Google redirect virus is a sort of browser hijacker virus. It has other names such as TDSS, Alureon, or Tidserv. The most common name is Google redirect virus. Once infected it changes the setting of the browser and when user uses the Google search, it redirects some search results to some suspicious websites with ads.
*Brower hijacker is a simple malware and sometimes spyware which changes the home page settings of your browser and points to some suspicious websites generating them traffic.
How Google redirect virus works
The Google redirect virus is not harmful to the computer. It is dangerous for other reasons because it opens the backdoor for the Trojans and other dangerous viruses such as keyloggers which steal the passwords of your banking accounts. Once infected it changes the Browser setting in a very tricky way which allows redirecting the Google search results to other pages rather than found ones. For example, you would search Host1Free, once you click the link it automatically redirects to other non-related sites. This virus redirects not only Google search results, but also Bing and others.
The sites which virus redirects to usually contain other viruses or advertise software with viruses. So the thread of huge damage to your possession is great even it is not direct.
How Google redirect virus infects the computer.
There are hundreds of ways of infection. The most popular are:
- Opening the website with virus installed;
- Opening the infected file sent by friend via Skype or email;
- Clicking the link in Skype or Facebook from people one does not know;
- Installing the suspicious software;
- Installing the software with suspicious toolbar which actually works as spyware; Getting infected by inserting the infected USB or SD card from friend to own computer;
- Getting infected over the local network or Wi-Fi;
- Getting hacked. Hackers install the virus themselves.
The list of the ways may be continued and become longer than this one in tens of times. The main idea is that no one is actually protected from being infected with malware even if one has the latest and professional anti-virus software.
How to remove Google redirect browser hijacker with SpyHunter
The Google redirect browser hijacker is not a complicated virus, however, it is very smart by its nature and may avoid the anti-virus software. Install SpyHunter software. You can download it using this LINK. Make sure that SpyHunter is updated, in order to detect this annoying virus and remove all the infected files.
Launch the full system scan. It should detect the virus and remove it. Once the scan is complete, reboot your computer. You may also repeat the full scan again to make sure virus has been removed.
How to remove the Google redirect Virus manually
We recommend manual removal only if you are experienced computer user. The Google redirect virus is a complicated one; it changes the file names and uses the innocent system files for its vicious purposes.
Step 1. Find the Hosts file in your computer C:\Windows\System32\Drivers\etc\hosts
Step 2. Open Hosts file with the notepad. If you see more than two hostnames, delete the rest.
Step 3. Check DNS settings. Make sure your TCP/IP settings are set to “Obtain IP address automatically”
Step 4. Open your browser setting and make that no proxy server is used.
Step 5. Uninstall the suspicious add-ons and extensions of your browsers. Double check all the browsers you use as the virus may infect all of them.
Step 6. Uncheck “Hide protected operating system files (Recommended)” and click Apply
Step 7. Remove those files manually:
%USERPROFILE%\ Local Settings\ Application Data\ Conduit\ Babylon\ xriotabb.dll
%LOCALAPPDATA%\ArcSoft\Apple\[RANDOM CHARACTERS].dll
%LOCALAPPDATA%\ATI\Adobe\[RANDOM CHARACTERS].dll
%AppData%\[6 RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
%AppData%\[5 RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
%LOCALAPPDATA%\Microsoft\[RANDOM CHARACTERS].dll
%UserProfile%\Local Settings\Application Data\Microsoft\[RANDOM CHARACTERS].dll
%LOCALAPPDATA%\Apple Computer\Apple\[RANDOM CHARACTERS].dll
%UserProfile%\Local Settings\Application Data\Apple Computer\Apple\[RANDOM CHARACTERS].dll
dmgsh.exe
TDSSserv.sys
Xwo.exe
Xwk.exe
Xzagua.exe
C:\Windows\System32\wdmaud.sys
C:\WINDOWS\Xzagua.exe
C:\WINDOWS\_VOID\
C:\WINDOWS\_VOID\_VOIDd.sys
C:\WINDOWS\system32\UAC.dll
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UAC.db
C:\WINDOWS\system32\UAC.dat
C:\WINDOWS\system32\uactmp.db
C:\WINDOWS\system32\_VOID.dll
C:\WINDOWS\system32\_VOID.dat
C:\WINDOWS\SYSTEM32\4DW4R3c.dll
C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
C:\WINDOWS\SYSTEM32\4DW4R3.dll
C:\WINDOWS\system32\drivers\_VOID.sys
C:\WINDOWS\system32\drivers\UAC.sys
C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
C:\WINDOWS\Temp\_VOIDtmp
C:\WINDOWS\Temp\UAC.tmp
%Temp%\UAC.tmp
%Temp%\_VOID.tmp
C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
Step 8. Run RegEdit software and clean some registry files:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys
Step 9. Reboot your computer.
The virus should be removed. If the virus is not removed, you will be able to repeat the procedure one more time to make sure everything is deleted as supposed to be.
It is highly recommended to use professional spyware removal tools such as Spyhunter in order to completely remove the browser hijackers like Google redirect virus.