Google Redirect Virus

Google Redirect Virus Description

Google Redirect Virus Screenshot Image 1The Google Redirect Virus has been around for quite some time and is known by many aliases, although, the primary behavior remains constant. Basically, the Google Redirect Virus plays tricks on the minds of PC users who desire Google web searches by randomly redirecting them to malicious web pages or search engines.

Any form of the Google Redirect Virus is dangerous due to the malicious commands it executes and the stealth programming techniques used to hide its files from prying eyes and anti-virus software radars. Malware such as the Google Redirect Virus may come bundled and cloaked inside a legitimate download of freeware, shareware, or a codec needed to view a movie. Plug-ins are another form of deceptive transport that exploits PC users' ignorance to Internet security, since many blindly click without knowing the origin.

Google Redirect Virus's main goal is to hijack your web browser and redirect it to malicious websites, including but not restricted to:,,,,,,,,,,, AboutBlank,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, (Clicksor),,,,,,,,,, (expand search answers),, (starFeedsMixer),, (FilesCup),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, YouPorn,, ( popups),,,,,,,,,,,,, (neat search server ZeroAccess rootkit),,,,,,,,,,,,,,,,,,,, (,,,,,,,,,,,,,, Social Search Redirect,,,,,,,,,,,,,,, (tazinga!),,,,,,,,,,,,,,,, (vShare),,,,,,,,,, and

Not all malware announces its presence, but unless you changed your own host file, you can be certain you have a browser hijacker or Google Redirect Virus when your search requests forcibly routes you to unwanted websites. Cybercriminals create malware to multi-task and achieve one or more payloads. The foreign websites may include links that yield cybercrooks unearned pay-per-click (PPC) residuals or might help promote a rogue security program.

Google Redirect Virus has rootkit characteristics meaning it may go undetected from many applications. Google Redirect Virus can be said to be very similar to the parasites and fake security applications known as Backdoor.Tidserv, Alureon, Windows Necessary Firewall and even Fast Windows Antivirus 2011.

Malware exploits vulnerabilities found in software or hardware or takes advantage of human behavior and the ignorance of executing Internet security practices. So if you or someone using your PC indulged in one of the following, it could explain how your PC got infected with the Google Redirect Virus.

  1. You took your chances and decided against installing a reputable anti-malware tool.
  2. You installed an anti-malware tool but got comfortable and did not renew it.
  3. You were drawn into clicking on a dubious link of some online suicide or
    celebrity hoax.
  4. You were spammed because you didn't verify the source of that email attachment or link from
    your family or friend, whose accounts was hijacked by a cybercriminal.
  5. You love the word free and pirated music or movies.
  6. You love freeware and shareware and downloaded an infectious codec to view a movie or video.
  7. You love visiting porn sites, gaming sites or warez ones and got infected.

To combat malware short and long-term is to understand its structure and malicious intent. Below is a general outline of what is in store for PCs housing the Google Redirect Virus:

  • Trojan gains deceptive entry by exploiting vulnerabilities in hardware, software or good ole human behavior and weak Internet security practices.
  • Modifies system registry and makes an entry so that its random named executable (done to keep the Internet security community guessing) is run at every boot.
  • Drops a .TMP file in your temporary folder and this file installs other malicious components.
  • The .TMP file (randomly named) will register itself as a legitimate service (thus bypassing your firewall and eluding AVG efforts) by copying a legitimate .dll file and infusing it with its poisonous script to load its malicious .TMP file.
  • It then exploits vulnerabilities in Microsoft Windows DLL listing by adding the 'modified' .dll file and having it loaded into memory along with the other 'legitimate' ones.
  • Once loaded, the venomous .TMP file creates a randomly named file in your 'driver' folder (usually with the .sys extension). This random file is the component that hides all its malicious files and programs from prying eyes (yours and AVG radar).
  • Once the random .sys file is deployed, it drops a .dll file in your 'system' folder and this file is then injected into the SVCHOST executable, which downloads more malicious components from the Internet. It is these configuration files that help a hacker do the following:
    a. Perform HTTP transfers (i.e. to send or receive new transmissions)
    b. Display or trigger pop-up adverts
    c. Inhibit programs or applications from running, especially those threatening malicious attacks.
    d. Set command delay
    e. Order DNS attacks
    f. Spoof email accounts and spam persons on contact list
    g. Download other malicious programs such as:
    i. Trojan keylogger = steal vital data out of cache or directly off-web based forms
    ii. Trojan backdoor = exploit remote assistance tool to secretly make use of your PC
    iii. Trojan hijacker = change your host files and redirect web searches to malicious or unwanted websites
    iv. Trojan dropper = drop more malicious components or programs in your PC

In addition to the Google Redirect Virus hijacking your browser, your system may become impaired, and you might notice the following:

  • Keyboard malfunctioning
  • Windows will unexpectedly requests reactivation of drivers
  • System runs slow or freezes up
  • Applications do not run properly
  • Homepage changed or browser redirects you to unwanted websites
  • Icons added or missing and hardware or drivers inoperable

The longer you allow the Google Redirect Virus to fester, the bigger the risk or threat to your data and system, as these malicious programs use a lot of resource and could cause a system crash.

However, don't be surprised if you are assaulted by pop-ups adverts or scary alerts and fake warnings, or if a slick-looking interface appears out of nowhere and runs an unauthorized scan. This is the typical behavior of a rogue security program, a well-used scam used to scare PC users into blindly handing over their credit card and bank routing number to buy a useless piece of software. Never trust any program that self-loads, runs an unauthorized scan or hijacks your browser.

Don't waste time and don't let some hacker steal your personal information. Fight fire with fire by using a reliable anti-malware tool that is capable of digging into the root of your system and finding all traces of the Google Redirect Virus.

In the interim, disconnect your Internet to stop any new transmissions of data to some remote server. Get to a malware-free PC and change your logins and security credentials for your online accounts.

Aliases: Trj/Genetic.gen [Panda], HEUR:Trojan.Win32.Generic [Kaspersky], WIN.Trojan.Agent-83670 [ClamAV], TROJ_GEN.RCBZ7A6 [TrendMicro-HouseCall], WS.Reputation.1 [Symantec], Trojan.Kryptik!bnm2LXIQg/s [Agnitum], Trojan/Kryptik.akco [TheHacker], Trojan [K7AntiVirus], Artemis!A99D0C59FDB7 [McAfee], Trojan.Vundo.Gen [CAT-QuickHeal], Trojan.Win32.ZPACK.bebabu [NANO-Antivirus], Trojan.Agent/Gen-Kryptik [SUPERAntiSpyware], UnclassifiedMalware [Comodo], Generic29.AKVZ [AVG] and W32/Kryptik.KO!tr [Fortinet].

Infected with Google Redirect Virus? Scan Your PC

Download SpyHunter's Spyware Scanner
to Detect Google Redirect Virus
* SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Google Redirect Virus Image 1

Infection Statistics

Our MalwareTracker shows malware activity across the world. Explore real-time data of Google Redirect Virus outbreaks and other threats from global to local level.

File System Details

Google Redirect Virus creates the following file(s):
# File Name Size MD5 Detection Count
6 %USERPROFILE%\Local Settings\Application Data\Conduit\Babylon\xriotabb.dll 485,376 2a69d434d9d6d6d120fc39a190ca00d3 78
7 kbd101V.dll 135,168 a99d0c59fdb79c60d748b35f3ec3e448 75
10 KBDSL1B.dll 120,832 6f1ad64ccb0b277c0668318e20ef27fc 54
12 %APPDATA%\Bitrix Security\[RANDOM CHARACTERS].dll 21
13 %WINDIR%\system32\msdeltam.dll 458,752 0517f1b0c76bd2a32f0cb681617bee80 17
16 TDSSserv.sys N/A
17 C:\WINDOWS\system32\uacinit.dll N/A
20 C:\WINDOWS\Xzagua.exe N/A
21 Xwo.exe N/A
22 C:\Windows\System32\wdmaud.sys N/A
23 C:\WINDOWS\system32\UAC.dll N/A
24 C:\WINDOWS\SYSTEM32\4DW4R3c.dll N/A
25 C:\WINDOWS\system32\drivers\UAC.sys N/A
26 C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll N/A
27 Xwk.exe N/A
28 dmgsh.exe N/A
30 C:\WINDOWS\system32\_VOID.dll N/A
31 C:\WINDOWS\system32\drivers\_VOID.sys N/A
32 Xzagua.exe N/A
33 C:\WINDOWS\system32\UAC.dat N/A
34 C:\WINDOWS\SYSTEM32\4DW4R3sv.dat N/A
35 %Temp%\UAC.tmp N/A
36 C:\WINDOWS\system32\UAC.db N/A
37 C:\WINDOWS\system32\_VOID.dat N/A
38 C:\WINDOWS\Temp\UAC.tmp N/A
40 C:\WINDOWS\system32\uactmp.db N/A
41 C:\WINDOWS\Temp\_VOIDtmp N/A
42 %Temp%\_VOID.tmp N/A
More files

Registry Details

Google Redirect Virus creates the following registry entry or registry entries:

Site Disclaimer


  • debbie jiles:

    My husband and friend put " Apatche" licenses on my phone trying to hide theirstuff from me. They are gone but not it. Is this any good at getting that off my android without erasing all theyve done? Its on my phone and both Ipads and really gets my goat. Thanks

  • Pat:

    Few days ago I got this virus. AVG and Malwarebytes couldn’t detect it. I didn’t know what to do and then stumbled here, since i don’t know any other programs I bought SPyHunter. Apparently it’s miracle worker. My PC is squeaky clean now. Thank you!

  • Kelly Martin:

    How do I get rid of this virus??


    what do I need to do to fix this problem?

  • Big D:

    I keep getting this redirect and have tried everything available, it is annoying and when it redirects, it does this about 2-3 times, always about downloading a google extension, how can i find it in my registry and zap it? thanks… this is the link that shows up in a new tab

  • Jaqui:

    Is there a Mac version of Spyhunter? If not, can you suggest a similar program that runs on Mac.

    Yes, my Mac is infected with this virus! Beware Mac peeps, this can happen to you.

  • crack:

    This article is really a good one it assists new internet people, who are wishing for blogging.

  • search engine:

    I blog often and I seriously appreciate your content. This great article has truly
    peaked my interest. I am going to book mark your website and keep
    checking for new details about once a week. I subscribed to your RSS feed as well.

  • Shipping:

    Greate article. Keep writing such kind of info on your blog.
    Im really impressed by your blog.
    Thanks for sharing your thoughts on Google Redirect Virus. Regards

  • Exterior:

    This page definitely has all the information I needed concerning this subject and didn’t know who to ask.

  • Google Virus Guy:

    Google direct virus is difficult to remove and it change your host file as well.

  • Ganoderma:

    My spouse and I stumbled over here from a different web address and thought I may as well check things out. I like what I see so i am just following you. Look forward to checking out your web page again.

  • Lynn Hauman:

    Can I get help for free?

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 4 + 13 ?