Google Redirect Virus

Google Redirect Virus Description


ScreenshotGoogle Redirect Virus is a rootkit and backdoor Trojan that earned its name from Google Redirect Virus’ central function of redirecting you to unrelated websites, after you click a search result link. Despite this function being Google-specific, Google Redirect Virus infections can also have many different secondary functions, with prominent possibilities including downloading other malicious programs, creating a backdoor in your PC security and creating advertisements. Although Google Redirect Virus has no beneficial purposes and shouldn’t remain on your computer, removing Google Redirect Virus and related rootkits can be extremely difficult. It’s recommended that you use only the best and most thoroughly-updated anti-virus software that you have available to delete Google Redirect Virus.

The Many Origins of the Google Redirect Virus


Although Google Redirect Virus is often known by the ‘virus’ title, a more appropriate classification would be rootkit or Trojan. Google Redirect Virus is caused by various types of the infamous TDSS Rootkit, which is known by a variety of other names, including Alureon, Tidserv, Backdoor.Tidserv, Trojan:WinNT/Alureon.D, TrojanSpy:Win32/Chadem.A and many other variations.

As you might expect from the many possible aliases, Google Redirect Virus infections can contain many different kinds of secondary symptoms. However, the primary Google Redirect Virus attack is always the same. After you click on a link in a Google search result, Google Redirect Virus will redirect you to a completely unrelated website. These websites are designed to generate revenue for the criminals behind the Google Redirect Virus enterprise. Some websites may use the artificial traffic to boost affiliate payments, while others may attempt to trick you into purchasing fake security software such as Windows Necessary Firewall or Fast Windows Antivirus 2011.

Google Redirect Virus hijacks Google search results and redirects to several websites. Among them are coolsearchserver.com, webplains.net, Bodisparking.com, Zwankysearch.com, find-fast-answers.com, njksearc.net, qooqlle.com, Blendersearch.com, Thewebtimes.com, Marveloussearchsystem.com, search-netsite.com, toseeka.com, AboutBlank, La.vuwl.com, 10-directory.com, 63.209.69.107, 67.29.139.153, 7search.com, adorika.com, adf.ly, alive-finder.com, alltheservices.com, articlemule.org, asklots.com, ave99.com, b00kmarks.com, background-sleuth.net, bargainmatch.com, beoo.com, bestdiscountinsurance.com, bestsearchpage.com, bestclicksnow.com, bestmarkstore.com, bestwebchoices.com, bestwebsearch.com, bidsystem.com, secure.bidvertiser.com, blinkx.com, britewallet.com, budgetmatch.net, buzzclick.com, celebrity-gossip.net, cheapstuff.com, citysearch.com, clicksor.com (Clicksor), clkads.com, feed.clickbizz.com, comparedby.us, comparestores.net, couponmountain.com, digitaltrends.com, easilyfindlocal.com, everythinghere.com, evoplus.com, expandsearchanswers.com (expand search answers), fastfinder.com, feedsmixer.org (starFeedsMixer), find-quick-results.com, FilesCup.com (FilesCup), findexmark.com, find-answers-fast.com, finditreport.com, findology.com, finderquery.com, findstuff.com, flurrysearch.com, forless.com, gimmeanswers.org, glimpse.com, google-redirect.com, googlesearchserver.net, get-search-results.com, goingonearth.com, goodsearch.com, gomeo.co.uk, gossipcenter.com, gquestionnaire.com, greatsearchserver.com, greenluo.com, grooveswish.com, guide2faucets.com, happili.com, HelloLocal.com, hyperpromote.com, informationgetter.com, inruo.com, jerseyscatalog.com, juggle.com, k100searches.com, YouPorn, kitchenrenopages.com, kingtopsearch.net, kiseek.com, lawyerinsight.org, letsbuystuff.com, liutilities.com, livejasmin.com (creative.livejasmin.com popups), local-search-pages.com, localpages.com, localsearchbug.com, lowpriceshopper.com, manufacturersdirectory.com, merchantsnearby.com, monstermarketplace.com, mooter.com, multifind24.com, mybestclick.net, mycustomsearch.cn, mydealchoices.com, mydealmatch.com, mylocalhero.com, neatsales.com, neatsearchserver.com (neat search server ZeroAccess rootkit), netsearchfinder.com, netshoppers.com, nexplore.com, privacycheck.ru, Pulse360.com, qooqle.com, questyes.com, quick-search-results.com, quick-suggest.com, redirectsite.net, results5.google.com, safecompare.com, saveandcoupon.com, Storeordersonline.com, savecompare.com, savingwithads.com, scour.com, scoursearch.net, search-redirector.com, searchforall.info, searching4all.com, search-results.com (int.search-results.com), searchbacon.com, searchdiscovered.com, Search.babylon.com, searchqu.com, searchqualitysites.com, searchnext.com, searchspice.com, shopcompare.net, shopcompareus.com, shopfinded.com, shopica.com, shopica.com/search, shopzilla.com, socialsurvey2011.info, Social Search Redirect, somesearchsystem.com, startnow.com, startsearcher.com, supersearchserver.com, TabDiscover.com, tazinga.com (tazinga!), theifinder.com, TheTop10.com, tubedownloader.com, theyellowpages.com, theyellowpagez.com, topdaodrugs.com, tubedownloader.com, Therelatedsearch.com, unblock-us.com, us-srch-system.com, valueapproved.com, vshare.toolbarhome.com (vShare), vehiclefind24.com, Worldslife.com, weeklycontestwinner.org, weeklyusa-winner.com, webshoppinghelper.com, webresults6.org, Wickedsearchsystem.com, whatcarefreefeelslike.com, yellowmoxie.com, yellowise.com, ylwbook.addresses.com, youfindmore.com. Zinkwink.com

In all cases, you should minimize any contact that you have with the websites that Google Redirect Virus redirects you towards, since these websites can be a source of fraud and other infections that use browser exploits to install themselves.

The Rootkit and Trojan Attacks That Google Redirect Virus May Also Use Against Your Computer


Its primary function is bad enough, but Google Redirect Virus can also use other attacks against your PC, many of which are even more serious.
DOWNLOAD NOW

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Some of the major possibilities that have been linked to infection by Google Redirect Virus-spawning rootkits include:
  • The appearance of unwanted and potentially dangerous advertisements. In addition to redirecting you to dangerous sites and slowing down your PC, these advertisements may use drive-by download scripts via Flash or Java to install harmful programs.
  • The creation of a backdoor hole in your security. These holes can include a disabled firewall, exceptions added to your firewall or network ports being opened to allow traffic to pass through them uncontested. Backdoor attacks are strongly associated with remote attacks by criminals and endanger your computer’s security and privacy.
  • Some variants of Google Redirect Virus will take their Trojan duties a little more seriously than other variants and may install other threats to your PC, including rogue security programs, keyloggers, ransomware and other harmful applications.

All versions of Google Redirect Virus use rootkit tactics to hide themselves, so that you will not detect any separate Google Redirect Virus files or memory processes. Since rootkits are extremely difficult to remove, you should only use the most reliable anti-virus software that you can access, to get rid of Google Redirect Virus. Anything less than the best may easily fail to remove Google Redirect Virus, even if Google Redirect Virus appears to have been removed in a scan.

Aliases


Trj/Genetic.gen [Panda]Generic29.AKVZ [AVG]W32/Kryptik.KO!tr [Fortinet]Win32.Malware [Ikarus]a variant of Win32/Kryptik.AKCO [ESET-NOD32]Trojan/Win32.Milicenso [AhnLab-V3]Trojan:Win32/Vundo [Microsoft]Win32.Troj.Undef.(kcloud) [Kingsoft]Trojan/Generic.aziif [Jiangmin]Gen:Variant.Symmi.1594 (B) [Emsisoft]

More aliases (48)


Google Redirect Virus Automatic Detection Tool (Recommended)


Is your PC infected with Google Redirect Virus? To safely & quickly detect Google Redirect Virus we highly recommend you run the malware scanner listed below.



Visual & GUI Characteristics


Screenshot

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 %LOCALAPPDATA%\AIM Toolbar\[RANDOM CHARACTERS].dll 300
    2 %LOCALAPPDATA%\Hewlett-Packard\[RANDOM CHARACTERS].dll 300
    3 %LOCALAPPDATA%\Macrovision\[RANDOM CHARACTERS].dll 300
    4 %LOCALAPPDATA%\AlwaysNeat\Adobe\[RANDOM CHARACTERS].dll 297
    5 %LOCALAPPDATA%\CamfrogWEB\[RANDOM CHARACTERS].dll 297
    6 %LOCALAPPDATA%\Inbox Toolbar\[RANDOM CHARACTERS].dll 297
    7 %LOCALAPPDATA%\AIM\Adobe\[RANDOM CHARACTERS].dll 294
    8 %LOCALAPPDATA%\CyberLink\[RANDOM CHARACTERS].dll 294
    9 %LOCALAPPDATA%\Intel\[RANDOM CHARACTERS].dll 294
    10 %LOCALAPPDATA%\Roxio\[RANDOM CHARACTERS].dll 290
    11 %Temp%\UAC.tmp N/A
    12 %Temp%\_VOID.tmp N/A
    13 C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll N/A
    14 C:\WINDOWS\SYSTEM32\4DW4R3.dll N/A
    15 C:\WINDOWS\SYSTEM32\4DW4R3c.dll N/A
    16 C:\WINDOWS\SYSTEM32\4DW4R3sv.dat N/A
    17 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys N/A
    18 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys N/A
    19 C:\WINDOWS\system32\drivers\UAC.sys N/A
    20 C:\WINDOWS\system32\drivers\_VOID.sys N/A
    21 C:\WINDOWS\system32\UAC.dat N/A
    22 C:\WINDOWS\system32\UAC.db N/A
    23 C:\WINDOWS\system32\UAC.dll N/A
    24 C:\WINDOWS\system32\uacinit.dll N/A
    25 C:\WINDOWS\system32\uactmp.db N/A
    26 C:\Windows\System32\wdmaud.sys N/A
    27 C:\WINDOWS\system32\_VOID.dat N/A
    28 C:\WINDOWS\system32\_VOID.dll N/A
    29 C:\WINDOWS\Temp\UAC.tmp N/A
    30 C:\WINDOWS\Temp\_VOIDtmp N/A
    31 C:\WINDOWS\Xzagua.exe N/A
    32 C:\WINDOWS\_VOID\ N/A
    33 C:\WINDOWS\_VOID\_VOIDd.sys N/A
    34 dmgsh.exe N/A
    35 TDSSserv.sys N/A
    36 Xwk.exe N/A
    37 Xwo.exe N/A
    38 Xzagua.exe N/A

    More files

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sysHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys

Related Posts

Posted: May 18, 2009 | By
Share:
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (38 votes, average: 3.55 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 8/10
Detection Count: 328
Home Malware ProgramsViruses Google Redirect Virus

24 Comments

  • Dr. Paul M. Kloepfer says:

    Remove anything CONDUIT.
    Make everything as my only Search Engine as GOOGLE.

  • turi says:

    sto appendo provarlo

  • johnny says:

    This post is great. I realy like it!

  • katalog stron says:

    This website won’t show up correctly on my i phone – you may want to try and fix that

  • SheilaTodd says:

    Satyanarayana would you please elaborate a little in reference to your comment 12/30/12? I am having difficulty navigating to find the Internet protocol version (TCPIP) v4, and have the redirect virus really bad on my main computer. Please…any info would be so appeciated. Thanks Sheila

  • Satyanarayana says:

    Are you serious? kid, you can not deetle the Windows Host file. No one listens to this retard. The only way to get rid of the redirect virus is by going on to your internet connection properties, click on Internet protocol version (TCPIP) v4, then click on properties . at the bottom of the box make sure you click on Obtain DNS server address automatically and make sure you uncheck use the following DNS address .Do not listen to idiots who will fuck up your machine or want to charge you

  • sm says:

    Why can’t google remove the redirect. Doesn’t it hurt them that because of this pest, people will avoid using google search!

  • howard erickson says:

    I would love to have help getting rid of Babalon

  • Featherstipe says:

    lol smart! ;)

  • Featherstipe says:

    It didnt work for me. I was just going on the minecraft page and the "redirect" thing stopped me. redirect always brigns me to a scuba diving gear thing. about five weeks ago there was this scan thing that told me i had 16 viruses. i could not go on the internet because of it. i could remove all the viruses but i didnt cuz it costed money.now i wish i did, but at that point i thought that the scan was fake and it was a viruse but i guess not.

  • Webster Smith says:

    This redirect virus has caused my business to suffer. Now thanks to the spyhunter, I could remove it from two of my office PCs. My workers and I thank you spywareremove for your efforts in fixing this issue.

  • Chris Tiler says:

    I can not access to the Regedit in order to change tha paramether. Are there any other way to access to it. Thank you.

  • how to remove a redirect virus says:

    Thank you for some other excellent article. Where else may just anybody get that type of info in such a perfect approach of writing? I’ve a presentation subsequent week, and I’m on the search for such info.

  • Lily Honan says:

    The easiest way to remove Win 7 Anti-Virus 2011 malware is to buy a Mac!

  • gennie says:

    nice blog

  • Blossom Leso says:

    The google redirect virus is killing me… anyone know any good alternatives to remove this darn virus?

  • Creation de site web en Flash says:

    I savor, lead to I found exactly what I was having a look for. You’ve ended my four day long hunt! God Bless you man. Have a nice day. Bye

  • razor scooter says:

    This is really fascinating, You’re an overly professional blogger. I’ve joined your feed and look forward to in search of more of your excellent post. Also, I have shared your site in my social networks

  • gap says:

    It is really a nice and helpful piece of information. I’m satisfied that you shared this helpful information with us. Please stay us informed like this. Thanks for sharing.

  • directory of ezines says:

    Thank you a bunch for sharing this with all folks you really know what you’re speaking about! Bookmarked. Kindly additionally discuss with my site =). We can have a hyperlink exchange agreement among us

  • Swenton says:

    most of my web surfing now redirects me to sites that i do not want. what do i do? i have tried running spybot but nothing helps. going to try your malware scan to see if that does the trick.

  • ChrisLumpkin says:

    I have tried everthing.I have pc tools doctor and other online tools and nothing can touch this SOB. Google and Bing are the same. Please Help.

  • Mr Bob says:

    I can no longer use Google. I keep getting redirected to other sites, including porn. I have to block Google from my computer. Ugh…

  • gm says:

    does Google condone redirect ? Does Google make money allowing “redirect” ?

Leave a Reply

What is 4 + 3 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)