How To Remove The Google Redirect Virus From Your Computer

Ads by Google

google redirect virus removalAre all of your Google search results redirecting to weird, obnoxious, or otherwise shady websites? If so, your computer may be infected by a form of the Google Redirect Virus (GRV). While the virus can be problematic, it is possible to remove it completely off your system.

Unlike most cases of malware, this virus embeds itself deeper into your system and requires more than a simple malware scan. However, even though the removal process is more involved, someone who is computer illiterate will still be able to perform it, so if you’re not very tech-savvy, fear not!

What Is The Google Redirect Virus?

The main symptom of the GRV is that clicking on a Google search result link will take you to another unrelated website. It doesn’t matter which search link you click and it doesn’t matter which browser you use for searching. How can you get it? Unfortunately, it’s not very difficult. If you accidentally (or even purposely) visit a malicious or infected website, and if you don’t have the necessary anti-virus protection on your computer, you can get it.

Technically, the GRV is not really a virus at all – it’s a trojan – and despite the name, Google has nothing to do with the problem. It’s not a problem with Google’s website, search engine, or anything else. The problem is local to your computer and it will affect all of the main browsers that you have installed, including Internet Explorer, Firefox, Opera, and Chrome.

Why Is The Google Redirect Virus So Frustrating?

For many people, the GRV is one of the most annoying and infuriating computer infections to deal with. Not only does it interrupt your normal search sessions, it makes it incredibly difficult to find a solution – because you can’t search for one. At best, you’ll spend inordinate amounts of time pressing the “Back” button to negate the website redirects. At worst, your productivity will plummet and you’ll stop wanting to even use your computer at all.

To add to the frustration, the GRV is difficult to remove. It is a variation of the TDSS rootkit, which piggybacks on top of a system driver. Since the system driver is innocent in the eyes of malware detection programs, the GRV is not flagged as malevolent and, therefore, not removed.

The GRV is an objectively small inconvenience, but it can wear you down and ruin your mood rather quickly. Luckily, there are tools and programs to aid in the process of removing the Google redirect virus.

Ads by Google

Remove Google Redirect Virus – Using TDSSKiller

Follow these steps to get rid of the Google Redirect Virus once and for all.

Download TDSSKiller. Download the TDSSKiller.zip file to your Desktop and extract the files using an extraction program. WinRAR is popular, as is 7-Zip. After extracting, you should see a TDSSKiller.exe file.

  • If you are unable to download the file, then the TDSS rootkit on your system may be blocking the connection. In this case, you’ll need to download the file using another computer and transfer it to your own computer.

Run the TDSSKiller.exe. Double click on the TDSSKiller.exe file to run it. The program will initialize and then present you with the ability to scan your computer for problems.

  • If nothing happens when you double click the file, you’ll need to rename it. Right click on the file and select Rename, then rename the file to 12345.com. Take note that the .com extension is very important – it is how you can bypass the TDSS block.
  • If TDSSKiller still won’t run, you may need to scroll down and use FixTDSS instead.

google redirect virus removal

Scan your system. Click on Start Scan to start the scan. TDSSKiller will search your system for related problems and report back to you if it finds anything. If TDSSKiller happens to not find anything, you may need to scroll down and use FixTDSS instead.

remove google redirect

Cure the problems. If TDSSKiller does find any problems, choose to Cure as many of them as you can – all of them would be best. If you can’t cure some of them, leave it on the default Skip option.

  • Only use the Cure or Skip options. Avoid the Delete and Quarantine options because using them on critical system files may cripple your computer and render it inoperable.

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted.

Google Redirect Virus Removal — Using FixTDSS

These steps are only necessary if TDSSKiller failed to clean up your system.

Download FixTDSS. Download the FixTDSS.exe file to your Desktop.

Run the FixTDSS.exe. Double click the FixTDSS.exe file to run it. After the program initializes, click on the Proceed button to start the scan. The program will look for potential problems and fix them if necessary.

google redirect virus removal

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted. After your computer boots back up, you will see the results of FixTDSS’s findings.

Conclusion

At this point, the TDSS rootkit should be successfully eliminated from your system. You can check if the infection is gone by searching on Google and clicking on any search result link. If you aren’t redirected to another website, the infection is gone.

In the future, you can help prevent infections on your system by utilizing free anti-virus software. Compound that with safe computer habits and you will drastically reduce your likelihood of catching another virus.

If you are the victim of the Google Redirect Virus, try these tools out and let us know in the comments if they helped or not.

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Windows Troubleshooting
Windows Troubleshooting
28 Members
Windows_10
Windows_10
36 Members
Windows Hacks & Customization
Windows Hacks & Customization
48 Members
Best Windows Software
Best Windows Software
31 Members
Ads by Google
Comments (25)
  • Hans Altena

    My 2 cents on this problem.
    There are common cases where TDSS and FixTDSS
    (respectively from Kasperski and Semantec) do not give a results or, better formulated,
    do not find anything malicious.

    Therefore I focussed on the HOSTS file, thanks to the comments above. And there I found it.

    Since this site is a little older (from 2011) the developers of the trojan improved their malicious
    software and here is what I found on my machine.

    There was in the /Windows/System32/Drivers/ETC folder a file called “HOSTS.TXT”. That was
    odd, since normally this file is just called “HOSTS”.

    Then I found I could not change the name from HOSTS.TXT to HOSTS.
    The reponse was: “File already exists”.

    Then I started to look into DOS with the CMD tool (be sure to run it as Administrator).
    Listing the above mentioned directory I found the HOSTS.TXT file, but not the HOSTS file.
    I was able to read the HOSTS file by typing in the DOS command: “type HOSTS “.

    BINGO: the (hidden, readonly) HOSTS file “looked” normally (at least te beginning” but scrolling
    down I found the culprit: a lot of redirections you did not want to see.

    Trying to change the attributes (system, readonly, hidden etc.) don’t work, so I managed (via windows)
    and looking in the properties of the file, to delete it.

    Make a new HOSTS file and put in the ONLY line:
    “127.0.0.1 localhost”
    and nothing else.
    Save it in the above mentioned directory and the problem “redirect to other unwanted sites on click”
    is gone.

    NB: Trying to download the TDSS (Kasperski) file from this website still does not work (error: too
    many redirections) but that is problably due to an insert into this website, made by someone.

  • Solanna

    I was just working on an infected computer running XP and Mcaffey and thought that all had been removed. After running TDSSkiller and also a complete Kapersky virus scan with the drive offline, I was unable to reconnect to any wifi or internet. Shortly thereafter I was unable to boot the computer at all! A pre boot diagnostic has declared the drive unreadable! am I doomed?

    • Joel Lee

      Hey Solanna. Firstly, are you sure that your hard drive was infected by the Google Redirect Virus? Secondly, if yes, are you sure that it was ONLY infected by the GRV? And thirdly, what do you mean that you ran TDSSKiller and a complete virus scan while the drive was “offline”?

      Here are some possibilities:

      – There are viruses/trojans/malware out there that can fake hard drive-related messages. They can create false popups telling you that your hard drive has hundreds of errors, all so that you’ll click their silly ads and install their wonky programs. Be sure that this isn’t the case.

      – You mentioned that it was a pre-boot diagnostic, in which case, it’s likely not a false malware message. However, what exactly do you mean by “pre-boot diagnostic”? Are you running a hard drive test from the BIOS?

      – It might’ve been the case that the GRV wasn’t your only problem. If you had another virus/malware infection, it could’ve wiped your hard drive. Similarly, perhaps your computer was just old and the hard drive began to malfunction after you put it through so much work (clearly infections, running scans, etc.). In this case, yes the hard drive is doomed and you’ll want to take the hard drive to a computer expert for data recovery.

  • Dave Norris

    Tried this, did not work. Downloaded tdsskiller but nothing happened when I double-clicked the file. Ditto after renaming it. Then downloaded FixTDSS, clicked on it, clicked on “Proceed” ad got “Pre-Boot Failed – unable to continue”.

    Now what?

  • Tekken Journey

    Hi Joel,

    Thanks for all the useful information. Just thought of adding my 2 cents.

    TDSSKiller and combofix failed to fix my problem.Hitman Pro is now considered to be the most effective free tool for fixing GRV.Unfortunately, even that didnt work.

    I was finally able to fix the issue by removing an infected .sys file. You can find the details and video tutorial in the mentioned link http://atechjourney.com/google-redirect-virus-remove-manually.html/

    Hope somebody will benefit from this.

    • Joel Lee

      Thanks for sharing. Every once in a while, I hear that someone has trouble with TDSSKiller and FixTDSS, so I will point them to that site.

  • Ricki Ohana

    Thanks Joel, this article looks good. 

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.