How To Remove The Google Redirect Virus From Your Computer

Joel Lee 28-12-2011

google redirect virus removalAre all of your Google search results redirecting to weird, obnoxious, or otherwise shady websites? If so, your computer may be infected by a form of the Google Redirect Virus (GRV). While the virus can be problematic, it is possible to remove it completely off your system.


Unlike most cases of malware, this virus embeds itself deeper into your system and requires more than a simple malware scan. However, even though the removal process is more involved, someone who is computer illiterate will still be able to perform it, so if you’re not very tech-savvy, fear not!

What Is The Google Redirect Virus?

The main symptom of the GRV is that clicking on a Google search result link will take you to another unrelated website. It doesn’t matter which search link you click and it doesn’t matter which browser you use for searching. How can you get it? Unfortunately, it’s not very difficult. If you accidentally (or even purposely) visit a malicious or infected website, and if you don’t have the necessary anti-virus protection on your computer, you can get it.

Technically, the GRV is not really a virus at all – it’s a trojan – and despite the name, Google has nothing to do with the problem. It’s not a problem with Google’s website, search engine, or anything else. The problem is local to your computer and it will affect all of the main browsers that you have installed, including Internet Explorer, Firefox, Opera, and Chrome.

Why Is The Google Redirect Virus So Frustrating?

For many people, the GRV is one of the most annoying and infuriating computer infections to deal with. Not only does it interrupt your normal search sessions, it makes it incredibly difficult to find a solution – because you can’t search for one. At best, you’ll spend inordinate amounts of time pressing the “Back” button to negate the website redirects. At worst, your productivity will plummet and you’ll stop wanting to even use your computer at all.

To add to the frustration, the GRV is difficult to remove. It is a variation of the TDSS rootkit, which piggybacks on top of a system driver. Since the system driver is innocent in the eyes of malware detection programs, the GRV is not flagged as malevolent and, therefore, not removed.


The GRV is an objectively small inconvenience, but it can wear you down and ruin your mood rather quickly. Luckily, there are tools and programs to aid in the process of removing the Google redirect virus.

Remove Google Redirect Virus – Using TDSSKiller

Follow these steps to get rid of the Google Redirect Virus once and for all.

Download TDSSKiller. Download the file to your Desktop and extract the files using an extraction program. WinRAR is popular, as is 7-Zip. After extracting, you should see a TDSSKiller.exe file.

  • If you are unable to download the file, then the TDSS rootkit on your system may be blocking the connection. In this case, you’ll need to download the file using another computer and transfer it to your own computer.

Run the TDSSKiller.exe. Double click on the TDSSKiller.exe file to run it. The program will initialize and then present you with the ability to scan your computer for problems.

  • If nothing happens when you double click the file, you’ll need to rename it. Right click on the file and select Rename, then rename the file to Take note that the .com extension is very important – it is how you can bypass the TDSS block.
  • If TDSSKiller still won’t run, you may need to scroll down and use FixTDSS instead.

google redirect virus removal

Scan your system. Click on Start Scan to start the scan. TDSSKiller will search your system for related problems and report back to you if it finds anything. If TDSSKiller happens to not find anything, you may need to scroll down and use FixTDSS instead.

remove google redirect

Cure the problems. If TDSSKiller does find any problems, choose to Cure as many of them as you can – all of them would be best. If you can’t cure some of them, leave it on the default Skip option.

  • Only use the Cure or Skip options. Avoid the Delete and Quarantine options because using them on critical system files may cripple your computer and render it inoperable.

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted.

Google Redirect Virus Removal — Using FixTDSS

These steps are only necessary if TDSSKiller failed to clean up your system.

Download FixTDSS. Download the FixTDSS.exe file to your Desktop.

Run the FixTDSS.exe. Double click the FixTDSS.exe file to run it. After the program initializes, click on the Proceed button to start the scan. The program will look for potential problems and fix them if necessary.


google redirect virus removal

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted. After your computer boots back up, you will see the results of FixTDSS’s findings.


At this point, the TDSS rootkit should be successfully eliminated from your system. You can check if the infection is gone by searching on Google and clicking on any search result link. If you aren’t redirected to another website, the infection is gone.

In the future, you can help prevent infections on your system by utilizing free anti-virus software The 10 Best Free Antivirus Software No matter what computer you're using, you need antivirus protection. Here are the best free antivirus tools you can use. Read More . Compound that with safe computer habits What Can I Do To Protect My PC Without Anti-Virus Software? For plenty of users, getting and using anti-virus software can be a hassle for lots of different reasons. Not only can they be expensive, but they can be slow, difficult to control, and a major... Read More and you will drastically reduce your likelihood of catching another virus.

If you are the victim of the Google Redirect Virus, try these tools out and let us know in the comments if they helped or not.

Explore more about: Anti-Malware, Google, Trojan Horse.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Hans Altena
    February 1, 2015 at 6:29 pm

    My 2 cents on this problem.
    There are common cases where TDSS and FixTDSS
    (respectively from Kasperski and Semantec) do not give a results or, better formulated,
    do not find anything malicious.

    Therefore I focussed on the HOSTS file, thanks to the comments above. And there I found it.

    Since this site is a little older (from 2011) the developers of the trojan improved their malicious
    software and here is what I found on my machine.

    There was in the /Windows/System32/Drivers/ETC folder a file called "HOSTS.TXT". That was
    odd, since normally this file is just called "HOSTS".

    Then I found I could not change the name from HOSTS.TXT to HOSTS.
    The reponse was: "File already exists".

    Then I started to look into DOS with the CMD tool (be sure to run it as Administrator).
    Listing the above mentioned directory I found the HOSTS.TXT file, but not the HOSTS file.
    I was able to read the HOSTS file by typing in the DOS command: "type HOSTS ".

    BINGO: the (hidden, readonly) HOSTS file "looked" normally (at least te beginning" but scrolling
    down I found the culprit: a lot of redirections you did not want to see.

    Trying to change the attributes (system, readonly, hidden etc.) don't work, so I managed (via windows)
    and looking in the properties of the file, to delete it.

    Make a new HOSTS file and put in the ONLY line:
    " localhost"
    and nothing else.
    Save it in the above mentioned directory and the problem "redirect to other unwanted sites on click"
    is gone.

    NB: Trying to download the TDSS (Kasperski) file from this website still does not work (error: too
    many redirections) but that is problably due to an insert into this website, made by someone.

  2. Solanna
    May 7, 2012 at 2:45 am

    I was just working on an infected computer running XP and Mcaffey and thought that all had been removed. After running TDSSkiller and also a complete Kapersky virus scan with the drive offline, I was unable to reconnect to any wifi or internet. Shortly thereafter I was unable to boot the computer at all! A pre boot diagnostic has declared the drive unreadable! am I doomed?

    • Joel Lee
      May 14, 2012 at 1:16 pm

      Hey Solanna. Firstly, are you sure that your hard drive was infected by the Google Redirect Virus? Secondly, if yes, are you sure that it was ONLY infected by the GRV? And thirdly, what do you mean that you ran TDSSKiller and a complete virus scan while the drive was "offline"?

      Here are some possibilities:

      - There are viruses/trojans/malware out there that can fake hard drive-related messages. They can create false popups telling you that your hard drive has hundreds of errors, all so that you'll click their silly ads and install their wonky programs. Be sure that this isn't the case.

      - You mentioned that it was a pre-boot diagnostic, in which case, it's likely not a false malware message. However, what exactly do you mean by "pre-boot diagnostic"? Are you running a hard drive test from the BIOS?

      - It might've been the case that the GRV wasn't your only problem. If you had another virus/malware infection, it could've wiped your hard drive. Similarly, perhaps your computer was just old and the hard drive began to malfunction after you put it through so much work (clearly infections, running scans, etc.). In this case, yes the hard drive is doomed and you'll want to take the hard drive to a computer expert for data recovery.

  3. Dave Norris
    April 24, 2012 at 9:41 pm

    Tried this, did not work. Downloaded tdsskiller but nothing happened when I double-clicked the file. Ditto after renaming it. Then downloaded FixTDSS, clicked on it, clicked on "Proceed" ad got "Pre-Boot Failed - unable to continue".

    Now what?

  4. Tekken Journey
    March 23, 2012 at 7:14 pm

    Hi Joel,

    Thanks for all the useful information. Just thought of adding my 2 cents.

    TDSSKiller and combofix failed to fix my problem.Hitman Pro is now considered to be the most effective free tool for fixing GRV.Unfortunately, even that didnt work.

    I was finally able to fix the issue by removing an infected .sys file. You can find the details and video tutorial in the mentioned link

    Hope somebody will benefit from this.

    • Joel Lee
      April 25, 2012 at 1:55 am

      Thanks for sharing. Every once in a while, I hear that someone has trouble with TDSSKiller and FixTDSS, so I will point them to that site.

  5. Ricki Ohana
    December 29, 2011 at 1:55 pm

    Thanks Joel, this article looks good. 

  6. Anonymous
    December 28, 2011 at 8:12 pm

    Also dont find a host file at all in win 7 ultimate 64 bit to check out

    • Joel Lee
      December 29, 2011 at 3:13 am

      For Windows 7 x64 Ultimate, you should find your hosts file in this directory:


      If you don't see a hosts file, check to make sure that the file wasn't made hidden for whatever reason. To make hidden files visible, click on the "Organize" button in Windows Explorer, then "Folder and search options." Click the "View" tab and enable "Show hidden files, folders, and drives."

      If you still don't see a hosts file, it may have been deleted by malware. In that case, you can simply create a new text file and type the following: localhost

      Save the file with the name "hosts" (do not put the quotes, do not put .txt or any other file extension). You're done!

  7. Anonymous
    December 28, 2011 at 8:03 pm

    mine redirects all the time and i dont even use google anything only ie9 and everytime i load up tddskiller it does nothing but scan and say found nothing

  8. jasray
    December 28, 2011 at 6:06 pm

    My gosh!  I don't believe it--my MBR had an infection.  Thanks for the tip.  Hosts file can be restored using Microsoft Fix It.  Then I add Spybot Hosts file addresses.  Open DNS using DNS Jumper. 

    Now why did I bother?  The other day Comodo Firewall and AVG picked up something which started after installing Cloud Magic and visiting some sites for Photoshop tutorials.  Quite odd--use WOT.  Starting getting odd events with Firefox.  Guess it happens.

  9. Burke102
    December 28, 2011 at 3:17 pm

    Does anyone else see the rather large "Previous" and "Next" buttons on the left and right of the Make Use Of articles? They're really obtrusive and block the article text. Is this intentional?

    • Joel Lee
      December 28, 2011 at 3:28 pm

      I see the buttons you're talking about and I believe that they are intentional. Personally, I don't find them obtrusive, but I can see how they could be.

      You can send in your feedback using the Contact MUO page. The link is at the very bottom of the webpage. :)

  10. draniqa
    December 28, 2011 at 9:11 am

    google redirect virus is very common .  appreciate your work and its really facilitative.

  11. Ricki Ohana
    December 28, 2011 at 8:52 am

    What about Mac's? How can I know if there is a virus?

    • Car Insurance
      December 28, 2011 at 3:07 pm

      Then that is the first Mac OS X virus you have encountered. Because, currently there are no viruses publicly circulating for Mac OS X.

      • Anonymous
        December 28, 2011 at 4:57 pm

        Really??!!?? No Mac viruses?

        • Car Insurance
          December 28, 2011 at 9:49 pm

          I haven't seen a MAC antivirus software.... I am not sure if it exists. 

  12. christmas card holder
    December 28, 2011 at 5:52 am

    Is the TDSSkiller free to use?

    • Joel Lee
      December 28, 2011 at 1:05 pm

      Yes, TDSSKiller is free to use!

    • Car Insurance
      December 28, 2011 at 3:05 pm

      Kaspersky TDSSKiller is free to download.

  13. Aaricia
    December 28, 2011 at 1:57 am

    Here are some better instruction with regards to the host file.
    It is possible that the Google Redirect virus has modified your PC’s HOSTS file. The Windows HOSTS file contains a list of computer IP addresses which is accessed whenever a user types in a web address to their browser. The browser will check the HOSTS file to see if the typed address exists in the HOSTS file and if so, direct the user to the relevant site. If the address doesn’t exist in the HOSTS file, the browser will ask the user’s ISP DNS server for the web address and once obtained will direct the user to the site.The Windows HOSTS file is a standard .TXT file and can be found inC:WindowsSystem32driversetc under the name ‘hosts’. There is also a file called ‘lmhosts’ – make sure you select the HOSTS file! There is usually no file association with the HOSTS file, so open it by right-clicking (or double-clicking) the file and selecting ‘Open With’ followed by Notepad.An unmodified HOSTS file should only contain the IP address localhost. If there are other entries in the HOSTS file, remove them and then resave the file.

    • Joel Lee
      December 28, 2011 at 3:26 pm

      I forgot to address the host file in the article. Your explanation was helpful. Thanks!

  14. Aaricia
    December 28, 2011 at 1:52 am

    One thing that I did to get rid of the is was to change the host file back. I know how to do this but do not feel qualified to give out the advice. This was done after I used Malware Bytes in safe mode. 

    • Joel Lee
      December 28, 2011 at 3:25 pm

      Yes, some versions of the redirect virus will alter the host file. Thanks for catching something I missed!