Google redirect: how to remove this virus

by Ugnius Kiguolis - -

Google Redirect virus: the virtual annoyance that has been causing headache for computer users for years

Remove Google Redirect virus as it is highly annoying and dangerous

Google redirect virus is a serious computer infection that causes continuous redirections to random pages having nothing in common with user's search query on Google or other search engine. The program that initiates these redirections seeks to generate revenue by promoting shady third-party websites, products and services.

Unfortunately, reliability of these external sites is not what matters for browser redirect malware developers[1]. According to experts, such programs are closely related to browser hijackers, adware and similar types of malware. Such programs cause a lot of problems to computer users, so experts recommend to remove Google Redirect virus from Chrome and other browsers as soon as it is possible.

Google redirect issue is initiated for making the money and increasing traffic to needed websites that are trying to increase their sales or page rank on Google. Beware that Google redirects may end on malicious website trying to steal your personal information or seeking to infect you with malware or spyware.

In addition, when trying to find relevant information online with the browser redirect virus on your computer you risk entering phishing websites unexpectedly. Keep in mind that you might run into sites showing fake error codes and displaying warnings about security threats affecting your computer. Such messages often contain a tech support number that the victim is asked to dial. However, doing so simply connects the victim with tech support scammers.

This issue is usually followed by another issue – different kinds of advertisements that appear in various forms, such as pop-ups, in-text ads, banner ads and similar notifications. Please, do NOT fall for their tricky titles because they can hardly help you save the money or get needed updates.

To sum up, having Google redirect virus on your computer means lots of serious problems that can be avoided only by removing this threat from the system. The most serious thing is that you need to find the virus that causes these issues on your computer yourself. This task is quite challenging, so we often recommend using anti-spyware or anti-malware programs for Google redirect virus removal.

Avoid installing unwanted programs that cause browser redirects

Google redirect is mostly caused by browser hijackers. However, TDSS, Alureon or Tidserv viruses can also be related to this problem. As soon as the browser hijacker or other threat gets into the machine, it initiates a dangerous mess in user's web surfing routine.

Besides, you can find yourself disconnected from many Internet websites and services. Besides, you can be redirected to various sites that are either harmless commercial websites or dangerous sites that are associated with Internet criminals.

Avoid installing such unwanted programs by developing secure web browsing habits:

  • First of all, avoid visiting domains that raise suspicion to you. If a website displays an excessive number of ads, download buttons or links and other untrustworthy content, better close such site immediately.
  • Never open vague email attachments sent to you by strangers. We highly doubt that you want to install browser redirect viruses, however, opening suspicious emails can drop a much more serious malware on the system, for example, ransomware or Trojans.
  • Install computer programs wisely and without a rush. Do not become a victim of a browser hijack only because you tend to rush during software installation. A smart way of avoiding spyware programs is choosing Custom/Advanced software installation option. After selecting one of these options, the user should see a list of programs that can be installed alongside the main one. These should be deselected immediately as they often prove to be ad-supported virtual annoyances.
  • Install and continuously update an anti-spyware software. Unfortunately, traditional antivirus solutions often detect severe malware variants only, meaning that they let spyware-type programs slip into the system unnoticed. To fix this, we recommend installing anti-spyware or anti-malware software. You can read some software reviews on our website on the Software page.

If your machine is protected by a licensed version of anti-spyware and anti-virus programs, you can be calm while browsing the Internet because there is almost no risk to get Google redirect virus on your PC. However, failing to protect your machine with licensed software opens the doors to the system and makes it vulnerable to cyber threats.

Remove Google redirect virus and block redirects on Chrome and other browsers

In order to block Google redirect virus, you need to find the program that causes the redirect problem. Detecting the infection can be a time-consuming task, so we usually recommend choosing an anti-malware or anti-spyware program for the elimination of the threat.

First of all, scan your computer with an updated anti-spyware program:

  1. Reimage
  2. Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus
  3. Malwarebytes Anti Malware

Now, check Hosts file for malicious entries:

Hosts file is on C:\\\\Windows\\\\System32\\\\Drivers\\\\etc\\\\hosts where Windows is your windows installation directory. On Windows 10/8/8.1/7/Vista/8/XP, you should open your hosts file with administrative privileges. For that, use these steps:

  • Click Start and search for Notepad. Right-click on the search result and choose Run as Administrator. In case the system asks to enter Administrator's password, do it.
  • Click on the file location bar and enter this value: C:\\Windows\\System32\\Drivers\\etc\\. Most likely this will open an empty folder, but do not worry – the file you need is hidden. Simply type hosts in the File name field and click Open.
  • An alternative way to open the hosts file is to go to that folder and click View. Then you need to select Hidden items option and then you will see the right file on your screen. You can right-click on it and choose Open with Administrator privileges.

The hosts file will look like this:

Remove suspicious entries

  • Pay attention to lines and IPs. To put it shortly, potentially unwanted programs might configure the hosts file to redirect you to different websites by assigning wrong IPs to particular domain. In the given example, you can see an IP of mystartpage.com, but not Google. Delete such suspicious lines and then click File > Save.

Check Domain Name Server (DNS) settings

  • Go Control Panel-> Network Connections -> select Local Area Connection. In other Windows versions it might be easier to access the panel using these directions:
  • Press down Windows key + R and type control panel. Click OK. Go to Network and Internet section, then to Network and Sharing center. Here, click on Change adapter settings.
  • Then you should right-click the icon of the network you are using and choose Properties.

Open Network Connections

If asked, enter your Administrator password again.

  • You should see a window presented in the image below.
  • Here, you will need to adjust Internet Protocol (TCP/IP) properties. Be aware that you might find two versions (4 and 6) of Internet Protocol (TCP/IP), so in such case, we recommend applying same changes we will describe to both of them. So, let's start with Internet Protocol Version 4 (TCP/IP). Select it and click Properties:

Configure Ethernet properties

  • New window (Internet Protocol window) will show up;
  • Select Obtain an IP address automatically and Obtain DNS server address automatically options. Alternatively, you can set public Google DNS servers manually. In such case, you need to enter select Use the following DNS server addresses options and then enter 8.8.8.8 and/or 8.8.4.4 into provided fields. Click OK to save.

Check your proxy settings

For Internet Explorer:

  • Launch IE, then go Tools > Internet Options;Open Internet Explorer Settings
  • Click Connections tab and press Local Area Network (LAN) Settings as it is shown is a picture:

Change LAN settings in IE

  • Deselect everything or enter parameters that were given by system administrator and press OK. Click Apply and OK in Internet Options window.

For Mozilla Firefox:

  • Launch Mozilla Firefox, then go Tools Options;Open Firefox Options
  • Additionally, press Advanced and open Network tab. Press Settings button.

Open Firefox Settings

  • Select No proxy or enter parameters that were given by system administrator and press OK.

Disable proxy on Firefox

For Google Chrome:

  • Open Google Chrome and enter this line into the address field: chrome://settings/system and press Enter;
  • Find System tab and click Open proxy settings;
  • Now in the Internet Properties window, click Lan settings button > Local Area Network (LAN) Settings;
  • Uncheck the Use Proxy server for your LANAutomatically detect settings, Use automatic configuration script and click OK.
  • Click Apply and OK in the Internet Properties window to finish.

Disable Chrome Auto Configuration

For Microsoft Edge:

  • Open Microsoft Edge and open its Settings (three dots in the upper right corner of the browser window). Scroll down and click View Advanced Settings.
  • Find and click Open Proxy Settings. Here, select Automatically detect settings option and click Save.

Disable proxy settings in Microsoft Edge

For Safari:

  • Open Safari and click gear icon in the upper right corner. Click Preferences.Open Safari Settings
  • Go to Advanced tab. Here, click Change Settings… button next to Proxies option.
  • Open LAN settings. In the new window, deselect all options as shown in the example below and click OK. In Internet Properties tab, click Apply and OK to save.

Change Safari proxy settings

Delete AutoConfigURL virus:

Sometimes, browser hijackers and malicious programs can add AutoConfigURL[2] key to Windows Registry. In such case, you can also see a suspicious address in the Use automatic configuration script setting[2]. You should follow the given directions to remove AutoConfigURL virus:

  • Press Windows key + R to open Run prompt. Type regedit and click OK.
  • Now, navigate to Computer\\HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings and find AutoConfigURL key here.
  • Right-click the key and Delete it.

Delete AutoConfigUrl virus

Check your browser add-ons:

For Internet Explorer:

  • Launch IE, then select Tools > Manage Addons;
  • Delete all add-ons that look spammy/unknown or simple are unverified (there might be some useful ones, but better re-install them after some time).
  • Set browser's settings to default. Use these Reset Internet Explorer instructions.

For Mozilla Firefox:

  • Launch Mozilla Firefox, and enter about:addons in the address field. Then click on Extensions and remove every suspicious entry you can find installed on your browser.
  • Refresh Firefox and set its settings back to default using these instructions on how to reset Mozilla Firefox.

For Google Chrome:

  • Open Google Chrome and enter chrome://extensions in the address bar.
  • Once in the Extensions tab, locate unknown and unverified entries and click on a trash can icon next to them. Click Remove to delete them.
  • Reset Chrome using these in-depth Google Chrome reset instructions.

For Microsoft Edge:

  • Click on three dots in the upper-right corner of Microsoft Edge window. Click Extensions and remove any suspicious extensions you can find.
  • Consider resettings Microsoft Edge settings to default. You can use a full-length guide on how to reset Microsoft Edge provided by us.

For Safari:

  • Open Safari. Go to Preferences and then access Extensions tab. Here, get rid of every suspicious extension installed without your consent.
  • After removing unwanted extensions, reset Safari. Safari reset instructions are already prepared by our support team.

Besides, Zondervirus.nl experts advise[3] that you may also need to change the settings of your default search engine/start page on each of these browsers. However, resetting the browser usually fixes this problem.

Final step: fix modified browser shortcuts

This simple guide explains how to fix shortcuts altered by browser redirect viruses. Whichever web browser you use, the same method can be used to fix each of them. Here is what you need to do:

  • Right-click on browser's shortcut and go to Properties. Then access Shortcut tab.
  • Here, find Target option. You need to check whether there is a suspicious link inserted after the location of browser's executive file. Delete it if you can find it. Depending on the browser you use, correct line in the Target field should look like this:
    • “C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe”;
    • “C:\\Program Files\\Mozilla Firefox\\firefox.exe”;
    • “C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe”;
    • “C:\\Program Files (x86)\\Safari\\”.

Modified browser shortcuts

  • Keep in mind that you might need to switch Program Files to Program Files (x86) if you use 64-bit Windows.

If after completing all given steps you still experience redirects, it is likely that a malicious software is running on your computer. Usually, such programs use advanced obfuscation techniques to root into computer system and stay undetected. Therefore, we highly recommend scanning your computer with an up-to-date anti-malware software to remove Google redirect virus for good.

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References


  • Pingback: Malicious Internet Explorer Plugin infects PC users - spyware news()

  • Pingback: Don’t fall into ‘Update your browser’ scam - spyware news()

  • Pingback: Rogue overview of February and March - spyware news()

  • LaLa

    I’ve checked all of these, used TDSS and MalwareBytes, and all have come back clean. I’m still infected and totally lost. Can anyone help?

  • Benito

    well i had the virus i had to get a system format. Do note that the virus does anything to stop ANTI-VIRUS systems to be installed Mcaffe is a bad anti virus for this type of stuff.

  • Pingback: Click.get-answers-fast.com redirect and its removal()

  • Pingback: Are you sure you are not infected with Cycbot? « Ugnius Kiguolis()

  • Pingback: Scour virus removal guide()

  • Pingback: Browser hijack and Crackle redirect virus()

  • Pingback: Supprimer Searchsafer.com redirect virus()

  • Pingback: Ta bort searchbrowsing.com redirect()

  • Pingback: Come rimuovere Search.conduit.com Virus()

  • Pingback: Cara menghapus Search.conduit.com Virus()

  • Pingback: Livre-se do RivalGaming.com()

  • Pingback: Ta bort RivalGaming.com()

  • urmas

    Pay attention to lines and IPs: if you see more, delete these, especially if they rewrite google or Microsoft subdomains.
    “delete these” !!!!
    You are suggesting to edit system file, mr. FunnyGuy, good luck !!

  • Pingback: Ta bort Google redirect()

  • Pingback: Como remover Firefox redirect virus()

  • Pingback: Supprimer Firefox redirect virus()

  • Pingback: Como remover Search.conduit.com Virus()

  • Pingback: ¿Cómo quitar Firefox redirect virus?()

  • Pingback: Ta bort Firefox redirect virus()

  • Pingback: Ta bort Chrome redirect virus()

  • Pingback: IE redirect virus kaldırma()

  • Pingback: Ta bort IE redirect virus()

  • Pingback: Cara menghapus Firefox redirect virus()

  • Pingback: Ta bort Search.conduit.com Virus()

  • Pingback: Pääse eroon Search.conduit.com Virus-loisesta()

  • Pingback: ¿Cómo quitar 22find virus?()

  • Pingback: Como remover Searchab.com()

  • Pingback: Ta bort 22find virus()

  • Pingback: Ta bort Searchab.com()

  • Pingback: Απομάκρυνση Search-results.com virus()

  • Pingback: Απεγκατάσταση RivalGaming.com()

  • Pingback: Απεγκατάσταση Chrome redirect virus()

  • Pingback: Ta bort Search-results.com virus()

  • Pingback: как удалить Chrome redirect virus()

  • Pingback: MyWebFace toolbar parazitinden kurtulma()

  • Pingback: ¿Cómo quitar MyWebFace toolbar?()

  • Pingback: Eliminando Mocaflix()

  • Pingback: MyWebFace toolbar verwijderen()

  • Pingback: Mocaflix verwijderen()

  • Pingback: Fjerne searchbrowsing.com redirect()

  • Pingback: ¿Cómo quitar Search.conduit.com Virus?()

  • Pingback: Searchab.com Guía de eliminación()

  • Pingback: Searchqu šalinimas()

  • Pingback: Kaip ištrinti searchbrowsing.com redirect()

  • Pingback: Kaip ištrinti RivalGaming.com()

  • Pingback: Search-results.com virus šalinimas()

  • Pingback: Searchbrowsing.com redirect verwijderen()

  • Pingback: Chrome redirect virus verwijderen()

  • Pingback: 22find virus verwijderen()

  • Pingback: как удалить Search.conduit.com Virus()

  • Pingback: Guia de remoção do Searchqu()

  • Pingback: Como remover searchbrowsing.com redirect()

  • Pingback: Search.conduit.com Virus parazitinden kurtulma()

  • Pingback: 22find virus kaldırma()

  • Pingback: Como remover 22find virus()

  • Pingback: Kaip ištrinti Scour Virus()

  • Andre Luis Marinng

    Hello, I followed your instructions except for only deleting the bad files in “host”, I accidentally delete the whole thing and now my computer won’t connect to the internet. (I’m on my tablet). Please help me…. Not sure if the virus is gone yet and won’t find unless I get back online. Please help me. Thank you in advance!

  • Pingback: Hva er 22find virus()

  • Pingback: Eliminar el virus Scour()

  • Pingback: Scour virüsünü kaldırın()

  • Pingback: Hoe Scour Virus weg te halen()

  • Pingback: Vad är Viruset Scour()

  • Pingback: Sbarazzarti dal virus Scour()

  • Pingback: Kom van Linkbucks.com virus af()

  • Pingback: Linkbucks.com virus Instrucciones de eliminación()

  • Pingback: Ta bort Search.conduit.com viruset()

  • Pingback: Matar mywebsearch.com()

  • Pingback: Mywebsearch.com-loisen korjaus()

  • Pingback: Eliminera Searchqu()

  • Pingback: Avinstallere Scour Virus()

  • Pingback: Πώς να αφαιρέσετε το Scour Virus()

  • Pingback: Drep IE redirect virus()

  • Pingback: Chrome redirect virus fjerningsinstruksjoner()

  • Pingback: Firefox redirect virus fjernings veiledning()

  • Pingback: Bli kvitt Linkbucks.com virus()

  • Pingback: Ξεφορτώσου το IE redirect virus()

  • Pingback: Απεγκατάσταση Bing Redirect virus()

  • Pingback: Hur man tar bort Bing Redirect virus()

  • Pingback: Απεγκατέστησε Firefox redirect virus()

  • Pingback: Avinstallere Bing Redirect virus()

  • Pingback: Mywebsearch.com steg för borttagning()

  • Pingback: Deinstallation von Bing Redirect virus()

  • Pingback: Οδηγίες Αφαίρεσης Searchab.com()

  • Pingback: Avslutte Searchqu()

  • Pingback: Eliminoi Searchqu()

  • Pingback: Τι είναι το Searchqu()

  • Pingback: Search.coupons-bar.com repareren()

  • Pingback: Απομάκρυνση mywebsearch.com()

  • Pingback: Scour Virus fiks()

  • Pingback: Disinstallare Search.coupons-bar.com()

  • Pingback: Få bort Linkbucks.com virus()

  • Pingback: Borttagning av Search.coupons-bar.com()

  • Pingback: Fjerne Linkbucks.com virus()

  • Pingback: Forless.com-Entfernungsanleitung()

  • Pingback: Beëindig forless.com()

  • Pingback: Avinstallere mywebsearch.com()

  • Pingback: Avslutte forless.com()

  • Pingback: Deinstallation der MyWebFace-Toolbar()

  • Pingback: Mocaflix rimozione istruzioni()

  • Pingback: Mocaflix poistaminen()

  • Pingback: Βήματα αφαίρεσης του MyWebFace toolbar()

  • Pingback: ¿Cómo quitar la toolbar MyWebFace?()

  • Pingback: Αφαίρεση Mocaflix()

  • Pingback: Bing Redirect virus verwijder instructies()

  • Very helpfull for me. Thanks for share

Files
Software
Compare
Like us on Facebook