Install the latest version.

Clean the computer using CCleaner as well.

Jake Apr 23, 2011 5:06 PM

Redirect is dominating my life

Hi, I have windows xp. Its really old. whenever i use the internet my search gets redirected to some random website. I have tried many things with no success. Also, i downloaded a spyware program that didnt work and turned out to be another virus. Is there any way to manually delete the redirect virus so that i dont have to risk my computer getting infected with a third virus. Please help. im getting really scared cuz i can hear people talking through my speakers when i dont even hava any program open.

channel_girl Apr 19, 2011 4:13 PM

THE ANSWER TO GOOGLE / BROWSER REDIRECT SYNDROME!!!

After applying all the best antivirus and malware programs, I suspected this since it started with installation of a new wireless router. So I learned the ANSWER.
I logged onto my Linksys router settings by typing the xxx.xxx.x.x router address (shown in my Linksys manual) into the URL line of my internet browser. The previous personalized password I had used was no longer valid, and I had to use the default Linksys password. On the Lindsys Setup Page, I reset 3 rows of DNS settings to zero ("0") in each blank space, and then saved those settings. I also went right over to the Linksys Administration page, and reset, confirmed, and saved a new password. Upon saving the password, a popup screen popped up asking me to enter the new password I'd just registered. Upon entering that password, I was back into my Linksys screens. I then exited Linksys, rebooted the computer, and now the Google re-direct problem had disappeared.

Here is a useful link, from CNET: http://reviews.cnet.com/2300-3688_7-6568745.html?s=0&o=6568745&tag=mncol;page on how to set (or in this case, reset, your Linksys router).

Xzibitop Apr 11, 2011 4:06 PM

Great!! Gooogglle is Back!!

I tried TDSSKiller, SUPERAntiSpyware,A-squared, Malwarebytes but did't work for me. TDSSKiller has detected but can't cure.

Win32/Olmarik Removal tool by ESET solved the problem :)

I wasted so many time... I can't live without Google

Really helpful! THANK YOU!!

IT guy Apr 11, 2011 11:15 AM

Core Files?

I ran Emsisoft Anti-Malware and that killed it. I paid extra attention to what files were removed because I use a company PC that has DameWare on it and it was detected as a threat. DameWare is part of our standard image so I told Emsisoft Anti-Malware to ignore it. I did find, however, the three possible core files in the virus I had contracted:

glowext.dll
reseices.dll
itlpfw32.dll

I hope this info helps someone in the future.

Darlene S. Apr 9, 2011 8:52 PM

THANK YOU!!!

Starting about 2 days ago, my computer started acting really weird. It was slow to show my programs, redirected me to strange websites when I attempted to search for something, and just did not seem right overall. I downloaded the TDSSKiller and did not have much success with fixing the redirect virus on my computer, so I downloaded the Malwarebytes free version, and ran a full scan.

Malwarebytes found over 600 legitimate errors within 50 minutes, including trojans, malware, adware, and something called pup files (even ones my previous virus protection neglected to fully remove) and removed them permanently from my computer in moments! I noticed a different in how fast the computer loaded after the first restart. You totally saved me from system restoring my computer and hours of headache with one simple program! Thank you so much for your advice! :)))))

Steve Apr 6, 2011 10:48 PM

Another Helpful Tool

When I had this issue, I could not figure it it out for a long time but finally I ended up going with the tool offered at http://google-redirect-virus-removal.com and it got rid of the problem for me. Cost $30 but it was worth it to me to finally be over this problem!

Donna Buenaventura Apr 2, 2011 10:00 PM

That's great to hear, Kayone!

Kayone Apr 2, 2011 5:22 PM

Thank you Donna!

Amazing! I tried the A-Squared which is on your post and it found one virus. After deletion there is no redirecting malfunction. It finally worked since I wrestled against the google redirect virus. Thank you for your sincere help!

Donna Buenaventura Mar 31, 2011 1:04 PM

Crossing my fingers that your PC is no longer infected by this nasty trojan, Nick. Try scanning the system again to be sure :-)

Big Nick Mar 30, 2011 8:49 PM

I think I got rid of it!

I tried just about every malware tool I could find. Nothing worked. What SEEMED to work for me (I have not seen a re-occurance) is to delete everything out of my "temp" folders. I have a "temp" under "C:/", there's one under Documents and Settings/user_name/Local Settings, and one under WINDOWS. I hope it's really really gone!

Donna Buenaventura Mar 26, 2011 12:21 AM

Hi Chillu,

Try to download Malwarebytes and Hitman Pro from below links:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
http://www.surfright.nl/en/downloads/

Install Malwarebytes and allow the update. Scan the computer. If it finds any, let it clean the computer. Reboot and then scan again.
If it found nothing, try using Hitman Pro.

Also, reset your hosts file by using Microsoft Fix it 50267. You can download it from http://support.microsoft.com/kb/972034

Question: Is the problem occurs with any browser?

Regards,
Donna

Chillu Mar 25, 2011 9:13 PM

Help, Please

My laptop Dell inspiron windows XP was originally Redirecting from the web browser to other unwanted sites.I have a licensed AVG virus protection which I ran few times and I get the message that there is no virus but when I open any browser I get Google screen where I can input search words and result is displayed,when I try clicking on the result nothing happens,I cannot type any URL OR go to ANY WEBSITE the screen stays on the Google search.My computer reboots fine,my network is fine and internet connection is working.I misplaced system recovery disks and do not want system restore.
Please,help.Thanks

prasanna Mar 19, 2011 9:04 AM

thank you very much, it worked:)

BRIDGE Mar 15, 2011 10:04 AM

FINALLY FIXED REDIRECT VIRUS

I got an email from post express saying my package wasnt delivered. i opened it and my mcafee said it captured a trojan virus. my computer went down hill from there. kept running really slow, freezing , couldnt restart, and kept redirecting me to other websites when i clicked on websites on google. after hours with mcafee on online chat, nothing. scans kept coming up clean. did adaware search nothing changed. finally uninstalled mcafee. dowloaded norton and malware. scans found things but the virus kept coming back. then i chatted with norton and they did some norton erase to my computer and it is finally fixed and gone. hope this helps somebody

Kent Mar 12, 2011 7:29 PM

Thank you!

Finally, it worked! The A-Squared found it and two others. Thanks so much!

Amy Mar 10, 2011 4:23 PM

Thank you

Thank you so much! After 3/4 days of searching for a solution and scaning my laptop for hours on end, I have just used TDSSKiller, after reading you post, and it has worked!

Dan Ries Mar 5, 2011 5:12 AM

I was infected twice, the first time gave me a another virus that took out my whole system and I had to re-install windows. Needless to say,the second time around I wasted no time to find a cure. After downloading many "free" programs that searched and found the problem, but needed to be activated for a price, I found "TDSSKiller" for free. It took out the virus in a few minutes. I now keep a copy on a memory stick for future use. I am going to post this in a few other sites, but please pass this info along.

http://blogs.computerworld.com/16691/kasperkys_tdss_killer_lives_on
artfuleye

Jan Feb 21, 2011 10:22 AM

How to kill redirect malware

Because I have 2 comuters infected I called support our norwegian Norman AntiVirus company. They gave me a good recipe.
Shut down your computer. Restart [F8] in Safe Mode with network. Download Malwarebytes, install and upgrad if necessary. Run the program in Safe Mode. That will kill all redirect rootkit malware.
Good luck!

Donna Buenaventura Feb 21, 2011 6:43 AM

Glad to hear all is well, Trish! Good work :-)

Trish Feb 20, 2011 5:17 PM

TDSSKiller

I tried using the first methods you suggested by they didn't work. Then I tried the TDSSKiller - took about 3 mins to download and scan. It found it immediately and got rid of it just as fast. THANK YOU SOOOOOOOO MUCH!!!

Fernando Feb 14, 2011 1:23 AM

Jacob

Hey jacob i had the same problem that ur having right now, i got rid of mine by scanning with malwarebytes and spybot S&D. Try them =)

Donna Buenaventura Feb 8, 2011 1:34 AM

You're welcome, Jacob. Good luck!

Jacob Feb 8, 2011 1:13 AM

thank you

Thank you Donna I will try those, thanks for helping me out, its much appreciated!!!

Donna Buenaventura Feb 8, 2011 1:05 AM

Jacob,
I suggest to try first to reset IE settings and hosts file in Windows. Download the fix it tools from Microsoft to reset the said settings and file:
http://support.microsoft.com/kb/923737
http://support.microsoft.com/kb/972034

Configure IE Internet Options by unchecking all boxes in LAN settings.

If you are behind a router, reset it.

Try now to use TDSSKiller and then Malwarebytes anti-malware or better.. try Hitman Pro.

Jacob Feb 8, 2011 12:51 AM

Yes, I have tried it again... I downloaded it a 2nd time, ran it again and still said nothing found, but yet im still getting redirected and it said it had updated. Is there anything else? I cant seem to shake it

toothpicks Feb 5, 2011 7:37 PM

RESET THE ROUTER

The router must be reset (ie stick a paperclip in the back of the router to clear the router memory). My experience was that the DNS stored in my router had been changed, resulting in all outgoing traffic to be sent to some malicious site that would rewrite my Google search results, so that when I clicked on the search results, my browswer would be directed to a bogus URL. Flushing the DNS, via "ipconfig /flushdns" would only result in one "clean" google search. The next google searh would contain bogus URLs.

And, I downloaded the following for free to clean my computer: tdskiller, Malwarebytes, and CCleaner.

John M. Feb 4, 2011 10:19 AM

Redirect Virus Sorted !

I tried TDSSKiller and it found nothing.. Go to the directory with your hosts file. (Window 7 c:\windows\system32\drivers\etc\ You may find the hosts file is not there. Press alt key to bring up file menu. Goto Tools- Folder Options - View ....Tick show hidden files and untick hide protected operating system files
You should see your hosts file pop up.. You can try edit it with notepad but its usually locked. Get Malwarebytes and in more tools use FileAssassin to delete the hosts file. you can copy a clean hosts file from Microsoft .... Hey Presto

Tyler Kuskie Feb 4, 2011 2:32 AM

How I remove the redirect virus

There is one step missing. The Google redirect virus also infects explorer.exe and several other window files. By running anti-virus you are simply deleting the infected files and if explorer.exe is detected as an infected file it will be deleted. If explorer.exe is deleted your system won't work properly. What needs to be done is explorer.exe and any other corrupt windows files need to be replaced with an uninfected file. If possible reinstall your operating system on a separate drive or partition. (while in the new drive or partition) Then copy all the files that need to be replaced and paste and replace them on the drive or partition of the infection(make sure only the new files exist and the infected ones are deleted). After that reboot the computer. If the infected drive has trouble booting use the system repair on the O.S. disk to get it to boot once again. Now most of the virus is gone and you can now use SUPERanti-spyware to clean up the rest.

Stan Selby Feb 3, 2011 7:48 AM

Google redirect with $1000 gift card pop-up

Just wanted to give praise for the tdsskiller.exe I downloaded from the Kerpasky site. I worked on removing malware for almost 2 weeks. My troubles started with something changing my internet proxy settings. All my browsers quit working. Microsoft backups stopped working; couldn't find the backup drive. Then started getting the google redirect when I started my browser, that is whenever it would start. Had to hit the shortcut several times before a window would open. It affected all my browsers this way. For each activate I tried, a process would start: (iexplore, firefox, opera). I had Norton, Spybot and Adaware running and active when I was infected. After a week and a half of trying all sorts of things I found an article on the TDSSKILLER executable. Had to download it from the Kerpasky site to get the latest version and it worked beautifully. One execute/cure and all my problems went away. Thank you! Thank you! Thank you! Every time I start my browser I keep waiting for that dreaded redirect but hasn't happened since I ran TDSSKILLER.

Donna Buenaventura Feb 2, 2011 11:24 PM

Hi Jacob,
Did you use new version of TDSSKiller? It is updated often. Give it another try.

Jacob Feb 2, 2011 10:37 PM

Nothing works! :(

I've tried everything i can think of- Malwarebytes scanned, found them, and "deleted " them, but i still get the redirect from google.. so i tried everything on that list and nothing worked, i scanned with TDSSKiller multiple times, and it said no threats found, but im still being redirected, i cant get rid of this thing to save my life :( and whenever i click browse to upload photos, vid clips, music etc the program crahses, :( anyone have any ideas? im beyond frustrated

Kel Feb 1, 2011 3:50 PM

Yeah!!!! Redirect virus is dead!!!!

Thank you very much for your help!!! I installed TDSSKiller and it destroyed the virus in less than3 minutes! I tried other ones (AVG, Spybot, Malewarebytes), and they didn't work. Thanks again and peace and blessings come to you!

Anonymous Jan 31, 2011 9:45 PM

Hey Guys try this video!!!
http://www.youtube.com/watch?v=8dFbIj3Taq8&feature=feedu

Kris Jan 21, 2011 6:10 PM

THANK YOU!

This has to be the best advice I have found online. As skeptical as I was, the TDSSKiller worked like a charm. I will keep the zipped folder backed up on a thumb drive just in case.

Jeff Jan 21, 2011 3:38 AM

finally! TDSSkiller!!

after hours of running multiple different scans, TDSSkiller finally got my laptop all cleaned up!

Simon Weeks Jan 7, 2011 10:30 AM

Google redirect

Excellent article with sensible recommendations. TDSSKiller did it for me too. I'll be back next time I have a sticky problem

scorch Jan 2, 2011 5:42 PM

Goored worked for me

Anonymous Jan 2, 2011 10:46 AM

FREE ? No,

Except that none of these are actually FREE. they scan and then charge you for the cleanup. Big deal.

bobx Jan 1, 2011 4:52 PM

Linux guys

change to linux, and all your headaches will disappear.

I-Man Jan 1, 2011 1:33 PM

Thank you for this great info!

TDSSKiller worked in minutes, when other programs did not. Avast and Malwarebytes (free version) certainly have their place, but that annoying redirect virus met its fate only when I downloaded TDSSKiller.

Thank you!

Mark Dec 31, 2010 12:48 PM

No more redirect virus-THANK YOU

My laptop had this dreaded virus, not only redirecting, but sometimes a milky-white taskbar color, inoperative ctrl+alt+delete, inoperative taskbar or start menu, memory gobble and general slowness.

A pox to the virus developer and his children for all time!!!

I tried the Stinger first thinking Mcafee had their act together but it did not work. Next was the TDSSKiller and it worked by following the instructions.

Thank you Donna and Lamar and ESPECIALLY Kaspersky Labs for this wonderful program to get rid of this redirect virus. I hope you guys live to 100 years.

It was fast removal and it got rid of that little punk in the system.

Fran Dec 31, 2010 9:51 AM

Redirect virus is gone!

Great source! Use the Cureit by Dr. Web. It removed the redirect virus and it was free. Thank you, thank you and thank you for this help! I had spent hours trying to figure this out. Thanks for the good source!

Arrow Dec 29, 2010 4:49 PM

TDSSKiller did the job. Thanks!

m gro Dec 27, 2010 1:09 PM

it worked...easy/fast. thank you.

Tyler Dec 25, 2010 11:44 PM

No hope

Nothing works. Absolutely nothing!

Kim Dec 22, 2010 2:25 AM

I get it back every time i change router dns

For me the only way i was able to get rid of the redirect was to change my router DNS settings. The server that was redirecting me was 213.109.54.64 by changing it to google 8.8.8.8 (there are other free dns servers) the redirecting stopped ....however the google dns server is slower than the dodgy one so for downloads i always switch back to the dodgy one and get 3 times faster downloads but can't browse as the redirect is back. :-/

HeHeHe Dec 20, 2010 7:17 PM

great info. TDSSKiller was right on target.

Ben Dec 20, 2010 4:12 AM

It's the router

Check the IP address of the DNS server being used on each machine you have the problem with and then Google it and see what comes up. My DNS server had been re-routed to Russia which was then pointing the Google search results to advert sites. If you're using a router it may have have been hacked. Resetting each machine's DNS (and the router's!) to 8.8.8.8 (Primary DNS) and 8.8.8.4 (Secondary DNS) will cure the problem if this is the case. These are Google's own DNS addresses.

Marty Dec 9, 2010 9:20 PM

TDSSKiller killed it

Bought Malwarebytes, already own BitDefender, downloaded HitMan 3.5 and while they did their best, they weren't finding the Rootkit virus. Downloaded TDSSKiller after reading the many props for it here in the comments. Found and cured the problem literally in 5 minutes. Virus is gone, no more redirect. I am impressed. Have to get me the license version of Kapersky. Awesome article Donna, and great feedback posters..

Desiderus Erasmus Dec 5, 2010 8:33 AM

Royal Pain In the Bu.....

TDSSKiller did the job but it did have the benefit of me running half a dozen programmes before hand and finding one other issue ..... maybe time to change from AVG cos it just is letting too much past.

Veronica J Wilson Dec 3, 2010 2:23 PM

Trojan virus google redirect

What an annoying PITA the virus was redirecting me each time I searched on goolge. TDSSKiller Worked for me! Quick simple - easy to execute. Thank you Thank you !!! Oh and did I mention it was FREE?

Jacq Dec 3, 2010 11:37 AM

Thank you for continuing to provide solutions!

The last time my computer got a virus I had to pay to have it professionally removed. I thought I was going to have to do so again this time, after everything I tried failed. But after reading your reply to another user who wasn't having any luck in which you suggested hitmanpro, I gave this program a shot and IT WORKED. Donna, you are amazing. Thank you.

Vizzy Nov 28, 2010 12:01 PM

Amazing

Direct straight to the point no non sense. Perfectly worked. I think i'm in love with you Donna

doug Nov 25, 2010 11:35 PM

Google Redirector

Thank you !! The TDSS Killer worked after several other things did not. Fast and lethal. My compliments to whoever came up with the TDSS Killer.

kevin Nov 24, 2010 6:48 PM

Finally!

I've tried everything over the last three days. I ran the tdsskiller from Kaspersky on the first day. It did not cure my computer. Ran everything else listed here on this site. Still no cures. Today I gave the Kaspersky tdsskiller one more shot, but this time i renamed it. This worked!!! Running Malwarebytes now.

Steve Littlejohn Nov 23, 2010 5:37 PM

Google Redirect Virus

The redirect virus was driving me crazy spent hours searching files TDSSKILLER sorted everthing out many thanks Kaperski.

Bob Nov 20, 2010 9:59 PM

Another option

After fighting for 3 months with various spyware I decided to look at my router. Turns out that the router had been compromised and a DNS address was entered that causes the redirect. I changed it to google's DNS 8.8.8.8 and FINALLY no more redirects

Check your router settings and if it is an old router upgrade the firmware

Bill Nov 20, 2010 3:15 PM

Redirect malware uses your router

I had tried countless AVs, etc. Reset your router.

j4grave Nov 20, 2010 9:04 AM

Donna Rocks!

Thank you! Finally, a person who can really help, & knows her stuff. No BS advice, or bad info, or dead end links to a web page thats impossible to navigate around. Problem solved.

ted Nov 20, 2010 7:46 AM

trend

trend housecall has a problem with this rootkit.
Using "quick scan" (in settings) it doesn't find it. Using "full system scan" does find it....but....it has trouble digging it out....i got BSOD during the full scan...and a rough windows restart...."start windows normally" situation. The housecall couldnt complete the full scan without failing...its like it recognised it...but couldnt clean it??
Use the tools listed first.
Thats what happened for me anyway....good luck.

ted Nov 20, 2010 7:39 AM

kaperski TDSS killer fixed it !!!

YAY!
After trying every online scan and avg and spybot etc i couldn't remove the horrible thing until i used kaperski TDSS killer.
Many Many thanks!
It is not easy to see this virus as it only redirects google result links SOMETIMES.
To quickly test if you have the rootkit infection:
It seems to redirect lots when you search google for the word "antivirus".... All the top results are all the big name antivirus companies and are real links, but when you click on the real link it soon heads off to some totally unrelated page.
This TDSS killer works. Well done kaperski...thank you Donna!

Redips Nov 19, 2010 9:00 PM

I found an easy way to stop this virus. It has so far worded for me, only on Google not yahoo.

1. Go to Control Panel
2. Internet Options
3. Privacy Tab
4. Pop-up Blocker Settings
5. Add www.google.com

This has so far worked for me, hope it works for you.

mark Nov 18, 2010 11:11 AM

redirect virus

virus is evil-downloaded the tds and killed it just a few min.I have tried 6 or 7 anti-virus programs, in some cases taking days to scan, this killed it in a few min. thank you

Tom Nov 17, 2010 4:08 PM

Your fix cured my computer

Spent days trying every suggestion out there. Ran all the recomended software programs. TDSSkiller took care it. Laptop runs like new!!
Thanks

Marlies Singh Nov 17, 2010 2:14 PM

It Worked!

The Win32/Olmarik removal tool did the trick for me. Thanks a lot, I had wasted a lot of time before trying to remove it.

Onika Nov 16, 2010 6:45 PM

It worked!

The TDSSKiller worked for me! Thanks so much. I was really getting frustrated.

alexb Nov 16, 2010 1:56 AM

This worked for me. Thanks a lot! Mabuhay1

Brian Nov 14, 2010 10:29 PM

Google redirect removed from FF!

Went to Tools > Advanced > Settings, and changed the Configure Proxies to Access the Internet from Use system proxy settings to No Proxy. Fixed!

Sue Nov 12, 2010 9:09 AM

Does this virus affect Mac?

Thanks for this great, detailed article! I'm at work so I haven't tested the solutions but I'd appreciate it if someone could help answer this.

I use a Macbook and it's been getting tons of pop ups and redirecting (Firefox). My family's PC's are also getting the same "virus". Can we get it thru our Wifi server?

Thank you.

JValdez Nov 11, 2010 11:46 PM

TDL3 Rootkit

Donna, you rock! One pass w/TDSSKiller & my IBM 240X [It really is a hot little machine--w/XP no less!] is runing faster than it ever has! (I thought it was really a goner this time!) Thanx, thanx, thanx! I use it mainly for international travel & now have a solution for our five other "Heavy" desktops/laptops if required. Have a very great day!

Kim Nov 10, 2010 10:43 AM

Redirect Virus was a router hijack

I have been pulling my hair out for weeks trying to get rid of this redirect virus that made web surfing a frustrating experience. I've tried so many solutions all of which failed until i came across a blog which suggested that it was a router hijack. I changed the dns settings of my router and also the password which was admin by default and now finally I am no longer redirected.
http://tidystorm.com/423/the-redirect-virus-was-in-my-router/

Paul Nov 7, 2010 10:39 PM

nothing works

none of this stuff worked i starting to think there is no way to remove this redirect error

Anonymous Nov 7, 2010 4:53 AM

TDSKiller

I've been pullingn my hair out with this google redirect virus. Nothing would work. TDS took all of 45seconds to locate and remove it. Haven't had a single redirect since then.

Dan Nov 3, 2010 9:24 PM

Google Redirect Removal

I just had to post a sincere thank you for providing the removal information. This particular issue has been killing my computer for the past three weeks, and nothing I used could find the cause of the problem. Thank you so much, you're a godsend!!! :)

fogi Nov 2, 2010 6:37 AM

tdsskiller.exe fixed it for me

Donna Buenaventura Nov 1, 2010 9:04 PM

fgh56,
How about Hitman Pro from http://www.hitmanpro.nl
You can try that free scanner but will turn to 30 days trial mode with removal option, if it finds malware to remove.

fgh56 Nov 1, 2010 4:34 PM

tried ALL of these and still no help

i have tried EVERY single anti spyware/malware system and they all reported none/1 or 2 things which were fixxed and i am still getting redirected with every link. plz help :(

P.Neveu Oct 28, 2010 10:43 AM

Finally

Thanks for a great site and article. I tried all the free malware removal tools. They would take hours to run and sometimes found something but the redirect came right back. I tried the malware specific software "Window Malicious Software Removal Tool" . It ran for 10 seconds and the redirect was gone. It ran so fast that I did not think it worked. There was no list or log but now when I use Google and click on an item found it actually goes there.

Alan Oct 25, 2010 9:49 AM

Great Resources!

I have been wrestling with this redirect virus for the last 5 days and it's really been killing my productivity. But TDSSKiller saved the day! Thanks for the great list of resources!

dumberthandumb Oct 16, 2010 9:30 PM

Great Advice

Malwarebytes nailed the google redirect virus in my computer. THANKS!

Ash Oct 16, 2010 12:26 PM

Sneeky

ran a few tools, one found and removed the virus but I still had bad problems getting to web sites. turns out the DNS settings for the network connection had he following IP in them:93.188.162.250, 93.188.160.60. Setting these back to the DHCP automatic settings and BAM, my internet browsing is back to life and google is working perfectly.
I think the virus had been removed but it had switched the sign posts on exit!

kito Oct 15, 2010 7:38 AM

“Google Redirect Virus”

thank you for your great information, after followed all instruction, now I am free from virus.

Alpha Oct 12, 2010 6:56 PM

having problems with staying online, please help!

Everytime I surf the internet, my computer locks up or freez'up.
And when I try to exit the page a stupid!!!!
warning splashes on the screen to inform me that the computer is know longer responding and would I like to end this program or cancel it. neither works!!!!!!!!!!. I have eset & malware installed, but it still locks up. I don't know what to do. could someone help pls

Kyle Oct 11, 2010 8:32 AM

Gooredfix

I ran MBAM, Spybot S&D, NOD32, A-squared, Hitman Pro, TDSSKiller, nothing fixed my hijacked links. Then I found gooredfix and that did the trick.
http://forums.majorgeeks.com/showthread.php?t=182559

Kenneth Oct 10, 2010 3:49 PM

Thank you very much, TDSSKiller did the trick!

lemon Oct 7, 2010 2:21 PM

I tried pretty much everything. tdsskiller doesn't find anything. a dns changer trojan was found by one of the anti-malware software listed above (tried them all), but although removed, it doesn't solve the redirect. (flushed dns afterwards, still nothing)
tired of this, is this creature changing shape from one day to the next? any other solutions you can think of?

Donna Buenaventura Sep 30, 2010 7:39 AM

Yes, you can get Alureon (trojan/rootkit) infection when surfing or searching the internet. It's best to use extra layer of protection e.g. Hosts file that blocks malicious links, firewall with ad-blocking, browser with add-ons to block malicious links e.g. Web of Trust add-on.
Alureon was found in many users PC and did not know they are infected, until Microsoft released a patch MS10-015 http://www.microsoft.com/technet/security/bulletin/ms10-015.mspx which caused blue screen of death. They found out that it's not the security update MS10-015 is the cause of the Blue screen but the computers have Alureon. At that time, no AV is detecting it.
Malwarebyes, A-squared and SUPERAntispyware should be able to detect and remove this now. Also many antivirus programs (free or paid).

virussucks Sep 30, 2010 5:50 AM

Malwarebytes

I didn't know how i caught this virus. Is it possible to catch it simply by surfing? Or simply because my router doesn't have a password set??

Anyways malwarebytes 4613 couldn't identify it but 4721 did the trick

Vic Nardozza Sep 29, 2010 5:56 PM

Good Article

Thanks Donna. Your article and the comments were very helpful. Tried several things over a couple of days, but TDSSkiller did the trick in less than a minute. You have the only published article I found that really addressed the issue.

jlam Sep 27, 2010 11:04 PM

6th time's the charm!

None of these worked -
TDSSKiller
Win32/Olmarik
BlackLight
Stinger
CureIt!

But A-squared (now Emsisoft) finally did the trick

Joseph Wiggins Sep 23, 2010 9:27 AM

TDSSKiller - Quick!

TDSSKiller did the trick in less than 5 minutes! Actually, it took about 1 1/2 minute. Simple download. Simple scan. Quick Removal. Rebooted computer. Virus gone. SEARCH WORKS!!!! Thanks Kaspersky!

Anonymous Sep 20, 2010 12:23 PM

Virus removal

TDSSKiller worked!

Joe Matthews Sep 16, 2010 3:42 PM

Thank You

Thank you so much. This was the most annoying virus ever. I am so glad I came across your article. I used TDSS killer and it was gone within a minute. I would recommend people trying that first. It was amazingly easy. Thank you so much.

Kevin Sep 13, 2010 6:43 AM

Adload_r.AKC

The Hitman Pro 3.5 tool worked perfectly for me. It even asked me to insert the Windows XP DVD so it could restore the original version of explorer.exe.

It did try to sell me other AV software by telling me that I had no AV software installed, which is not true, but I ignored it, slosed the ad window and it proceeded with the clean-up

I'm impressed.

Tom Sep 10, 2010 10:26 AM

Did the Trick TDSSKiller

TDSSKiller by Kaspersky Labs

Dr. Mike Sep 9, 2010 12:19 AM

Alureon/Google Redirect etc: Gone!

I just want to say that imho *this* page has the best information "out here", on how to resolve rootkit-based "issues" - Great collection of links to some serious anti-malware tools. Thanks!

I spent time today trying to rid myself of the Google-result hijacking I 'be been experiencing on my desktop PC, despite daily NAV and SuperAnti-Spyware Pro scans, both of which find the usual cookies, and nothing more. Lately the Norton has been doing a lot of scanning for some reason too, finding: cookies.

So I first came across Hitman 3.5 (using Google on a 2nd computer!) . I checked the forum talk, gave it a chance. Interesting result: it located what it said seemed suspiciously like a hidden driver suggesting possible Alureon, but it didn't do anything about it. It also said that no AV was detected (interesting because the icon said everything was hunky dory with the firewall, AV, etc.).

Interesting! "Cloud-based" software, and as quick and effective as I'd read.. (Also said to be similar in its use of various engines to LavaSoft and AdAware, Anti-Spyware, etc. but they've caught nothing for me except cookies.)

Next step then was researching Alureon and that brought me - again via forum disussions - to the specific rootkit-killing tool offered by Kaspersky Labs, for which there's a link on this very page.

The TDSSKiller app (really *is* a "killer app!") just went right in, found the exact rootkit/ "virus"/trojan that the Hitman 3.5 hinted at but didn't nail, and out it went. Quickly. PC shut down and rebooted quickly, too, first time in a long while. (Another symptom I read about and know well: hanging on Signoff/Shutdown)

Seemed like new. Next thing I knew, Windows auto-update (apparently previously suppressed) wants to provide 38 critical security updates. Aha! They've been blocked, methinks, by the very same bugger which hid so well til now.

So as I scientist I conclude: one nasty cause can present many symptoms - and may take a few tools to cure.

Michael Sep 8, 2010 11:49 PM

STOP search redirect

Click START > RUN > Regedit . Search for go.yahoo and go.google and TDSSserver. Remove any you find.

If problem still persists, check all your applications that list a "homepage".. such as SPYWARE BLASTER, ETC. That application will have a "homepage" listing as well as a "search page" listing.. you will see the "search page" has been changed.. (more than likely to something like http://rds.... [a redirect service website] .. change it to same as your homepage (or whatever else you desire).

Robert Sep 4, 2010 9:22 PM

redirect

THANKS FOR THE RECOMMENDATION OF HITMAN3.5!! IT WAS EASY... EVEN FOR ME!

I HOPE TO BE RID OF THAT PESKY REDIRECT!

Vivin007 Sep 1, 2010 6:21 AM

Hitman works.

Google redirect virus was removed from my computer by Hitman pro3.5.6
I recommend Hitman pro3.5.6

Doug Willard Aug 15, 2010 3:47 PM

Not the redirect virus

Hello all - I had this prob, and thought is was the redirect virus, but NOTHING fixed it. I never found any rootkits. Finally, I thought that my brand new Acer came loaded with bad sofware, so I bought Windows 7, and did a fresh install... the prob persisted. I came accross a few posts that said it could be the router. So I reset, and re-setup mu router, and the prob seems to be fixed! We will see! Good luck!

Donna Buenaventura Aug 13, 2010 9:33 AM

Luke, please see http://www.brighthub.com/internet/google/articles/77539.aspx

Luke Glazebrook Aug 13, 2010 6:11 AM

Arghhh!

Mine wont load anything like if I type in "www.google.com" it wont load it will just stay on a blank screen

Frank Aug 12, 2010 6:24 PM

Hitman 3.5 Removed Google Redirect Virus

This worked for me, many others did not.

Thanks Ted Smith

Ted Smith Aug 9, 2010 2:28 AM

google redirect virus

I am probably a bit late on this, but the solution is elegant and simple. Download Hitman 3.5 from CNet The program is guite small and fast. It works. It is free. It identifies the redirect virus (resident in an Atapi file), and deletes it, at your command.

I hope this helps. It really works.

Phil Aug 4, 2010 7:41 PM

Too Funny!

Hi Donna, I tried all the standalone tools you recommended without any of them detecting the virus. I remembered I had Windows Defender disabled on another hard drive. Windows Defender found and cleaned the Host file and all is well. Here is the Microsoft link that provides additional information on the virus. http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=SettingsModifier%3aWin32%2fPossibleHostsFileHijack&threatid=1758608427027806866

Hope this helps others who have exhausted alternative resources.

Brettorius Jul 28, 2010 10:35 AM

THANK YOU!!!!!

TDSSKIller did it for me!!!

Azeri Doctor Jul 27, 2010 8:18 PM

I BEAT THIS VIRUS

All this antivirus, antimalware didnt helped me. Here is how my friend helped me:

I fixed it by stopping my netbook getting DNS settings automatically, in the network card properties, go to down to the bottom of items (Internet Protocol TCP/IP) click it, then click properties below.

Then, click on “Use following DNS Server Address” and put the following in 8 . 8 . 4 . 4

This should have your DNS set to Google’s servers and eliminates the Result5 redirects.

Trust Me, it works!!!

A. Garcia Jul 20, 2010 4:33 PM

Another solution

This is the second really crummy virus I have contracted in about ten years IN SPITE OF AVG anti-virus, Zonealarm Firewall, Spybot Teatimer, et al. Oh well.
For both solutions, my answer has simply been to do a System Restore to the last good checkpoint.
My procedure is:

1) Restart in SAFE MODE.
2) Execute System Restore.
3) Run Anti-virus scan for good measure, including Spybot.
4) Restart in SAFE MODE WITH NETWORKING.
5) Test to see that Google redirect virus infection is indeed gone.
6) Reboot normally.

Isn't that what System Restore is for?

Mark Jul 19, 2010 5:27 AM

Have run a-squared and malbytes and TDSSkiller and they have picked up nothing! This is starting to become a pain... HELP please...

Stacy Jul 18, 2010 1:54 PM

Thanks!

Thak you so much. I was so worried. What a relief! Bless you for posting this...side note (malware or •Win32/Olmarik Removal tool by ESET) did not remove itm the TDSSKiller did the job :)

Random Jul 17, 2010 5:56 PM

RE: How to Remove Google Redirect Virus

Ive tried everything but it still wont work. I try to go on a website then i goes on some random website still. Do you have any solutions? sorry for bothering you, thanks

Donna Buenaventura Jul 17, 2010 1:40 AM

GJr, Glad it helped you as well!

GJr Jul 16, 2010 7:55 PM

Thanks Donna!!

Thank you so much.

TDSSKiller fixed the problem in about two minutes. No more redirects -- WOO! I only wish I would've found your article sooner and saved myself days of scouring the net for solutions! You're the best!

scott Jul 15, 2010 1:56 PM

Go to kapersky

And Download dssl killer

Donna Buenaventura Jul 15, 2010 1:24 PM

Glad it help you, Tom! You're welcome :)

Tom Jul 15, 2010 1:01 PM

Donna--Thanks!

Virus gone! Hopefully for good. Getting real pages from Google and Yahoo now! What a relief.

Donna Buenaventura Jul 14, 2010 9:51 PM

Tom.
Try using Win32/Olmarik Removal tool by ESET or Norman Malware Cleaner

http://kb.eset.com/esetkb/index?page=content&id=SOLN2372
http://www.norman.com/support/support_tools/58732/

Tom Jul 14, 2010 7:49 PM

HELP!!!!

I ran TDSSkiller, it spotted the infection, said cure on reboot. It rebooted, yet I still have the virus. When I ran TDSS again it said nothing infected. help???

Robert Jul 10, 2010 11:02 PM

"TDS" KIller worked for me! It found one infected file and removed it. No more Google redirects. No more IE locking up. "7770finder" did not find any infected files. Malwarebites didn't find the file. Avast didn't find the file. Thanks - your website was the only site that directed me to a fix that worked!

G Jul 9, 2010 2:57 PM

Google Redirect

Used the TDSSKiller...totally worked! Hallah-freakin-ulah. Thanks

FenderBender Jul 7, 2010 7:56 PM

TDSSkiller worked for me too. Easy!

Keith Jul 6, 2010 5:10 PM

TDSSKiller worked great.

What Microsoft couldn't solve in three days, TDSSKiller was able to solve in 3 minutes. I really appreciate the information. Out of all of the articles that I researched, this article was the best and the most accurate.

Melanie Jun 29, 2010 8:23 PM

AWESOME

TDSSkiller worked great. I also tried everything (Malware Anti-Malare, Avast, Spy-Bot), but TDSS completely removed it.

Bob Bradley Jun 24, 2010 3:29 PM

Great, great article

Nothing worked to end aggravating Google redirect errors 'til I took your TDSSkiller suggestion. It worked! Thank you, thank you so much.

Anonymous Jun 17, 2010 5:36 PM

Great article

I did "TDSSKiller" and it worked like a charm. It did fix my computer.

I did tried other tools but none of those worked (SmitfraudFix, Stinger, Microsoft DART, Spybot Search & Destroy, F-Secure BlackLight).

Madestmax May 10, 2010 3:14 AM

google Rediert Virus

My fix was editing the host file in safe mode.

G Mar 16, 2010 11:47 AM

Your fix didn't work for me, but I did find a fix

I tried for weeks to remove this redirect virus, using McAfee, Norton, Malwarebytes, SuperAntiSpyware, Spybot, Windows Malicious Software Removal Tool, and many, many more. Then, I came across this post:

http://www.geekstogo.com/forum/How-to-fix-Google-Redirects-t267407.html

Following the few easy steps laid out here instantly fixed the problem. I have a feeling that a lot of the fixes are for older versions of this virus and are no longer effective.

G

How to Remove the Google Redirect Virus

Comments