How To Remove The Google Redirect Virus From Your Computer

google redirect virus intro   How To Remove The Google Redirect Virus From Your ComputerAre all of your Google search results redirecting to weird, obnoxious, or otherwise shady websites? If so, your computer may be infected by a form of the Google Redirect Virus (GRV). While the virus can be problematic, it is possible to remove it completely off your system.

Unlike most cases of malware, this virus embeds itself deeper into your system and requires more than a simple malware scan. However, even though the removal process is more involved, someone who is computer illiterate will still be able to perform it, so if you’re not very tech-savvy, fear not!

What Is The Google Redirect Virus?

The main symptom of the GRV is that clicking on a Google search result link will take you to another unrelated website. It doesn’t matter which search link you click and it doesn’t matter which browser you use for searching. How can you get it? Unfortunately, it’s not very difficult. If you accidentally (or even purposely) visit a malicious or infected website, and if you don’t have the necessary anti-virus protection on your computer, you can get it.

Technically, the GRV is not really a virus at all – it’s a trojan – and despite the name, Google has nothing to do with the problem. It’s not a problem with Google’s website, search engine, or anything else. The problem is local to your computer and it will affect all of the main browsers that you have installed, including Internet Explorer, Firefox, Opera, and Chrome.

Why Is The Google Redirect Virus So Frustrating?

For many people, the GRV is one of the most annoying and infuriating computer infections to deal with. Not only does it interrupt your normal search sessions, it makes it incredibly difficult to find a solution – because you can’t search for one. At best, you’ll spend inordinate amounts of time pressing the “Back” button to negate the website redirects. At worst, your productivity will plummet and you’ll stop wanting to even use your computer at all.

To add to the frustration, the GRV is difficult to remove. It is a variation of the TDSS rootkit, which piggybacks on top of a system driver. Since the system driver is innocent in the eyes of malware detection programs, the GRV is not flagged as malevolent and, therefore, not removed.

The GRV is an objectively small inconvenience, but it can wear you down and ruin your mood rather quickly. Luckily, there are tools and programs to aid in the process of removing the Google redirect virus.

Remove Google Redirect Virus – Using TDSSKiller

Follow these steps to get rid of the Google Redirect Virus once and for all.

Download TDSSKiller. Download the TDSSKiller.zip file to your Desktop and extract the files using an extraction program. WinRAR is popular, as is 7-Zip. After extracting, you should see a TDSSKiller.exe file.

  • If you are unable to download the file, then the TDSS rootkit on your system may be blocking the connection. In this case, you’ll need to download the file using another computer and transfer it to your own computer.

Run the TDSSKiller.exe. Double click on the TDSSKiller.exe file to run it. The program will initialize and then present you with the ability to scan your computer for problems.

  • If nothing happens when you double click the file, you’ll need to rename it. Right click on the file and select Rename, then rename the file to 12345.com. Take note that the .com extension is very important – it is how you can bypass the TDSS block.
  • If TDSSKiller still won’t run, you may need to scroll down and use FixTDSS instead.

tdsskiller screenshot 1   How To Remove The Google Redirect Virus From Your Computer

Scan your system. Click on Start Scan to start the scan. TDSSKiller will search your system for related problems and report back to you if it finds anything. If TDSSKiller happens to not find anything, you may need to scroll down and use FixTDSS instead.

tdsskiller screenshot 2   How To Remove The Google Redirect Virus From Your Computer

Cure the problems. If TDSSKiller does find any problems, choose to Cure as many of them as you can – all of them would be best. If you can’t cure some of them, leave it on the default Skip option.

  • Only use the Cure or Skip options. Avoid the Delete and Quarantine options because using them on critical system files may cripple your computer and render it inoperable.

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted.

Google Redirect Virus Removal — Using FixTDSS

These steps are only necessary if TDSSKiller failed to clean up your system.

Download FixTDSS. Download the FixTDSS.exe file to your Desktop.

Run the FixTDSS.exe. Double click the FixTDSS.exe file to run it. After the program initializes, click on the Proceed button to start the scan. The program will look for potential problems and fix them if necessary.

fixtdss screenshot 1   How To Remove The Google Redirect Virus From Your Computer

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted. After your computer boots back up, you will see the results of FixTDSS’s findings.

Conclusion

At this point, the TDSS rootkit should be successfully eliminated from your system. You can check if the infection is gone by searching on Google and clicking on any search result link. If you aren’t redirected to another website, the infection is gone.

In the future, you can help prevent infections on your system by utilizing free anti-virus software. Compound that with safe computer habits and you will drastically reduce your likelihood of catching another virus.

If you are the victim of the Google Redirect Virus, try these tools out and let us know in the comments if they helped or not.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

24 Comments -

Aaricia

One thing that I did to get rid of the is was to change the host file back. I know how to do this but do not feel qualified to give out the advice. This was done after I used Malware Bytes in safe mode. 

Joel Lee

Yes, some versions of the redirect virus will alter the host file. Thanks for catching something I missed!

Aaricia

Here are some better instruction with regards to the host file.
It is possible that the Google Redirect virus has modified your PC’s HOSTS file. The Windows HOSTS file contains a list of computer IP addresses which is accessed whenever a user types in a web address to their browser. The browser will check the HOSTS file to see if the typed address exists in the HOSTS file and if so, direct the user to the relevant site. If the address doesn’t exist in the HOSTS file, the browser will ask the user’s ISP DNS server for the web address and once obtained will direct the user to the site.The Windows HOSTS file is a standard .TXT file and can be found inC:WindowsSystem32driversetc under the name ‘hosts’. There is also a file called ‘lmhosts’ – make sure you select the HOSTS file! There is usually no file association with the HOSTS file, so open it by right-clicking (or double-clicking) the file and selecting ‘Open With’ followed by Notepad.An unmodified HOSTS file should only contain the IP address 127.0.0.1 localhost. If there are other entries in the HOSTS file, remove them and then resave the file.

Joel Lee

I forgot to address the host file in the article. Your explanation was helpful. Thanks!

christmas card holder

Is the TDSSkiller free to use?

Joel Lee

Yes, TDSSKiller is free to use!

Car Insurance

Kaspersky TDSSKiller is free to download.

Ricki Ohana

What about Mac’s? How can I know if there is a virus?

Car Insurance

Then that is the first Mac OS X virus you have encountered. Because, currently there are no viruses publicly circulating for Mac OS X.

Anonymous

Really??!!?? No Mac viruses?

Car Insurance

I haven’t seen a MAC antivirus software…. I am not sure if it exists. 

draniqa

google redirect virus is very common .  appreciate your work and its really facilitative.

Burke102

Does anyone else see the rather large “Previous” and “Next” buttons on the left and right of the Make Use Of articles? They’re really obtrusive and block the article text. Is this intentional?

Joel Lee

I see the buttons you’re talking about and I believe that they are intentional. Personally, I don’t find them obtrusive, but I can see how they could be.

You can send in your feedback using the Contact MUO page. The link is at the very bottom of the webpage. :)

jasray

My gosh!  I don’t believe it–my MBR had an infection.  Thanks for the tip.  Hosts file can be restored using Microsoft Fix It.  Then I add Spybot Hosts file addresses.  Open DNS using DNS Jumper. 

Now why did I bother?  The other day Comodo Firewall and AVG picked up something which started after installing Cloud Magic and visiting some sites for Photoshop tutorials.  Quite odd–use WOT.  Starting getting odd events with Firefox.  Guess it happens.

Anonymous

mine redirects all the time and i dont even use google anything only ie9 and everytime i load up tddskiller it does nothing but scan and say found nothing

Anonymous

Also dont find a host file at all in win 7 ultimate 64 bit to check out

Joel Lee

For Windows 7 x64 Ultimate, you should find your hosts file in this directory:

C:WindowsSystem32driversetc

If you don’t see a hosts file, check to make sure that the file wasn’t made hidden for whatever reason. To make hidden files visible, click on the “Organize” button in Windows Explorer, then “Folder and search options.” Click the “View” tab and enable “Show hidden files, folders, and drives.”

If you still don’t see a hosts file, it may have been deleted by malware. In that case, you can simply create a new text file and type the following:

127.0.0.1 localhost

Save the file with the name “hosts” (do not put the quotes, do not put .txt or any other file extension). You’re done!

Ricki Ohana

Thanks Joel, this article looks good. 

Tekken Journey

Hi Joel,

Thanks for all the useful information. Just thought of adding my 2 cents.

TDSSKiller and combofix failed to fix my problem.Hitman Pro is now considered to be the most effective free tool for fixing GRV.Unfortunately, even that didnt work.

I was finally able to fix the issue by removing an infected .sys file. You can find the details and video tutorial in the mentioned link http://atechjourney.com/google-redirect-virus-remove-manually.html/

Hope somebody will benefit from this.

Joel Lee

Thanks for sharing. Every once in a while, I hear that someone has trouble with TDSSKiller and FixTDSS, so I will point them to that site.

Dave Norris

Tried this, did not work. Downloaded tdsskiller but nothing happened when I double-clicked the file. Ditto after renaming it. Then downloaded FixTDSS, clicked on it, clicked on “Proceed” ad got “Pre-Boot Failed – unable to continue”.

Now what?

Solanna

I was just working on an infected computer running XP and Mcaffey and thought that all had been removed. After running TDSSkiller and also a complete Kapersky virus scan with the drive offline, I was unable to reconnect to any wifi or internet. Shortly thereafter I was unable to boot the computer at all! A pre boot diagnostic has declared the drive unreadable! am I doomed?

Joel Lee

Hey Solanna. Firstly, are you sure that your hard drive was infected by the Google Redirect Virus? Secondly, if yes, are you sure that it was ONLY infected by the GRV? And thirdly, what do you mean that you ran TDSSKiller and a complete virus scan while the drive was “offline”?

Here are some possibilities:

– There are viruses/trojans/malware out there that can fake hard drive-related messages. They can create false popups telling you that your hard drive has hundreds of errors, all so that you’ll click their silly ads and install their wonky programs. Be sure that this isn’t the case.

– You mentioned that it was a pre-boot diagnostic, in which case, it’s likely not a false malware message. However, what exactly do you mean by “pre-boot diagnostic”? Are you running a hard drive test from the BIOS?

– It might’ve been the case that the GRV wasn’t your only problem. If you had another virus/malware infection, it could’ve wiped your hard drive. Similarly, perhaps your computer was just old and the hard drive began to malfunction after you put it through so much work (clearly infections, running scans, etc.). In this case, yes the hard drive is doomed and you’ll want to take the hard drive to a computer expert for data recovery.