How to remove Google Redirect Virus
Thursday, May 21st, 2009 at 3:02 amHome » Browser Hijacker » Google Redirect Virus
Google Redirect Virus description
Google Redirect Virus is a kind of system parasite that hijacks user’s google search results and redirects them into some rogue or malicious websites. Such websites usually promote malware or some other online scam and what’s worse, may even infect the system with more viruses. Google Redirect Virus is distributed with the help of trojans, such as Msqpdxserv.sys.
The best thing to do when having Google Redirect Virus on your system is to acquire a legitimate system security software so that to find and remove Google Redirect Virus from your computer. If you, however, want to remove Google Redirect Virus from your computer manually, you’ll need to remove malicious:
Please follow these links in order to learn how to remove each one of them. When all the removal procedures are finished, clear your browser cache and reboot the computer.
Google Redirect Virus is a Browser Hijacker
42 Responses to
Google Redirect Virus
Leave a Reply
Subscribe
Search
Categories
- Adware
- Backdoor
- Browser Helper Object
- Browser Hijacker
- Fake warning messages
- Keylogger
- Malicious domains
- Remote Administration Tool (RAT)
- Rogue Antispyware
- Tracking Cookie
- Trojan
- Worm
Latest spyware threats
- Smart Anti-Malware Protection
- Internet Security
- PC Clean Pro
- Windows Vista Antivirus 2012
- Malware Protection Center
- Antivirus Smart Protection
- Internet Security 2012
- Smart Internet Protection 2012
- Smart Protection 2012
- Internet Security Guard
- Home Security Essentials
- Windows 7 Internet Security 2012
- Windows Vista Security 2012
- Windows XP Internet Security 2012
- Windows Vista Internet Security 2012
Recently commented
- Net Protector AntiVirus 2010
- Internet Security Guard
- Vista Antivirus 2012
- Vista Home Security 2012
- Win 7 Anti-Virus 2011
- Vista Antispyware 2012
- Security Antivirus
- Registry Easy
- Windows Vista Antispyware 2012
- AV Security Suite
- Win 7 Antispyware 2012
Malicious domains
- iCityFind
- Antivirsword.com
- Webantispy.com
- Antivirmore.com
- Antivirglass.com
- Oksave9.co.cc
- Smartsecadv.com
- AV-look.com
- Profantivir.com
- Customwebblacklist.com
Fake warning messages
- Kaspersky Internet Security 2011 Enhanced Protection Mode
- Comodo Enhanced Protection Mode
- Microsoft Security Essentials Enhanced Protection Mode
- McAfee Enhanced Protection Mode
- Norton Antivirus Enhanced Protection Mode
- ESET Smart Security Enhanced Protection Mode
- Microsoft Defender Enhanced Protection Mode
- Avast Enhanced Protection Mode
- Fake “Windows – No Disk” alert
- “Low Disk Space” counterfeit warning
Tutorials
- Contact Us
- How to block malicious websites using HOSTS file?
- How to delete registry entries?
- How to download and install Spyware Doctor
- How to kill malicious processes?
- How to recognize a rogue security program?
- How to recognize a rogue website?
- How to unregister DLL files?
- Signs of browser hijacker infection
Archive
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
Tags
AdWarePro
Antimalware Doctor
AntiSpyware Soft
Antivir Solution
Antivir Solution Pro
Antivirus+
Antivirus 7
Antivirus 360
Antivirus360
Antivirus 2009
antivirus2009
Antivirus 2009 Protection
Antivirus2009 Protection
Antivirus2009Protection
Antivirus 2010
Antivirus Suite
Antivirus System PRO
AntiVirus Trigger
AntiVirusTrigger
Antivirus XP Pro
AV Security Suite
Conficker
Control Center
Enhanced Protection Mode
HDD Defragmenter
InternetAntivirus Pro
Internet Antivirus Pro
Perfect Defender 2009
Personal Antivirus
Quick Defragmenter
Rapid Antivirus
Security Master AV
Smart Engine
Smart Security
Spyware Protect 2009
System Adware Scanner 2010
System Guard 2009
System Security
System Security 2009
Virus Doctor
Vundo
WinPC Antivirus
WinSpywareProtect
XP Police Antivirus
zlob
June 6th, 2009 at 6:12 pm
ya umm.. wat about ppl who dont no enuf bout computers 2 no how to remove this shit..?
Reply
Luciana Reply:
June 7th, 2009 at 10:12 pm
You can always install some anti-spyware and let it do the removal for you.
Reply
jezza Reply:
July 12th, 2010 at 7:35 am
ive installed 3 different ani spyware progs and none find it
Reply
June 8th, 2009 at 3:03 am
Which software do you recommend to download? My homepage is currently the same, but when I try click on a google web search it takes me to other site and when I type the website into the address bar it does the same.
Reply
Luciana Reply:
June 8th, 2009 at 3:22 am
You can download Spyware Doctor from this website. It doesn’t matter which software you choose; just make it’s anti-spyware and make sure it’s reputable.
Reply
Roderick Burkes Reply:
February 12th, 2011 at 2:18 am
That is complete bull. I installed a new hard drive because my old one had the google redirect virus and nothing was working to find and remove the virus. So I install the new hard drive thinking there is no way that this virus could have followed it onto a NEW hard drive. The first time I install windows and start it up, I go to google, and sure enough. There is that damn redirect virus. antispyware programs are not removing this virus. There has to be a PROVEN way to get rid of this infection.
Reply
July 18th, 2009 at 3:15 am
I have been trying to remove this softwre for ages. Any website which offers solutions seems to be blocked!
Reply
TheUnknownHacker Reply:
November 7th, 2011 at 4:30 pm
I have the same thing and no matter how many times i delete it, it comes back. If you want to view any webpage that redirects you,
then click the link,
then click the address bar (so that the address of the webpage that you want to view is completely highlighted)
and hit enter…
Let me know if that works for you
Reply
November 14th, 2009 at 4:12 pm
We used Spy doctor. things are working right now. It started out as a redirect virus then google and yahoo were blocked completly.
Reply
December 3rd, 2009 at 11:41 am
I’ve got a computer that has that virus but it blocks Spyware Doctor for opening! I downloaded it with no problems but it will not run. I’ve tried to double click the icon, used the ‘run’ command, etc. When I click on ’start’ and find it there the program has been highlighted in pale orange though so this virus I’m sure is behind preventing it from opening.
I ran Malware bytes & though it cleaned up a lot the virus is still there. Cleaned the registry too, manually removed host files, dlls & exe files that looked suspicious but I’m still missing something. There’s also a couple of files I just cannot delete.
Reply
Mircea Reply:
August 9th, 2010 at 2:01 pm
try from Safe Mode.
Reply
lee Reply:
October 28th, 2011 at 7:20 am
Look in your registry for the extension registry settings. It’s likely something set itself up as the program to launch .exe with. That’s a nasty one, but if you find and remove that, not only will you be able to run things again, but you’ll also know what to delete.
Reply
December 7th, 2009 at 6:25 pm
I have a redirecting virus that affects all browsers (Firefox, Internet Explorer, Netscape) that none of the antiviral software I have tried will remove. I have already tried manual removal of the browsers except Netscape, removal of old versions of Java, using SuperAntivirus, Malwarebytes, Microsoft Security Essentials, and Panda Antivirus. None of them have been able to disable this malware. They do not even see it. I did a system restore to a date prior to the infection but the virus persisted.
What now?
Reply
December 24th, 2009 at 7:34 pm
Yeah, same problem here. Superantispyware and Malwarebytes cleaned out the bad files, but there’s something in the registry that redirects Google searches. My only workaround is to use AltaVista to search. There seems to be a lot of useless articles like this that claim to tell you how to remove the redirect virus, but that tell you nothing.
Reply
December 27th, 2009 at 2:58 am
Try deleting C:\Windows\system32\Wdmaud.sys……………
Reply
bryan Reply:
December 28th, 2009 at 1:14 am
Please note that wdmaud.sys located in C:\Windows\System32\drivers\ is is a Windows core system file, it’s a safe file.
But wdmaud.sys in C:\Windows\system32\ is a trojan/Google redirect also known as Rootkit.Win32.Agent.fwt.
Reply
January 6th, 2010 at 7:13 am
Has ANYONE found a ay to get rid of this redirect virus yet !!! I have been trying for several days now without any luck at all. I found an article on it that said to “Disable” it instead of deleting it. Said that if you deleted it, that it would reinstall itself when you rebooted. I am about to the point that I am ready to just wipe my hard drive and reinstall the O/S if I cannot find a fix for this problem.
Reply
January 14th, 2010 at 3:51 am
Hi all, I have fond a solution that works fine. In WindowsXP, Check C:\Windows\System32\Drivers\atapi.sys. If it is 95KB 0r 93KB it is infected(It should be 94 KB). It is a genuine file,but gets infected because of Virus.So Expand the File from i386)folder.If the file is not replaced the computer may not boot or may end up in BSOD Error. Eg of Expand command (expand C:\i386\atapi.sy_ C:\Windows\System32\Drivers\atapi.sys). ENJOY !!!!!!!!!!!!!!!
Reply
char Reply:
June 28th, 2010 at 5:25 pm
srinath, i have the same virus as everyone here. my ” C:\Windows\System32\Drivers\atapi.sys. If it is 95KB 0r 93KB it is infected(It should be 94 KB) ” my file say 94.2 KB…is it infected????
Reply
Terry Reply:
June 29th, 2010 at 8:10 am
Post by Srinath worked for me. Great help Srinath . Keep it up.
Reply
Stacey Reply:
July 4th, 2010 at 5:16 pm
I am so not computer literate. how do I go about actually doing this please? I have no idea where to start.
Reply
Stacey Reply:
October 18th, 2010 at 10:10 am
I got rid of it. What worked for me with my XP was to go to start, then search, All files, etc, then type in etc, once you see the folder labelled etc then right click on it to remove read only under properties, then hit on it and I deleted all the host files that were crazy, there were a bunch like ad this and sex that etc then i went back and right clicked on etc to put read only again rebooted and it was gone.
Reply
January 23rd, 2010 at 8:23 am
I got the redirect virus and used Hitman Pro 3.5 (downloaded for cnet downloads) and it seems to have gotten rid of the virus without messing up anything else.
Reply
June 12th, 2010 at 6:28 am
How can i can i fix the problem when everytime i try to type hitman in the browser, it redirects me
Reply
June 19th, 2010 at 7:58 am
Use another search engine.
Reply
June 21st, 2010 at 1:27 pm
I appear to have the google redirect virus. I can’t download anything to fix it because it redirects it. I used a separate computer and used the download link to download sdsetup_aff.exe from this website then copied it to the infected computer. Unfortunately the first thing the software does is try to update and gets “Redirected” causing it to fail so I can’t use the software.
Help!!!
Reply
June 25th, 2010 at 10:35 am
If you need to do searches till you solve the problem you can always copy and paste the search results address into the address bar and that shouldnt do a redirect. Also for Firefox there is a plug-in that’s supposed to solve that. I installed it and it helped but wasnt 100%.
I think I finally eliminated the virus after trying all the free spyware programs . I had more items detected with Malware Bytes than any of the others. People say Combo Fix will knock it out but that its not a good tool for folks that arent experienced with it.
I’d also recommend doing all the windows updates and update your browser. Good luck
Reply
June 28th, 2010 at 9:19 am
Post by Srinath worked for me . Great help Srinath . Thanks
Reply
June 30th, 2010 at 10:31 pm
Post by Srinath worked for me also . Great help Srinath . Thanks
I tried many software and scan before without result!
Reply
July 2nd, 2010 at 4:53 am
So Expand the File from i386)folder.If the file is not replaced the computer may not boot or may end up in BSOD Error. Eg of Expand command (expand C:\i386\atapi.sy_ C:\Windows\System32\Drivers\atapi.sys). ENJOY !!!!!!!!!!!!!!!
^^^
could someone please explain that a bit more clearly?
sorry, but i’ve read it many times, opened the C:\WINDOWS\system32\drivers
and attempted to figure out how to get rid of the google redirect virus, but
i’m having trouble because every “help” suggestion is similar to the one above.
many of us don’t understand what you said. i openly admit i didn’t.
could you please explain that a bit better? please use the carriage return every now and then.
thanks so much.
Reply
July 5th, 2010 at 7:04 am
Insert your Windows XP CD-ROM into the drive. Click Start, Run and type CMD.EXE. Use the Expand command.
Example
expand X:\i386\atapi.sy_ -r c:\windows\system32\drivers\
Where X:\ is your CD-ROM drive letter. The above command assumes Windows is installed in C:\ drive. If not, change the drive letter / Path accordingly.
Srinath , Am I correct ?
Reply
alam khan Reply:
January 4th, 2011 at 8:28 am
D:drive amd64 i386 virus file not delete pls melp me
Reply
July 14th, 2010 at 7:48 am
Terry – The right command is
expand X:\i386\atapi.sy_ -r c:\windows\system32\drivers\atapi.sys
and all other info you gave are perfectly correct
Reply
July 15th, 2010 at 2:21 am
thanks and sorry for that! I see a file oko6.dll . Is this a virus file?
Reply
July 16th, 2010 at 4:34 am
Shrinath, tried u r solution.
expand h:\i386\atapi.sy_ -r h:\windows\system32\drivers\atapi.sys this command is not working, some window flashes but file is not replaced. My win xp is on h: as i386 is also at same place. Pl help I am tired of every solution and badly need google services as unable to even login gmail etc.
Reply
October 17th, 2010 at 11:21 am
I am experiencing the same problems with the virus. None of the anti-virus anti-malware things I have downloaded can find it. Srinath
pointed out a solution but my computer is old. It came with Windows XP I do not have a OS disk for it. So how do I expand the file? Is there another solution available?
Please help.. and explain in simple terms. I’m not the most computer literate person out there.
Reply
October 21st, 2010 at 8:11 pm
I am having the same problem. I can not get onto any website at all except Google. I get Internet Explorer cannot display the webpage error. I can do searches but if I click on the link or type in an address in the address bar I get that error.
I do not have a CD rom because my computer is used and I did not get one.
Is there anything else I can do?
Thanks!
Reply
August 3rd, 2011 at 1:40 pm
It is connected to Java. Just go to Control Panel, click on the Java icon, delete temporary files located there, restart your computer, and voila, it’s gone.
Reply
August 20th, 2011 at 10:01 am
Reboot your computer in safe mode and delete the following file in the following folder. Fixed my redirect problem like a champ!!
File: api-ms-win-core-memory-l1-1-032.dll
Folder: C:\Windows\SysWOW64
Reply
August 28th, 2011 at 3:19 pm
To replace the atapi.sys file. You have to expand from an original location to a save location on the hard drive such as a TEMP folder. You then have to reboot with an original disk or bartpc or something to get you at a dos like screen after reboot. Then manually copy the file to two folders where it exists.. Being in a Dos like mode allows you to over write the infected files.
good luck
Reply
September 6th, 2011 at 2:47 pm
Hey all! I had success with George’s remedy! go to Start, Control Panel, click on Java, go down to Temp Internet Files, click settings, then click on Delete files tab at bottom, (both checkmarks) then hit ok! finally tried the windows\syst32\drivers\etc\hosts (edit file)..thanks George!
Reply
September 10th, 2011 at 3:55 pm
George’s remedy worked for me as well, at least for now. I’ll have to give it a while to see if it creeps back in.
Reply