11 January, 2012

Google redirect virus removal tool

If you are reading this because your system have been infected by a Google redirect virus or malware. Then let me tell you that you have come to a right place. Google redirect virus or (browser hijacker) is nothing but a malware program which might have entered in to your system through a newly downloaded toolbar or while browsing any malware infected website.Let me tell you that this malware is not harmful but definitely annoying  as it redirect google result to absolute random websites, which might try to download and infect you with more spyware and malware programs.

Below Mentioned are list of things that you should do or check for complete Google Redirect virus removal -
  • Check your DNS setting.
  • Check your Local Area Connection settings.
  • Check windows Host file in C:\WINDOWS\system32\drivers\etc.
  • Check unwanted add-ons in internet explorer and Firefox or chrome.
  • Scan with malware special programs like malware-bytes or  Spyware Doctor
  • Use online scanner and removal antivirus 
  • Use TDSSKiller tool that is fast in detecting the TDL3 rootkit. 
  • Remove temp files and folders and empty browser cache.
  • Flush and renew your DNS configuration.

1. Check Your DNS setting.

Is is possible that the malicious program might have altered your DNS settings A DNS(domain name System) binds your website address with unique IP of any website.When page requests are made, they are rerouted to specified Domain Name Servers. This allows a remote "administrator" to direct users to the pages of their choosing. Which is our main problem.For example if you navigate to www.google.com or www.yahoo.com you might be redirected to some unknown locations.
a) Go to control panel ( Start - Control panel )
b) Double click on network connections icon to open.
c) Right click on local area connection and select properties.
d) Select “Internet Protocol (TCP/IP)” which is generally last in the list and Double click on it.
e) Make sue that “Obtain DNS server address automatically” is selected not "Use the following DNS server address"
f) Click OK

Sometimes DNS.Changer kind of mawares chnage DNS automatically after every restart in that case you go to control panel > administrative tools > services and look for "dns client" double click on it to get its menu. Switch it to "disabled" and "stop" it and hit apply.

2. Check your Local Area Connection setting.

There are chances that the virus is redirecting your browser through some alien proxy.Make sure that the browser proxy is disable or if you use proxy then double check ip address and post number.
To check your LAN settings -
a) Open internet explorer >In internet explorer go to  Tools - Internet options.
b) Click on 5th tab ie.(Connections tab), then click “LAN settings” button.
c) Make sure that “Proxy server” option is Unchecked.
d) For firefox - Open firefox and go to Tools > Options
e) Click on the ‘Advanced’ > ‘Network’ tab, > ‘Settings’
f) Ensure the ‘No Proxy’ radio button is selected and click ‘OK’ and close.
For chrome, safari and other browser you can perform similar steps and Unchecked any proxy server option.

3. Check windows Host file in C:\WINDOWS\system32\drivers\etc.

In some case virus can edit and modify your system host file which will redirect we pages from one website to any other website.
a) Go to C:\WINDOWS\system32\drivers\etc and right click on “hosts” file and open with notepad.
An unmodified HOSTS file should only contain the IP address localhost. If there are other entries in the HOSTS file, remove them and then resave the file.
Windows 7 users need to open this file With the administrator privileged else you wont be able to edit them.

4. Check unwanted add-ons in internet explorer and Firefox or chrome

Check with all browser,if it is browser specific issues then chances that your browser is infected, update your browser and check and remove unnecessary add-on and extensions.
a) Search for unwanted add-on or toolbar in your browser and uninstall any suspicious add-on and restart your browser to see if the problem still exist.
b) You can uninstall toolbar from control panel > 'Add and Remove program' option.
c) In Internet Explorer Tools->Manage Add-ons.
d) In Google Chrome Customize  > options > extensions.

5. Scan with malware removal programs like malware-bytes or Spyware Doctor

If your antivirus programs has stopped executing this means malware infection and it is recommended that you scan your PC with anti-virus and anti-malware programs.Spyware Doctor and Malwarebytes Anti-malware are recommended,you can download 30 days full version trial and perform a full scan.
Here are some Spyware/malware removal programs -
Hitman Pro - http://www.surfright.nl/en
Spybot S&D - http://www.safer-networking.org/en/home/index.html
A-Squared - http://www.emsisoft.com/
SuperAntiSpyware - http://www.superantispyware.com/
Update and perform full scan. Such malwares are the very effective will remove any other malwares if present.

6.Use online scanner and virus removal

Sometimes malware and virus attacks your Antivirus and Internet security programs and which does not allow them to work properly in that case you can go for these reputed online scanner and see if they are helpful.
Most recommended and most used online virus scanners are -
Bitdefender online scanner - http://www.bitdefender.com/scanner/online/free.html
Kaspersky virus scanner - http://www.kaspersky.com/virusscanner
Free eset  online scanner - http://go.eset.com/us/download/free-antivirus-utilities.

7.Use TDSSKiller tool that is fast in detecting the TDL3 rootkit.

Google redirect virus belongs to class TDL3 rootkit and kaspersky's TDSSKiller tool is effective Google redirect virus removal tool.
a) You can Download the file TDSSKiller.exe ( http://support.kaspersky.com/downloads/utils/tdsskiller.exe ) and execute.
b) Do a full scan and disinfect any malware or virus.

8.Remove temp files and folders and empty browser cache.

Manually clean you temporary file and folders-
Go to Start and then Run.
Type %Temp% and click OK.
Windows temp folder full of files and other folders will appear.All of the folders and files you see in this Temp folder are no longer being used by Windows XP and can safely be deleted.Select all files and press shift delete.
Use CCleaner to delete your internet cache and missing or corrupt registry keys to remove any remnants of the virus that might be left behind.

These 8 points cover all possible causes and solution to google redirect virus,some things are more difficult than others, if you fell i have missed something or if you have something more to add Do write in comments and i would be happy to answer you.

No comments:

Post a Comment

Spam/advertising comments will NEVER BE TOLERATED and will be deleted immediately!

I advise you to also "subscribe to the comment feed" and get email updates when I respond to your question.
Thanks for reading,