I have a Google redirect virus which redirects every hit I click on in every search engine, in every browser, to a completely unrelated website. No anti-virus software I've tried can get rid of it. Help.
Locked due to age. If you still have a problem, please start a new thread
Basically the Google redirect virus is caused by a trojan with rootkit capability, and so whenever I click on a link on Google, it redirects me to a completely unrelated site. I think I got it on there because of downloading pirated software (patches, cracks, keygens) to avoid paying: so stealing software didn't pay off :(
I know you guys aren't specialised in internet security, but can you help?
Modified
Chosen solution
I guess I had this rootkit too. I used a tool called tdsskiller and I think it did the trick. Now I can use Google without these annoying redirects. I also found the removal instructions given at http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html to be very useful.
Regards, Jessica
Read this answer in context 👍 11All Replies (20)
Try running several malware scanners. It is best to run several as each will pick up things that the others miss. Some scanners you can try are:
If the above malware scanners do not find any malware or can not clear it, you should consider posting in one of these forums for specialized malware removal help:
But I have already tried at least half a dozen virus scanners. I've tried Nod32, Avast, Pareto Logic PC health advisor, Spyware Doctor, XoftSpySE, Malwarebytes, plus several registry fixers. How many fricking scans from anti-virus programs does it take to kill the damn thing?! Yes, I will try your dozen other suggestions, but if I still get no result, I'm either re-imaging my harddrive, or just upgrading and starting again. In the meantime, Google Chrome is the only web browser which doesn't redirect hits, so I'm sticking with that.
Thanks anyway, Stefan
Dozen other suggestions? Looks like 5 programs and 5 support forums that specialize in virus / malware / scrapeware / rookit problems to me.
Anti-virus programs don't look for Malware, they look for crap that is classified as a virus. The 5 anti-malware programs that were recommended are the best programs (as judged by a professional PC technician who does support over at MozillaZine) at finding and removing Malware. Beyond that, you could have a Rootkit infection, which needs an entirely different program to locate and find. The helpers at those forums can provide more knowledgeable help with a Rookit.
Oh ok. Thanks for the heads up. Sorry if it seemed like I was dissing your response, I wasn't. Funnily enough the Google redirect virus infection is caused by a trojan with rootkit capability, so your suggestions may very well come in handy.
Thanks heaps ed-meister :)
Stef
Chosen Solution
I guess I had this rootkit too. I used a tool called tdsskiller and I think it did the trick. Now I can use Google without these annoying redirects. I also found the removal instructions given at http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html to be very useful.
Regards, Jessica
Hi Jess,
Thanks a lot for your removal instruction page, it solved the problem! The program ComboFix did most of the work. Thanks so much, I've had to put up with the virus for weeks, and now I can finally search redirect free :)
Thanks a lot, Stefan
There seems to be more than one, possibly several malware objects that can cause Google search redirects in both Firefox and Explorer... some result in multiple infected files and are self- regenerating. I tried rootkit, gooredfix, tdskiller and every other tool I could download... several times I was certain it was gone but it always came back! If you want to kill this thing for good, combofix is the only thing that removes ALL of the infected elements. Combofix takes a long time to run (circa 30 min?) and requires some user input and also messes with your system settings a little but it is VERY thorough and it does work and best of all, it's free.
I agree with you Dallas, the same thing happened with me, each time thinking I'd got rid of the virus, and then it reappeared again. Also, yes ComboFix did the trick for me, but it didn't take much time for me (10 min), and didn't stuff around with my system settings. Now my computer's running at top speed again.
None of the spyware,malware software worked for except Hitman Pro 3.5. I download it to a flash drive on another pc and ran it from the stick. Found and removed everything. Not one problem since.
I had lots of aggro with this.... I used malawarebytes, the standard search did not uncover the cause but instigated a full search and it found an additional 6 trojan and odd malaware oddments.... cleared all and ... Eureka... sorted.
i have been having redirects for months also. It happens exactlly the same with IE and also google chrome. I recently wiped my PC (saved music pictures and documents to a harddrive) and reinstalled windows. The moment i get home, fix my computer up to the internet, and download firefox, i get the same redirects :S that was about a month ago... i gave up. Never had such problems before.
I have however changed some settings about 5 minutes ago after reading a post here, "network connections/internet protocol tcp/ip/use dns settings..." and it seems to have fixed the problem ... for now. I am extremely worried that I still have something bad in my computer. I dislike spybot, it really messed my computer up, completely crashed it. I have used avg for years and never had a problems till now, also not sure whether i can trust anti spyware downloads. I am also rather frightened i will find trojans ^^ I have not long formatted the drives and reinstalled windows after all :(
redirects to chinaontv, kdirectory, porn, ask.com, various shopping directories, pharmaceuticals website and youtube videos advertising anything from nokia phones to music
Modified
I tried Jessica's advice and went to the blog, followed the instructions and downloaded TDSSKiller. Success! Thanks Jessica. I can now go back to my beloved Firefox and leave IE alone.
- REDIRECT FIX**
This Google Redirect affects Yahoo Search as well. No Malware or Virus scans will find it because it is installed as an Add On in Firefox tools menu. Go to your Add Ons in the tool menu, scroll down untill you find "Google Update" and disable it. I don't know how this was download onto our computer but this ended the redirects using the search bar in the Firefox browser. Matt
I have the same problem , try using Firefox 4.0 Beta 8 or internet explorer ....your browser is infected , however I found that using a different browser works around the problem .
Research ongoing ....................
Antbanx
Try XoftSpySE < this got it !
Modified
I'm facing this problem too, and fixed by this way:
- Run "services.msc" - Find "stllssvr" service, stop then disable it - Restart computer and open Firefox, try some Google search
I don't know what "stllssvr" is, but in my experience every services has description but "stllssvr" doesn't. I find it unusual and I chose the safe way is to disable it, if it doesn't affect the computer I will try to delete it later.
Please email me if you find this useful [nam.nguyenphuong at yahoo dot com]
Edited: I'm sorry, my mistake, the solution above did not solve the problem :(
Modified
Problem solved by perfoming Avira AntiVir Personal v10 quick scan.
It found TR/Vundo.Gen2 in C:\Windows\System32\dinput8S.dll and after remove my Firefox runs normally.
Hey all, the problem with the redirect virus is that it masks itself so that it cannot be detected by most anti-virus problems and it changes certain DNS settings as well. Really, the only way that I was ever able to get rid of it was by using a manual process and then removing traces of it with things like CCleaner and so forth. I had to repeat many processes, and system restore would not work. I also had wiped my hard drive clean twice with no result!
Just be careful and make sure that it's really gone. A few times the symptoms of the redirecting problem went away, but soon returned and the virus had reinstalled itself I guess.
Hope this helps, T.
Guys, here is the removal for the redirect virus. You will know this is your solution beyond the shadow of a doubt once you see where all of those annoying redirects are hiding at. Having some experience with the registry is very helpful. If you don’t have any find somebody who does, backup your registry entries before making any changes and this info is for information purpose.
1.) Click on start, run, type in cmd press enter, type in ipconfig /flushdns press enter 2.) You need to check your Host file and lmHost file for domain entries if you see thousands of entries remove them. You will know them when you see them because your list will be HUGE! You will see THOUSANDS of domain entries in there. 3.) Next open the registry and go to these 2 hives. HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains delete everything except microsoft.com 4.) Next go to the Key P3P 2 folders up and delete the history entries. That will be all of the places you have been redirected to. You will see HUNDREDS to thousands of redirect domain entries! If you can replace the entire KEY on both Hives that would be better!!! 5.) You also need to check many other small things however these are the major identifiers. 6.) The reason why Virus scans and Spyware programs can’t find the so called Virus. Because it is not one! Scanning the registry is pointless because those new registry KEY's are legit KEY's. Think of it as you have a Google or Yahoo or Bing search bar in your browser. Let’s say you change the default search to a porn site. Is there anything wrong with your browser or default search engine? No! All spyware will scan past this because people have different search engines. It took me a month and a half to figure this out and I just happen to stumble upon the answer! 7.) I don’t know how the registry entries were changed so be alert that you might catch this annoying issue again! 8.) If you can get another PC, get the registry KEY for I.E, it must be the same version and import the new entire KEY. That is the course of action I took.
Guys, here is the removal for the redirect virus. You will know this is your solution beyond the shadow of a doubt once you see where all of those annoying redirects are hiding at. Having some experience with the registry is very helpful. If you don’t have any find somebody who does, backup your registry entries before making any changes and this info is for information purpose.
1.) Click on start, run, type in cmd press enter, type in ipconfig /flushdns press enter 2.) You need to check your Host file and lmHost file for domain entries if you see thousands of entries remove them. You will know them when you see them because your list will be HUGE! You will see THOUSANDS of domain entries in there. 3.) Next open the registry and go to these 2 hives. HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains delete everything except microsoft.com 4.) Next go to the Key P3P 2 folders up and delete the history entries. That will be all of the places you have been redirected to. You will see HUNDREDS to thousands of redirect domain entries! If you can replace the entire KEY on both Hives that would be better!!! 5.) You also need to check many other small things however these are the major identifiers. 6.) The reason why Virus scans and Spyware programs can’t find the so called Virus. Because it is not one! Scanning the registry is pointless because those new registry KEY's are legit KEY's. Think of it as you have a Google or Yahoo or Bing search bar in your browser. Let’s say you change the default search to a porn site. Is there anything wrong with your browser or default search engine? No! All spyware will scan past this because people have different search engines. It took me a month and a half to figure this out and I just happen to stumble upon the answer! 7.) I don’t know how the registry entries were changed so be alert that you might catch this annoying issue again! 8.) If you can get another PC, get the registry KEY for I.E, it must be the same version and import the new entire KEY. That is the course of action I took.
Prior to my redirects with Google. Zone Alarm alerted me that a program. Bullet Storm wanted access to the internet. I denied access and soon after Norton AV notified me that a program called Tracor was trying to access my computer. Firefox quit connecting to the internet at this point. I ran a full scan with Norton AV. Nothing was found. I tried a couple of the spyware and malware programs to look around and nothing was found. Firefox would work only when I gave the go ahead with Zone Alarm for that Bullet Storm program. I used Norton Power Eraser and it found a program called muzaf123 and a couple of other things. I cleared out those problems with the Norton Power Eraser program. Firefox worked fine after this. I believe I've cut off the communication with the virus program and to who ever out on the internet. Now I only get Google redirects on the first click and it can be stopped by going to Help on FF and clicking the Restart with add-ons disabled. So something is still affecting FF.