Tips on removing the google redirect virus!
This virus is no doubt a major pain to so many people out there. I know of a few work colleagues who have been having trouble getting rid of these and some of these same people are actually quite technically sound!
This all started a few weeks ago when I was browsing the Internet with Google Chrome (Incidentally, I read a report from readwriteweb on a serious security hole in Chrome, more on that right here), I started noticing very peculiar behaviour when I was browsing certain sites and clicking on certain search results both within Google & Bing. Basically, I was being redirected to odd looking sites (very thin on content, lots of advertisements scattered all over the place.) after doing a bit of digging it turns out I was infected with the Google redirect virus, very annoying indeed! I’m quite a techy at heart so luckily I was able to get a grasp on what the virus does and how best to remove it. I searched for half an hour on the best way to remove it and found a good guide on removingmalware.org. They had a good comprehensive guide which details exactly what to do, guide and removal tool can be found here.
I want to offer some advice on those who are dealing with this redirect virus. Firstly, make sure your running an up to date anti-virus program and do a full scan of your system. That means all your hard drives, every file on there! It’s worthwhile getting a third party tool also, I ended up using combofix because malwarebytes simply couldn’t remove it, even in safe mode.
Secondly, you have to check your registry and startup lists and it’s very common indeed for this redirect virus to alter these entries, amend, insert and sometimes delete existing ones to ensure that it starts when you first boot into Windows. Thirdly, Windows update! Yes, I know a lot of people might roll their eyes to this suggestion but it’s worthwhile doing, a lot of infections occur because the malware itself takes advantages of fundamental problems within the core of the Windows system files, this is especially the case with Windows XP.
Lastly, be careful what sites you’re visiting as oftentimes the reason you get infected is because you may have wandered onto a rather suspicious website. We’ve all done it and it can happen easily. Anti-virus with web based protection is good for this kind of thing as its able to scan the HTML/JavaScript code before its executed. This means that 0-day browser exploits are unlikely to leave you infected.
Feel free to get in touch with me and let me know if you’ve had any joy removing the virus or not, I will be happy to help those who haven’t. Failing that, get in touch with the guys at removingmalware.org as they offer to provide free support to anyone who is infected.