Google redirect virus is one of the most annoying, dangerous, and toughest infections ever released on the internet. The malware may not be considered deadly, as the presence of this infection is not going to crash your computer and make it useless. But it is considered annoying than deadly because of the unwanted redirects and pop-ups which may frustrate anyone to no end. Google redirect virus not only redirects Google results but is capable of redirecting Yahoo and Bing search results as well. So don’t be surprised to hear Yahoo Redirect Virus or Bing Redirect Virus. The malware also infects any browser including Chrome, Internet Explorer, Firefox, etc. Since Google Chrome is the most used browser, some call it Google Chrome Redirect virus based on the browser it redirects. Recently, malware coders modified their codes to create variations to escape easy detection from security software. Some recent variations are Nginx Redirect Virus, Happili Redirect Virus, etc. All these infections come under redirect virus, but variation in the codes and mode of attack. According to a 2016 report, the Google redirect virus has already infected more than 60 million computers wide, out of which 1/3rd is from the US. As of May 2016, the infection seems to have made come back with an increasing number of reported cases.
Why is Google Redirect Virus tough to remove?
Google Redirect Virus is a rootkit and not a virus. The rootkit gets itself associated with some of the important windows services which make it work like an operating system file. This makes it difficult to identify the infected file or code. Even if you identify the file, it is difficult to delete the file because the file is running as part of an operating system file. The malware is coded in such a way that it creates different variants from the same code from time to time. This makes it difficult for the security software to catch the code and release a security patch. Even if they succeed in creating a patch, it becomes ineffective if the malware attack again which contains a different variant.
Why is Google Redirect Virus tough to remove? How to Remove Google Redirect Virus Troubleshooting steps for removing Google Redirect Virus manually 1. Enable hidden files by opening Folder Options 2. Open Msconfig 3. Restart Computer 4. Do a Complete IE optimization 5. Check Device Manager 6. Check Registry 7. Check ntbtlog.txt log for corrupted file
How to Remove Google Redirect Virus
- Try tools available online or go for a professional tool There are plenty of security tools available in the market. But none of these tools are developed specifically for removing the google redirect virus. While some users had success in removing the infection using one software, the same may not work on another computer. A few end up trying all different tools which create more problems by corrupting OS and device driver files. Most of the free tools are hard to trust as they have a reputation for corrupting operating system files and crashing them. So take a backup of important data before trying any free tools to be on the safer side. You can also get help from professionals who specialize in removing this infection. I am not talking about taking your computer to a tech shop or calling geek squad which costs you a lot of money. I did mention a service before which you can try as a last resort. The article here explains how to handpick and manually remove the Google redirect virus. From a technician’s angle, this is the most effective method against this infection. Technicians working for some of the biggest security software brands are now following the same method. Every attempt is made to make the tutorial simple and easy to follow.
- Try to remove google redirect virus manually There is no easier way to remove an infection other than running a scan using software and fixing it. But if the software fails to fix the problem, the last resort is to try removing the infection manually. Manual removal methods are time-consuming and some of you might find it hard to follow instructions cos of its technical nature. This method is very effective, but failure to follow instructions properly or the possibility of human error in identifying the infected file can render your efforts ineffective. To make it easier for everyone to follow, I created a step-by-step video explaining details. It shows the same exact steps used by virus removal experts to remove virus infection manually. You can find the video towards the end of this post.
1. Enable hidden files by opening Folder Options
Operating system files are hidden by default to prevent accidental deletion. Infected files try to hide among the OS files. So it is advised to unhide all hidden files before starting troubleshooting:
Press Windows Key + R for opening Run Window Type Control folders Click View tab Enable show hidden files, folders and drives Uncheck hide extensions for known file types Uncheck hide protected operating system files
2. Open Msconfig
Use the MSConfig tool to enable bootlog file. The bootlog file is only needed in the last step.
3. Restart Computer
Restart the computer for making sure that the changes you made are implemented. (On restarting the computer a file ntbttxt.log is created which is discussed later in troubleshooting steps).
4. Do a Complete IE optimization
Internet explorer optimization is done to ensure that redirection is not caused by a problem in the web browser or corrupted internet settings that connects the browser online. If optimization is done properly, the browser and internet settings are reset back to original defaults. Note: Some of the internet settings found while doing IE optimization are common for all browsers. So, it doesn’t matter if you use Chrome, Firefox, Opera, etc., it is still recommended to do an IE optimization.
5. Check Device Manager
Device Manager is a Windows tool that lists all the devices inside your computer. Some infections are capable of hiding hidden devices which can be used for malware attack. Check device manager to find any infected entries. If the entry is found to be an infected one, right-click on it and then click uninstall. Once the uninstall is complete, don’t restart the computer yet. Continue troubleshooting without restarting.
6. Check Registry
Check for the infected file inside the registry: Assume that you were not able to find TDSSserv.sys inside hidden devices under device manager, then go to Step 7.
7. Check ntbtlog.txt log for corrupted file
By doing step 2, a log file called ntbtlog.txt is generated inside C:\Windows. It’s a small text file containing a lot of entries which might run to more than 100 pages if you take a printout. You need to scroll down slowly and check if you have any entry TDSSserv.sys which shows that there is an infection. Follow the steps mentioned in Step 6. In the above-mentioned case, I mentioned only about TDSSserv.sys, but there are other types of rootkits that do the same damage. Let’s take care of 2 entries H8SRTnfvywoxwtx.sys and _VOIDaabmetnqbf.sys listed under device manager in my friend’s PC. The logic behind understanding if it is a dangerous file or not is mainly by their name. This name makes no sense and I don’t think any self-respecting company will give a name like this to their files. Here, I used the first few letters H8SRT and _VOID and did the steps mentioned in Step 6 to remove the infected file. (Please Note: H8SRTnfvywoxwtx.sys and _VOIDaabmetnqbf.sys are just an example. The corrupted files can come in any name, but it will be easy to recognize because of the long file name and the presence of random numbers and alphabets in the name.) Please try these steps at your own risk. steps mentioned above won’t crash your computer. But to be on the safer side, it is better to take a backup of important files and ensure that you have the option to repair or re-install the operating system using OS disk. Some users might find the troubleshooting mentioned here complicated. Let’s face it, the infection itself is complicated and even the experts struggle in order to get rid of this infection. Recommended: How to Remove a Virus from an Android Phone You now have clear instructions including step by step guide on how to get rid of the Google redirect virus. Also, you know what to do if this didn’t work out. Take action immediately before the infection spreads to more files and renders the PC unusable. Share this tutorial as it makes a huge difference to someone facing the same problem.