Google Redirect Virus Removal
One of my fellows came to me telling me that there was some problem with his system. Whenever he wanted to search something in Google, an advertisement would open up instead of the search results. That was unusual because Google never does this type of ads. First I checked Google search on my system. It was running perfectly fine. Then I remembered that about a year ago, a virus had come that did the same thing. It would redirect all the Google queries to advertisements, sometimes it would open a page loaded with Adsense ads otherwise it would open a fake advertisement page.
I went to the affected system to investigate the problem. First of all I always run Hijackthis to find the hidden startup information about the system. I ran hijackthis and found out an R3 entry which is a URLSearchHook. If you are having the same problem, kindly use hijackthis to check this entry if you don’t know the file mentioned in this entry.
Then I looked at the hosts file that can be found at C:windowssystem32driversetc where C is your Windows drive. Make sure that you have only one entry in the file that is:
127.0.0.1 localhost
My hosts file looks like this:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host127.0.0.1 localhost
Look at the processes running under your username in the Task Manager. Make sure you don’t have anything suspicious running in background.
Make sure that you have a legitimate primary and secondary DNS Servers in your network settings. In case you don’t know your ISP DNS, you can use OpenDNS whose primary and secondary DNS IP addresses are given as under:
208.67.222.222
208.67.220.220
Now disable System Restore and Re-enable again to make sure that all your restore points data is lost and the virus is not residing in the System Restore data file.
Also run CCleaner to clean the temporary and junk files to make sure everything is gone.
Now reboot your computer. This is what I have done to get rid of Google redirect virus.
To make sure that you are running clean, make sure that you have an up to date antivirus. Here is our top 5 free antivirus collection. If you are still having problem, please let me know through comments.
automatic google redirect removal, free google redirect virus removal, gaopdxserv.sys, go google virus, go.google.comvirus, google not opening, google redirect, google redirect problem, google redirect removal, google redirect spyware, google redirect virus, google redirect virus fix, google redirect virus removal, google redirect virus removal tool, google redirect windows 7, google redirecting virus, google virus, google virus 2009, google virus redirect, google virus redirect removal, google virus removal, google.de virus, how can i get rid of the host redirect virus, ie 8 redirect virus removal, redirect google host, redirect google search, redirect virus, redirect virus in windows 7, redirect virus removal, redirecting virus, remove google redirect virus, search redirect virus removal, TDSSserv.sys, technize, technize.com, top 5 free antivirus, Trojan.DNSChanger, virus
Technize,
It is a good thing that your memory served you correct in resolving this issue. Resolving these sort of problems can be very time consuming. The steps you took; very professional.
Rick
Thanks a lot Rick. I keep myself updated with your blog. Recommended to every techie.
http://whatsonmypc.wordpress.com
I’ve spent the last week trying to find a solution to remove the Google redirect virus. First of all I’m not even sure how I got it. I ran Hijack this and did find the R3 entry as described above. I removed it rebooted the pc and it seemed ok then I starting having the same problem again. Came across some info on another website who had several PC users having good luck with a program called HitmanPro3.5. Ran it and it found a “rootkit” trojan installed in my windows drivers section. Removed it and so far no more issues. It took one week of constantly researching on the web to find this program and I’m suprised that it didn’t come up in the searches quicker. Hope this helps and saves you some time:)
I’m very grateful for your hard research work, Steve. HitMan Pro (ver 3.5 is the latest as of this writing) fixed my Google & Yahoo Redirect Virus. The file culprit was named 7n8001.sys and was located in the Drivers sub-directory under C:\Windows\System32. It took several hours of research and experimentation before I came upon this solution.
I found the software on CNet. Looks like it’s free for 30 days. It’s a cloud computing solution. If you try deleting or renaming the virus yourself, it regenerates itself. It’s nasty and persistent.
As of today, 1/20/2010, the latest updates for AVG, Malwarebytes, Spybot Search & Destroy, and AdAware could not fix it., although one of these spotted it (can’t rememebr which), but couldn’t fix it (couldn’t write to the HOSTS file in C:\Windows\System32\Drivers\ETC. Windows and IE updates were current.
Correction: I found my notes. It was XDELBox that found the virus but couldn’t fix it (couldn’t write to the HOSTS file in C:\Windows\System32\Drivers\ETC.)
Check out the Full info about the Virus here
How to remove mtn5.goole.ws and popup.adv.net Malware