If you are being redirected to an unwanted website or another search engine, your browser is not only hijacked by a Trojan, but the
The first method to use is to run a scan using an anti-malware removal program that is fast in detecting the TDL3 rootkit. By fast detection, I mean that the security vendors that are able to release a detection and removal in no time. Using anti-malware programs to scan and remove is important, enabling you to find other malware that has resided in your computer as well as the TDL3 rootkit.
- A-squared Free or A-squared Anti-Malware – both versions provide a scanner and remover of Google redirect virus (AKA TDL3 rootkit). A-squared flags the said infection as Rootkit.Win32.TDSS!IK. Note the IK in the threat name which means, the Ikarus detection. Ikarus is another antivirus engine that is integrated in A-squared programs.
- Malwarebytes Anti-malware Free (AKA MBAM) and its paid edition – another anti-malware vendor that is fast in adding detection to latest threats. Free and paid editions of MBAM offer a scan and removal of Google redirect virus.
- SUPERAntiSpyware Free and SUPERAntiSpyware Pro – like A-squared and MBAM, both programs of SUPERAntiSpyware provides a scan and removal options. SUPERAntiSpyware will detect and remove the said Google redirect virus infection as well.
If, for some reason the removal is not successful, this can happen if the infection is a new variant of TDSS rootkit. You should start using standalone removal tool. Choose any of the free tools below to remove the Google redirect virus:
- Win32/Olmarik Removal tool by ESET
- TDSSKiller by Kaspersky Labs.
- Windows Malicious Software Removal Tool by Microsoft
- BlackLight by F-Secure
- Stinger by McAfee
- CureIt! by Dr.Web. The alternative download location is in CNET.com. You need to update the detection to get the latest detection updates.
If you rather use an online scanner and remover, I suggest using Trend Micro Housecall and ESET Online Scanner.
Note that there are other removal tools for the Google Redirect virus infection such as ComboFix, which is easy to use, but you are better off using it only if you can follow a self-help guide. If not, just use one of the above-mentioned scanners or standalone removal tools or visit the malware removal forum over at Aumha.org orBleepingComputer.com. There are resident malware analysts in these forums to help you remove the Google redirect virus.
Guys, here is the removal for the redirect virus. You will know this is your solution beyond the shadow of a doubt once you see where all of those annoying redirects are hiding at. Having some experience with the registry is very helpful. If you don’t have any find somebody who does, backup your registry entries before making any changes and this info is for information purpose.
1.) Click on start, run, type in cmd press enter, type in ipconfig /flushdns press enter
2.) You need to check your Host file and lmHost file for domain entries.
3.) You will know them when you see them because your list will be HUGE! You will see THOUSANDS of domain entries in there. Next open the registry and go to these 2 hives. HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains delete everything except microsoft.com
4.) Next go to the Key P3P 2 folders up and delete the history entries. That will be all of the places you have been redirected to. You will see HUNDREDS of redirect domain entries! If you can replace the entire KEY on both Hives that would be better!!!
5.) You also need to check many other small things however these are the major identifiers.
6.) The reason why Virus scans and Spyware programs can’t find the so called Virus. Because it is not one! Scanning the registry is pointless because those new registry KEY's are legit KEY's. Think of it as you have a Google or Yahoo or Bing search bar in your browser. Let’s say you change the default search to a porn site. Is there anything wrong with your browser or default search engine? No! All spyware will scan past this because people have different search engines. It took me a month and a half to figure this out and I just happen to stumble upon the answer!
7.) I don’t know how the registry entries were changed so be alert that you might catch this annoying issue again!
8.) Get another PC registry KEY running the same version of I.E. That is what I did.
2.) You need to check your Host file and lmHost file for domain entries.
3.) You will know them when you see them because your list will be HUGE! You will see THOUSANDS of domain entries in there. Next open the registry and go to these 2 hives. HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains delete everything except microsoft.com
4.) Next go to the Key P3P 2 folders up and delete the history entries. That will be all of the places you have been redirected to. You will see HUNDREDS of redirect domain entries! If you can replace the entire KEY on both Hives that would be better!!!
5.) You also need to check many other small things however these are the major identifiers.
6.) The reason why Virus scans and Spyware programs can’t find the so called Virus. Because it is not one! Scanning the registry is pointless because those new registry KEY's are legit KEY's. Think of it as you have a Google or Yahoo or Bing search bar in your browser. Let’s say you change the default search to a porn site. Is there anything wrong with your browser or default search engine? No! All spyware will scan past this because people have different search engines. It took me a month and a half to figure this out and I just happen to stumble upon the answer!
7.) I don’t know how the registry entries were changed so be alert that you might catch this annoying issue again!
8.) Get another PC registry KEY running the same version of I.E. That is what I did.
No comments:
Post a Comment