Google Redirect Virus

Google Redirect Virus Description

Google Redirect Virus Screenshot Image 1The Google Redirect Virus has been around for quite some time and is known by many aliases, although, the primary behavior remains constant. Basically, the Google Redirect Virus plays tricks on the minds of PC users who desire Google web searches by randomly redirecting them to malicious web pages or search engines.

The Google Redirect Virus Makes Online Searches Ineffective and Dangerous

The Google Redirect Virus (GRV) has been frustrating Internet users for several years now, yet it looks like there is still no effective method for avoiding the infection. In fact, it has even become one of the most severe cybersecurity issues of our time due to the vast popularity of the Google search engine that allows attackers to reach a large number of potential victims. The malware affects Windows, MacOS, and Linux operating systems, while recently Google Redirect Virus versions for mobile devices have surfaced as well.

Profound research shows that there is not just one particular threat called Google Redirect Virus, the name rather encompasses a series of infections and issues affecting most popular browsers with the common result of redirecting the user to malicious web pages through fake search results. The GRV malware is also known as "Chrome Redirect Virus," "the Google Virus," "Yahoo Redirect Virus," and "Bing Redirect Virus." Newer versions have also been identified, and they are known as "Happilli Redirect Virus" and "Nginx Redirect virus."

The most obvious symptom of a GRV-type of infection is that all Google searches of a user get redirected to some unknown or shady domains, or to pages of other search engines that could have malicious content. Users having the GRV on their computers will experience the redirecting to unrelated or obnoxious websites when they click on any of the results from their Google search, regardless of which browser they use. Thus, the main functionalities of the Google Redirect Virus have not changed over the years and through the different versions, as well as the intentions of its authors whose main goal is to make money by boosting artificially the visits to their own web pages and the views of the advertisements displayed on them.

All of the locations to which the threat redirects its victims are dangerous since they force the user to purchase malicious software, or may contain scripts that directly install malware or PUPs on the user's device. A clear sign that a PC has been infected with the Google Redirect Virus is that the user gets redirected multiple times from links that are certainly legit, like ebay.com or Facebook. Redirecting programs like the GRV also collect information on users' browsing habits and common search terms, apart from injecting unwanted ads within the search results.

The Google Redirect Virus Disrupts the Overall Performance of Your PC

Google Redirect Virus will not only hijack your browser but also your entire system will be severely impaired so that you might experience some of the following symptoms:

  • Unexpected requests for reactivation of drivers
  • Applications not running properly
  • A changed homepage of your default browser
  • Misfunctioning hardware components or drivers
  • System freezing or slowing down
  • New icons being added to or icons missing from your desktop

Another possible side effect is the user being assaulted with advertisements, pop-up windows or security alerts. The sudden appearance of unsolicited anti-virus scans that run out of nowhere and warn the user of some non-existing malware threat being detected on his or her PC is also in store for systems infected with a GRV. This last trick is the typical behavior of a rogue security program that attempts to lure the user into purchasing some fake AV software and, respectively, providing their credit card data.

At first sight, the Google virus can be classified as a browser hijacker since it changes the infected browser's settings and causes an overall sluggish and ineffective surfing on the Internet. More recent research shows, however, that this malware can cause more severe damage to infected computers than just the redirecting issues and the annoying ads.

Not a Virus, But a Rootkit

Though its name, a GVR is actually not a virus but a Trojan with rootkit capabilities. The discovery has been made a while ago after the researchers have detected a new malicious program associated with the Google Redirect Virus - it is known as Backdoor.Tidserv. Since then, it is believed that the GRV is a version of the TDSS rootkit which puts itself on the top of a system driver where it cannot be detected and removed. Therefore, any form of the Google Redirect Virus executes malicious commands and employs sophisticated programming techniques to hide its files from anti-virus software radars, making the infection very dangerous, hard to detect, and particularly hard to remove.

As a rootkit-type of malware, GRV is capable of gaining privileged access to the infected computer. Then, it executes redirect scripts into the results of a regular Google search so that the user is redirected to third-party websites when clicking on the search results. A characteristic feature of rootkits is that they use the lower layers of the operating system, like the API function redirection, which makes them really hard to detect. Rootkits can also make the infected system hide from the user existing files and running processes while at the same time displaying non-existent things. A further capability is to download additional threats, like Trojans for example.

Rootkits are extremely hard to remove as well as they integrate themselves into the heart of the operating system. The Google Redirect Virus alters the Master Boot Record (MBR) and makes its own partition on it so that a special anti-rootkit technique is necessary to find the location and this is only possible when the operating system is not running. In addition to that, the malware modifies the main Windows files to receive and execute commands from the attackers while at the same time these files do not look affected since they keep working as normal. Complete removal of the Google redirect virus is usually not possible without a professional removal tool.

The Google Redirect Virus Sneaks into PCs Through Many Different Channels

GRV may come bundled within legitimate freeware, shareware, a codec needed to view a movie or any other application that a user deliberately installs without knowing that the package includes hazardous add-ons as well. Plug-ins are another possible means of distribution of the malware, however, the favorite way of rootkits to spread is through Trojan horses. Trojans typically land on a PC when the user opens a malicious email attachment or visits compromised Internet pages. All of these distribution channels exploit users' ignorance of Internet security consisting of blindly installing files and programs without knowing their origin.

Indulging in any of the following activities can explain how a user's PC has become infected with the Google Redirect Virus:

  • Clicking on suspicious links and visiting untrusted websites on the Internet
  • Opening email attachments from unknown senders or clicking on links embedded into such emails
  • Downloading freeware, shareware, or some sort of hacked software or pirated music and movies from dubious sources or networks
  • Visiting websites that are notorious for containing dangerous and malicious content, like gambling, gaming or adult web pages
  • Not installing a reputable anti-malware application on the computer, or having one with an expired license and an obsolete definitions base

Technical Details of the Google Redirect Virus

Since the Google Redirect Virus is a rootkit, it has the ability to stay hidden within the hard disk of the infected machine for extended periods of time, from where it monitors the user's online behavior and Internet browsing habits. At the same time, the virus does not give any recognizable signs of its presence. In order to identify a GRV on a computer, the user should look for the following processes which researchers believe to be associated with the malware:

Xzagua.exe
Dmgsh.exe
Xwo.exe
C:\WINDOWS\Xzagua.exe
Xwk.exe

GVR's malicious traces can also be found in the registry as the following registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID

DDLs and other files which are known to be related to the malware are:

C:\WINDOWS\system32\UAC.dll
C:\WINDOWS\SYSTEM32\4DW4R3c.dll
C:\WINDOWS\system32\_VOID.dll
C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
C:\WINDOWS\SYSTEM32\4DW4R3.dll
C:\WINDOWS\system32\uacinit.dll
C:\Windows\System32\wdmaud.sys
TDSSserv.sys
C:\WINDOWS\_VOID\
C:\WINDOWS\system32\uactmp.db
C:\WINDOWS\_VOID\_VOIDd.sys
C:\WINDOWS\system32\UAC.db
C:\WINDOWS\system32\_VOID.dat
C:\WINDOWS\system32\drivers\_VOID.sys
C:\WINDOWS\system32\drivers\UAC.sys
C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
C:\WINDOWS\Temp\_VOIDtmp
%Temp%\UAC.tmp
C:\WINDOWS\system32\UAC.dat
%Temp%\_VOID.tmp
C:\WINDOWS\Temp\UAC.tmp

Below is a general outline of what actions the Google Redirect Virus performs on an infected PC:

Modifies the system registry so that the malware's executable runs at every boot. The malware picks the name of that malicious file at random, and it is different each time so that it cannot be recognized by cybersecurity researchers
Drops a .TMP file in the temporary folder. This file is also randomly named and, later on, it installs other malicious components.
The .TMP file registers itself as a legitimate service in order to bypass the firewall and to avoid AV scanning engines. It achieves that by copying a legitimate .dll file and infusing it with its own script, forcing thus the affected file to load the malicious .TMP file.
The malware then exploits vulnerabilities in Microsoft Windows DLL listing by adding the 'modified' .dll file and having it loaded into the memory along with the other legitimate files.

Once loaded, the malicious .TMP file creates another randomly named file in the PC's 'driver' folder, usually a file with the .sys extension. This random file is the component that conceals all of the malware's malicious files and codes from the user as well as from malware detection tools.
Once the random .sys file is deployed, it drops a .dll file in the system folder and this file is then injected into the SVCHOST executable which, in turn, downloads more malicious components from the hackers' servers. It is these configuration files that help the attackers do the following:

  • Prevent programs or applications from running, especially such that threaten the malware's processes
  • Spoof email accounts and spam persons on the victim's contact list
  • Display or trigger pop-up windows and ads
  • Perform HTTP transfers (i.e., to send or receive new transmissions)
  • Order DNS attacks
  • Download other malicious programs such as:
  1. Trojan keylogger which can steal vital data out of the cache or directly off web-based forms
  2. Trojan backdoor which can exploit remote assistance tools to secretly make use of the infected PC
  3. Trojan hijacker which can change the computer's host files and redirect web searches to malicious or unwanted websites
  4. Trojan dropper which can drop more malicious components or programs to the PC

Websites Associated with Google Redirect Virus

Some of the suspicious web pages that Google Redirect Virus is known to link to include questionable search engines (like search.babylon.com), adult websites (like livejasmin.com), and ad-supporting services (like adf.ly). The complete list of websites associated with the malware includes:

Search.babylon.com, scour.com, blinkx.com, Worldslife.com, Blendersearch.com, Bodisparking.com, coolsearchserver.com, webplains.net, find-fast-answers.com, search-netsite.com, toseeka.com, AboutBlank, La.vuwl.com, 10-directory.com, 63.209.69.107, 67.29.139.153, 7search.com, adorika.com, adf.ly, admarketplace.com, alive-finder.com, alltheservices.com, articlemule.org, asklots.com, ave99.com, b00kmarks.com, background-sleuth.net, bargainmatch.com, beoo.com, bestdiscountinsurance.com, bestsearchpage.com, bestclicksnow.com, bestmarkstore.com, bestwebchoices.com, bestwebsearch.com, bidsystem.com, secure.bidvertiser.com, britewallet.com, budgetmatch.net, buzzclick.com, celebrity-gossip.net, cheapstuff.com, citysearch.com, clicksor.com (Clicksor), clkads.com, feed.clickbizz.com, comparedby.us, comparestores.net, couponmountain.com, digitaltrends.com, easilyfindlocal.com, everythinghere.com, evoplus.com, expandsearchanswers.com (expand search answers), fastfinder.com, feedsmixer.org (starFeedsMixer), find-quick-results.com, FilesCup.com (FilesCup), findexmark.com, find-answers-fast.com, Zinkwink.com, us-srch-system.com, finditreport.com, findology.com, finderquery.com, findstuff.com, flurrysearch.com, forless.com, gimmeanswers.org, glimpse.com, google-redirect.com, googlesearchserver.net, get-search-results.com, goingonearth.com, goodsearch.com, gomeo.co.uk, gossipcenter.com, gquestionnaire.com, greatsearchserver.com, greenluo.com, grooveswish.com, guide2faucets.com, happili.com, HelloLocal.com, hyperpromote.com, informationgetter.com, inruo.com, jerseyscatalog.com, juggle.com, k100searches.com, YouPorn, liutilities.com, livejasmin.com (creative.livejasmin.com popups), local-search-pages.com, localpages.com, localsearchbug.com, lowpriceshopper.com, manufacturersdirectory.com, multifind24.com, mybestclick.net, mycustomsearch.cn, mydealchoices.com, mydealmatch.com, mylocalhero.com, neatsales.com, neatsearchserver.com (neat search server ZeroAccess rootkit), netsearchfinder.com, netshoppers.com, nexplore.com, privacycheck.ru, Pulse360.com, qooqle.com, questyes.com, quick-search-results.com, quick-suggest.com, redirectsite.net, results5.google.com, safecompare.com, saveandcoupon.com, savecompare.com, savingwithads.com, scoursearch.net, search-redirector.com, searchforall.info, searching4all.com, search-results.com (int.search-results.com), searchbacon.com, searchdiscovered.com, searchqu.com, searchqualitysites.com, searchnext.com, searchspice.com, shopcompare.net, shopcompareus.com, shopfinded.com, shopica.com, shopica.com/search, shopzilla.com, socialsurvey2011.info, Social Search Redirect, Search-netsite.com, kitchenrenopages.com, kingtopsearch.net, kiseek.com, lawyerinsight.org, letsbuystuff.com, njksearc.net, qooqlle.com, Storeordersonline.com, somesearchsystem.com, startnow.com, startsearcher.com, supersearchserver.com, TabDiscover.com, tazinga.com (tazinga!), theifinder.com, Thewebtimes.com, Marveloussearchsystem.com, merchantsnearby.com, monstermarketplace.com, mooter.com, TheTop10.com, tubedownloader.com, theyellowpages.com, theyellowpagez.com, topdaodrugs.com, tubedownloader.com, Therelatedsearch.com, unblock-us.com, valueapproved.com, vshare.toolbarhome.com (vShare), vehiclefind24.com, whatcarefreefeelslike.com,weeklycontestwinner.org, weeklyusa-winner.com, webshoppinghelper.com, webresults6.org, yellowmoxie.com, search.yellowise.com, ylwbook.addresses.com, youfindmore.com and Zwankysearch.com.

Not all malware announces its presence, but unless you changed your own host file, you can be certain you have a browser hijacker or Google Redirect Virus when your search requests forcibly routes you to unwanted websites. Cybercriminals create malware to multi-task and achieve one or more payloads. The foreign websites may include links that yield cybercrooks unearned pay-per-click (PPC) residuals or might help promote a rogue security program.

Google Redirect Virus has rootkit characteristics meaning it may go undetected from many applications. Google Redirect Virus can be said to be very similar to the parasites and fake security applications known as Backdoor.Tidserv, Alureon, Windows Necessary Firewall and even Fast Windows Antivirus 2011.

The longer you tolerate the presence of a Google Redirect Virus on your computer, the higher the risk of severe damage to your data and system as these malicious programs use a lot of resources and could lead to a complete system crash. Therefore, you should not waste time, letting hackers steal your personal information and destroying your computer. Instead, purchase a reliable anti-malware program that is capable of digging into the root of your system to find and clear all traces of the Google Redirect Virus.

In the meantime, you are advised to disconnect your device from the Internet to prevent any new transmissions of data to a remote server. You should also use a malware-free PC to change your logins and security credentials for all your online accounts.

Malware exploits vulnerabilities found in software or hardware or takes advantage of human behavior and the ignorance of executing Internet security practices. So if you or someone using your PC indulged in one of the following, it could explain how your PC got infected with the Google Redirect Virus.

  1. You took your chances and decided against installing a reputable anti-malware tool.
  2. You installed an anti-malware tool but got comfortable and did not renew it.
  3. You were drawn into clicking on a dubious link of some online suicide or
    celebrity hoax.
  4. You were spammed because you didn't verify the source of that email attachment or link from
    your family or friend, whose accounts was hijacked by a cybercriminal.
  5. You love the word free and pirated music or movies.
  6. You love freeware and shareware and downloaded an infectious codec to view a movie or video.
  7. You love visiting porn sites, gaming sites or warez ones and got infected.

To combat malware short and long-term is to understand its structure and malicious intent. Below is a general outline of what is in store for PCs housing the Google Redirect Virus:

  • Trojan gains deceptive entry by exploiting vulnerabilities in hardware, software or good ole human behavior and weak Internet security practices.
  • Modifies system registry and makes an entry so that its random named executable (done to keep the Internet security community guessing) is run at every boot.
  • Drops a .TMP file in your temporary folder and this file installs other malicious components.
  • The .TMP file (randomly named) will register itself as a legitimate service (thus bypassing your firewall and eluding AVG efforts) by copying a legitimate .dll file and infusing it with its poisonous script to load its malicious .TMP file.
  • It then exploits vulnerabilities in Microsoft Windows DLL listing by adding the 'modified' .dll file and having it loaded into memory along with the other 'legitimate' ones.
  • Once loaded, the venomous .TMP file creates a randomly named file in your 'driver' folder (usually with the .sys extension). This random file is the component that hides all its malicious files and programs from prying eyes (yours and AVG radar).
  • Once the random .sys file is deployed, it drops a .dll file in your 'system' folder and this file is then injected into the SVCHOST executable, which downloads more malicious components from the Internet. It is these configuration files that help a hacker do the following:
    a. Perform HTTP transfers (i.e. to send or receive new transmissions)
    b. Display or trigger pop-up adverts
    c. Inhibit programs or applications from running, especially those threatening malicious attacks.
    d. Set command delay
    e. Order DNS attacks
    f. Spoof email accounts and spam persons on contact list
    g. Download other malicious programs such as:
    i. Trojan keylogger = steal vital data out of cache or directly off-web based forms
    ii. Trojan backdoor = exploit remote assistance tool to secretly make use of your PC
    iii. Trojan hijacker = change your host files and redirect web searches to malicious or unwanted websites
    iv. Trojan dropper = drop more malicious components or programs in your PC

In addition to the Google Redirect Virus hijacking your browser, your system may become impaired, and you might notice the following:

  • Keyboard malfunctioning
  • Windows will unexpectedly requests reactivation of drivers
  • System runs slow or freezes up
  • Applications do not run properly
  • Homepage changed or browser redirects you to unwanted websites
  • Icons added or missing and hardware or drivers inoperable

The longer you allow the Google Redirect Virus to fester, the bigger the risk or threat to your data and system, as these malicious programs use a lot of resource and could cause a system crash.

However, don't be surprised if you are assaulted by pop-ups adverts or scary alerts and fake warnings, or if a slick-looking interface appears out of nowhere and runs an unauthorized scan. This is the typical behavior of a rogue security program, a well-used scam used to scare PC users into blindly handing over their credit card and bank routing number to buy a useless piece of software. Never trust any program that self-loads, runs an unauthorized scan or hijacks your browser.

Don't waste time and don't let some hacker steal your personal information. Fight fire with fire by using a reliable anti-malware tool that is capable of digging into the root of your system and finding all traces of the Google Redirect Virus.

In the interim, disconnect your Internet to stop any new transmissions of data to some remote server. Get to a malware-free PC and change your logins and security credentials for your online accounts.

Aliases: Trj/Genetic.gen [Panda], HEUR:Trojan.Win32.Generic [Kaspersky], WIN.Trojan.Agent-83670 [ClamAV], TROJ_GEN.RCBZ7A6 [TrendMicro-HouseCall], WS.Reputation.1 [Symantec], Trojan.Kryptik!bnm2LXIQg/s [Agnitum], Trojan/Kryptik.akco [TheHacker], Trojan [K7AntiVirus], Artemis!A99D0C59FDB7 [McAfee], Trojan.Vundo.Gen [CAT-QuickHeal], Trojan.Win32.ZPACK.bebabu [NANO-Antivirus], Trojan.Agent/Gen-Kryptik [SUPERAntiSpyware], UnclassifiedMalware [Comodo], Generic29.AKVZ [AVG] and W32/Kryptik.KO!tr [Fortinet].

Do You Suspect Your PC May Be Infected with Google Redirect Virus & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Google Redirect Virus as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Screenshots & Other Imagery

Google Redirect Virus Image 1 Google Redirect Virus Image 2 Google Redirect Virus Image 3 Google Redirect Virus Image 4 Google Redirect Virus Image 5 Google Redirect Virus Image 6

File System Details

Google Redirect Virus creates the following file(s):
# File Name Size MD5 Detection Count
1 %USERPROFILE%\Local Settings\Application Data\Conduit\Babylon\xriotabb.dll 485,376 2a69d434d9d6d6d120fc39a190ca00d3 78
2 %WINDIR%\system32\msdeltam.dll 458,752 0517f1b0c76bd2a32f0cb681617bee80 17
3 KBDSL1B.dll 120,832 6f1ad64ccb0b277c0668318e20ef27fc 0
4 kbd101V.dll 135,168 a99d0c59fdb79c60d748b35f3ec3e448 0
5 TDSSserv.sys N/A
6 C:\WINDOWS\system32\uacinit.dll N/A
7 C:\WINDOWS\SYSTEM32\4DW4R3.dll N/A
8 C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys N/A
9 C:\WINDOWS\Xzagua.exe N/A
10 Xwo.exe N/A
11 C:\Windows\System32\wdmaud.sys N/A
12 C:\WINDOWS\system32\UAC.dll N/A
13 C:\WINDOWS\SYSTEM32\4DW4R3c.dll N/A
14 C:\WINDOWS\system32\drivers\UAC.sys N/A
15 C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll N/A
16 Xwk.exe N/A
17 dmgsh.exe N/A
18 C:\WINDOWS\_VOID\_VOIDd.sys N/A
19 C:\WINDOWS\system32\_VOID.dll N/A
20 C:\WINDOWS\system32\drivers\_VOID.sys N/A
21 Xzagua.exe N/A
22 C:\WINDOWS\system32\UAC.dat N/A
23 C:\WINDOWS\SYSTEM32\4DW4R3sv.dat N/A
24 %Temp%\UAC.tmp N/A
25 C:\WINDOWS\system32\UAC.db N/A
26 C:\WINDOWS\system32\_VOID.dat N/A
27 C:\WINDOWS\Temp\UAC.tmp N/A
28 C:\WINDOWS\_VOID\ N/A
29 C:\WINDOWS\system32\uactmp.db N/A
30 C:\WINDOWS\Temp\_VOIDtmp N/A
31 %Temp%\_VOID.tmp N/A
32 %LOCALAPPDATA%\Affinix\[RANDOM CHARACTERS].dll N/A
33 %LOCALAPPDATA%\Apps\APN\[RANDOM CHARACTERS].dll N/A
34 %LOCALAPPDATA%\Askcom\[RANDOM CHARACTERS].dll N/A
35 %LOCALAPPDATA%\DT Soft\[RANDOM CHARACTERS].dll N/A
36 %LOCALAPPDATA%\Dell\[RANDOM CHARACTERS].dll N/A
37 %LOCALAPPDATA%\Foxit Software\[RANDOM CHARACTERS].dll N/A
38 %LOCALAPPDATA%\LeaderTech\[RANDOM CHARACTERS].dll N/A
39 %LOCALAPPDATA%\PTP\[RANDOM CHARACTERS].dll N/A
40 %LOCALAPPDATA%\Paint.NET\[RANDOM CHARACTERS].dll N/A
41 %LOCALAPPDATA%\Vodafone\[RANDOM CHARACTERS].dll N/A
42 %LOCALAPPDATA%\Winferno\[RANDOM CHARACTERS].dll N/A
More files

Registry Details

Google Redirect Virus creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

25 Comments

  • Lynn Hauman:

    Can I get help for free?

  • Ganoderma:

    My spouse and I stumbled over here from a different web address and thought I may as well check things out. I like what I see so i am just following you. Look forward to checking out your web page again.

  • Google Virus Guy:

    Google direct virus is difficult to remove and it change your host file as well.

  • Exterior:

    This page definitely has all the information I needed concerning this subject and didn't know who to ask.

  • Shipping:

    Greate article. Keep writing such kind of info on your blog.
    Im really impressed by your blog.
    Thanks for sharing your thoughts on Google Redirect Virus. Regards

  • search engine:

    I blog often and I seriously appreciate your content. This great article has truly
    peaked my interest. I am going to book mark your website and keep
    checking for new details about once a week. I subscribed to your RSS feed as well.

  • crack:

    This article is really a good one it assists new internet people, who are wishing for blogging.

  • Jaqui:

    Is there a Mac version of Spyhunter? If not, can you suggest a similar program that runs on Mac.

    Yes, my Mac is infected with this virus! Beware Mac peeps, this can happen to you.

  • Big D:

    I keep getting this redirect and have tried everything available, it is annoying and when it redirects, it does this about 2-3 times, always about downloading a google extension, how can i find it in my registry and zap it? thanks... this is the link that shows up in a new tab
    tradeadexchange.com/a/display.php?k=55cd87c82ac264662630.6385042&h=79dc9dadc1854e4ee3cacfa34ceeed94c9ddaab4&ban=4662630&r=316091&iid=1439533000550891801217314202067541&exp=prpd&ci=%3D%3DgSKdwBBQQDV4kVbJ1UVsxBHMQAP0QFORVWSJkRSVUUVshDO4gDO0QFONkXDllVCZUFM1QF1VxGKdQDV4kVbJ1UVsxBHMQAP0QFORVWSJkRSVUUVshDO4gDO0QFONkXDllVCZUFM1QF0VxGKdQDV4kVbJ1UVsxBB0QFORVWSJkRSVUUVshDO4gDO0QFONkXDllVCZUFM1QFtVBT&pm=VslVFJVWSBFaENVF&pabt=%3D%3DQFHcUF&pc=GMQAAUgAE8AAHUAAGkhA&id=4662630

  • Pablo A Velazquez:

    my account was hack in jan.29 2016 since them no clue about my personal info friends games pic or what people did with my account and blame me for it nobody from yahoo goggles or facebook has contacted me this was a set up please call me so i can tell my version

  • DELBERT:

    what do I need to do to fix this problem?

  • Kelly Martin:

    How do I get rid of this virus??

  • Pat:

    Few days ago I got this virus. AVG and Malwarebytes couldn't detect it. I didn't know what to do and then stumbled here, since i don't know any other programs I bought SPyHunter. Apparently it's miracle worker. My PC is squeaky clean now. Thank you!

  • debbie jiles:

    My husband and friend put " Apatche" licenses on my phone trying to hide theirstuff from me. They are gone but not it. Is this any good at getting that off my android without erasing all theyve done? Its on my phone and both Ipads and really gets my goat. Thanks

  • Vivian H Mock:

    I have no idea what I am doing I just need some help!!!

  • kelvin Dan:

    Alright so what do i have to do more to be able to understand this more better thanks

  • Kirsten Krogh:

    Jeg har fået det anbefalet af en kammerat

  • sherri adkins:

    what do i write

  • MERLE MACNAUGHTON:

    do not know what is required

  • Jean:

    Thank you

  • henry:

    toda ayuda es valiosa y gratis mejor

  • moctezuma:

    es una herramienta util

  • joyce saffarano:

    I tried everything, and I still have a million pop ups. My screen doesn't even look like my screen anymore, can some please please help me. thank you

  • mirna:

    buenisimo

  • Dawud Muhammad:

    I am so F_____cking frustrated with this redirect virus. I'm googling and it's taking me to Bing. What kind of people create such a thing? Seriously I don't know who to trust. Thanks for the article. I guess I'll spend more money trying to get rid of this virus.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.