Editor's Blog1 min ago
How to remove Google Redirect virus
20 Answers
I have the redirect virus and nothing is finding it. I have scanned with Avast, Malwarebytes, Ad Aware, A squared, House Call and TDSSKiller and all come up with nothing.
I have Googled and a few sites recommend ComboFix but give warnings that it is best to be used by advanced users. This makes me somewhat apprehensive and makes me think I could make things much worse. Other sites use so much technical jargon that I have no idea what they are talking about.
Please can anyone give me an idiots guide of how to remove the redirect virus that is driving me mad.
I have Googled and a few sites recommend ComboFix but give warnings that it is best to be used by advanced users. This makes me somewhat apprehensive and makes me think I could make things much worse. Other sites use so much technical jargon that I have no idea what they are talking about.
Please can anyone give me an idiots guide of how to remove the redirect virus that is driving me mad.
Answers
Best Answer
No best answer has yet been selected by Yorky Lass. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.Yorky Lass, I've posted a reply on http://www.theanswerb.../Question1007549.html - I have no idea if it will work or not, but if nothing else works it may be worth a try
hmmm ... I've just run it here and there is nothing in the program about posting the log. Could the forum have been talking about posting it after a run of the program ?
All I did was to download and run it. I did opt to run it just the once (Hitman gives you the option to install or run once) and it seemed to work just fine.
One other possible tool I can think of is the Avira rescue disk. You have to download the ISO and burn it to CD, then boot your computer with the CD. There is no updating to do (they release a new version several times a day with all the latest signatures) and although it is primarily an anti-virus tool, it does check for trojans and other malware too. You can get it from http://www.avira.com/...antivir-rescue-system
Try Hitman first on the run once basis, and if that doesn't work try Avira
All I did was to download and run it. I did opt to run it just the once (Hitman gives you the option to install or run once) and it seemed to work just fine.
One other possible tool I can think of is the Avira rescue disk. You have to download the ISO and burn it to CD, then boot your computer with the CD. There is no updating to do (they release a new version several times a day with all the latest signatures) and although it is primarily an anti-virus tool, it does check for trojans and other malware too. You can get it from http://www.avira.com/...antivir-rescue-system
Try Hitman first on the run once basis, and if that doesn't work try Avira
Thanks Huderon. I've run hitman and it only came up with tracking cookies. I think it was Hyjack this or something that needed the log. I've googled that much my head is in a spin as to what I've used.
I've looked at the Avira site and it says to use it if you can no longer boot the system but this isn't the case. If you come back to me and say try it, how do I boot the system from the CD?
Any more ideas please?
I've looked at the Avira site and it says to use it if you can no longer boot the system but this isn't the case. If you come back to me and say try it, how do I boot the system from the CD?
Any more ideas please?
Yorkie Lass, the Avira rescue disk is pretty much a last ditch solution. You can use it on a system you can boot into, but you have to make sure that your computer looks for a bootable disc in the CD/DVD drive before booting from the hard drive.
To change the order in which a machine boots, you have to get into the BIOS. You do that when you start (or reboot) your computer - on the screen you see as it is starting there will be a message saying something like "Press Del to enter setup" (it may specify another key, but Del is a common one). Press that key as soon as you see the message.
The layout of things in the BIOS options also varies, but you usually navigate around them by using the arrow keys and the enter key - it will tell you what to use on the screen. Find the entry for the boot sequence and make sure it is set to CD (or DVD or optical drive) first and disc second (it may already be set that way). Then save the change and exit - the screen will tell you what to press to do that, often it is F10.
Then put the Avira disc in your CD drive and reboot the machine. Instructions on the Avira disc are in German and English, just select English then run a scan and go for a walk or watch TV or read a book for a while and keep your fingers crossed that it finds the malware. When Avira finishes, let it delete anything it finds, then reboot (but take the CD out first !) and keep your fingers crossed.
To change the order in which a machine boots, you have to get into the BIOS. You do that when you start (or reboot) your computer - on the screen you see as it is starting there will be a message saying something like "Press Del to enter setup" (it may specify another key, but Del is a common one). Press that key as soon as you see the message.
The layout of things in the BIOS options also varies, but you usually navigate around them by using the arrow keys and the enter key - it will tell you what to use on the screen. Find the entry for the boot sequence and make sure it is set to CD (or DVD or optical drive) first and disc second (it may already be set that way). Then save the change and exit - the screen will tell you what to press to do that, often it is F10.
Then put the Avira disc in your CD drive and reboot the machine. Instructions on the Avira disc are in German and English, just select English then run a scan and go for a walk or watch TV or read a book for a while and keep your fingers crossed that it finds the malware. When Avira finishes, let it delete anything it finds, then reboot (but take the CD out first !) and keep your fingers crossed.
The reason ComboFix is for advanced users is that it will scan and produce a log. You (as the user) then have to manually remove everything it finds, including entries in the registry, so it's not something everyone should try doing.
I've used Avira before when both the computers here were infected by a particularly nasty thing which, among other things, blocked access to Task Manager for ALL users and blocked access to my list of trusted anti-virus and anti-malware sites. It took a long time to run, but it did do the trick and it was a better option than a complete re-install of everything on the machines.
I've used Avira before when both the computers here were infected by a particularly nasty thing which, among other things, blocked access to Task Manager for ALL users and blocked access to my list of trusted anti-virus and anti-malware sites. It took a long time to run, but it did do the trick and it was a better option than a complete re-install of everything on the machines.
Have you downloaded and tried Hi Jack This and see if you can see if there is any unusal entries if you see one that looks out of place highlight it and ask for more more information and remove it if it your problem. If you have Windows Vista or Windows 7 you could try a scan with Windows Defender or even run the Malicious Software Tool.
Huderon I've done all you said as your instructions were so easy to follow, and found 4 TR/trash.gen .trojans. Unfortunately it hasn't solved my problem.
galeck1947 yes I tried Hi jack but the resulting log was beyond my understanding. I'm useless. I have no idea what "unusual entries" are. They were all unusual to dim witted me. I'm running XP by the way.
Thanks to you both anyway.
galeck1947 yes I tried Hi jack but the resulting log was beyond my understanding. I'm useless. I have no idea what "unusual entries" are. They were all unusual to dim witted me. I'm running XP by the way.
Thanks to you both anyway.
I've been Googling again and found this on a Google forum
1) Click START > RUN > and type in "C:\windows\system32\drivers\etc\hosts"
(2) When prompted, open the HOSTS file in either Notepad or Wordpad
(3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".
If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away. If not, then this probably isn't the issue, but it's worth a look.
I've run as directed and found 47 entries 64.34.212.70 with various Google addresses, under localhost. I'm such a numpty I'd like confirmation that it will be OK to delete them and that I won't cause myself more problems.
Thank you
1) Click START > RUN > and type in "C:\windows\system32\drivers\etc\hosts"
(2) When prompted, open the HOSTS file in either Notepad or Wordpad
(3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".
If you find several lines of IP numbers other than localhost in your hosts file, then this is almost definitely your problem and will be fixed right away. If not, then this probably isn't the issue, but it's worth a look.
I've run as directed and found 47 entries 64.34.212.70 with various Google addresses, under localhost. I'm such a numpty I'd like confirmation that it will be OK to delete them and that I won't cause myself more problems.
Thank you
-- answer removed --
Methyl I checked and all the rogue lines had come back. AHHHH!!!!! However I hadn't tried Windows Defender so I downloaded that and it came up with a problem with the host file. It wouldn't let me resolve it from there coming up with an error message . OX80501001. I followed the Help button and was able to reset my host file back to default. Now nothing else is showing except for the new host file.
I do hope this has cured it.
I'm running XP and the latest Firefox by the way.
Thanks for your help.
I do hope this has cured it.
I'm running XP and the latest Firefox by the way.
Thanks for your help.
1. Please click on “Start–>Run”. Type “devmgmt.msc” and Click on OK. This will run Device Manager. In Device Manager, click on “View–>Show Hidden Devices”.
2. Please expand all the devices by click on the “Plus” sign. Now try to find “TDSSserv.sys” right click Disable. Please make sure that you do not select the Un-Install option otherwise infection will be back once you reboot your computer in Safe Mode.
3. Run your antivirus to scan your computer.
see:http://www.guardpcsecurity.com/archives/g
oogle-redirecting-virus-removal-how-to-get-ri
d-of-google-redirect-virus-completely.htm
2. Please expand all the devices by click on the “Plus” sign. Now try to find “TDSSserv.sys” right click Disable. Please make sure that you do not select the Un-Install option otherwise infection will be back once you reboot your computer in Safe Mode.
3. Run your antivirus to scan your computer.
see:http://www.guardpcsecurity.com/archives/g
oogle-redirecting-virus-removal-how-to-get-ri
d-of-google-redirect-virus-completely.htm
Related Questions
Sorry, we can't find any related questions. Try using the search bar at the top of the page to search for some keywords, or choose a topic and submit your own question.