Google searches are hijacked Google searches are redirected to random sites Why my Google Searches are Redirected? How to fix Google Search Redirect?

Google searches are hijacked Google searches are redirected to random sites Why my Google Searches are Redirected? How to fix Google Redirect? Computer Virus Hijacks Browser Internet Explorer Also Antivirus Programs are Not Working, the Search Engine Results Pages are Just Random Sites, How to get rid of Google search redirect virus?

Well, you might be wondering why I am redirected to some random website when you click a link on Google search result. What more you might get even more frustrated when none of the legitimate antivirus, antimalware and antispyware programs were able to get rid of this Google redirect virus…even after running the scan umpteen number of times….you still get ‘No viruses or spyware detected’

Also you might be wondering why my expensive Antivirus programs did not prevent these kinds of virus attacks. How is that possible when the AV program’s protection is up to date and AV program is up & running?  YES it is TRUE. This kind of Google redirect virus, find it’s way through your computer hiding somewhere and can’t be detected by none. Once they are into your computer, you are almost can not perform any successful search using Google. Also a huge treat of getting mode viruses form the redirected websites.

Let’s get in depth on Google search redirect virus aka internet browser hijacker. How to remove these viruses manually? Are there any tool which helps to fix my browser hijack virus & Google search redirect virus?

When you click on Google search results and getting redirected to a completely different unrelated scammy looking or advertising website, you can be sure that your PC is infected with TDSS virus. TDSS trojan is a rootkit virus.

What is a rootkit virus?

A rootkit virus finds its way to a computer through some Trojan application, and once installed, it takes the privileges of a system administrator. The virus itself hides from other processes which makes it difficult for the anti-virus/anti-spyware or anti-malware programs to detect. They hide utility programs.

Rootkits hide the presence of spyware, key loggers, malware and Trojans on computers which might allow the hackers to install backdoors on computers.

TDSS, Tidserv,Alureon or TDL3 rootkit trojan

Occasionally a new virus appears that is clever enough to completely deceive anti virus programs. TDSS also known as Alureon [Microsoft], Tidserv [Symantec] or TDL3 is such a sophisticated virus that is causing sleepless nights for anti virus researchers. 

“The TDL3 ,Win 32 rtk,TDSS or Tidserv is one of the most sophisticated viruses I have seen. The rootkit is just piggybacking on a standard driver to avoid detection by anti virus programs.” said Antivirus programmer

TDSS, TDL3, Tidserv or Alureon are signatures of this rootkit virus….. detected by your antivirus without being able to do anything most of the times. Here is the complete list of warning issued by various antivirus programs upon scanning your Google redirect infected PC.

Packed.Win32.TDSS, Rootkit.Win32.TDSS —————–Kaspersky Lab
Mal/TDSSPack, Mal/TDSSPk ———————————–Sophos
Trojan:Win32/Alureon ——————————————–Microsoft
Packed.Win32.Tdss ———————————————- Ikarus
W32.Tidserv, Backdoor.Tidserv——————————— Symantec
Trojan.TDSS ——————————————————–MalwareBytes’
Backdoor:W32/TDSS ———————————————-F-Secure
BKDR_TDSS ——————————————————–Trend Micro
Rootkit.TDss ———————————————————BitDefender
Generic Rootkit.d ————————————————– McAfee

How does TDL3 ,Win 32 rtk,TDSS or Tidserv work?

TDL3 ,Win 32 rtk,TDSS or Tidserv registers itself first as print processor. The printer subsystem (spoolsv.exe), that has administrative rights, loads this Print Processor and gains the full system access rights as Print Processors. When virus scanners want to check this driver, they see the original file so they are unable to recognize the infection.

TDL3 places an encrypted file system on top of the standard file system on the last sectors of the hard drive. The encryption ensures that these files cannot be read directly from disk to avoid detection by anti virus programs. The encrypted file system is used to store other threats that are downloaded from the Internet.

How TDL3 ,Win 32 rtk,TDSS or Tidserv rootkit hides it’s presence from antivirus programs?

TDL3 ,Win 32 rtk,TDSS or Tidserv infection comes from the usual dropper spread by peer to peer networks or by crack and keygen websites, and it needs administrator privileges to run its payload. When run, the infection is using a similar technique applied by MBR rootkit: all kernel mode and user mode components are stored to the last sectors of the hard drive, outside the file system. By doing so, they appear to be only raw bytes, bypassing every security check. Tdss rootkit bring this trick to a more advanced level, by encoding its components before they are written to the disk.

TDL3 ,Win 32 rtk,TDSS or Tidserv rootkit creates a fake driver object, its relative device object, and hijacks every disk I/O communication at the level of drivers’s chain where the infected driver was located (i.e. infected driver could be atapi.sys, or iastor.sys).

When intercepted, it injects inside the specified process its user mode components of the infection, tdlwsp.dll, tdlcmd.dll. Tdss rootkit is indeed a really worrying infection, it is in the wild and it’s quickly spreading without being intercepted and detected by almost anyone. Some  antiviruses may throw up a warning about the presence of tdlcmd.dll or tdlwsp.dll, without being able to do anything

How to remove TDL3 ,Win 32 rtk,TDSS or Tidserv?

The number of infected computers is growing quickly. The latest guest of the TDL3-hotel is redirecting search engines to malicious websites so many people refer to this as the Google Redirect Virus. There are only a few anti virus programs that detect a TDL3 ,Win 32 rtk,TDSS or Tidserv infection. And the number of anti virus programs that can remove the infection is nearly zero.

But there are the few special free Google redirect virus removal tools from the same antivirus programs,

Win32/Olmarik Removal tool by ESET
Hitman Pro by Surfright
TDSSKiller by Kaspersky Labs.
Windows Malicious Software Removal Tool by Microsoft
BlackLight by F-Secure
Stinger by McAfee
CureIt! by Dr.Web. The alternative download location is in CNET.com. You need to update the detection to get the latest detection updates.
GMER Rootkit scan
Junction by http://www.sysinternals.com

How to fix Google search redirect manually?

Manual removal needs lost of hand of experience with computer system, files directories etc. If you do not have sufficient expertise in dealing with computer files, folders, processes, DLL files, services registry entries, please take help from some one who can does this for you.

Other wise Get Reimage key by going to PC Reimage in order to fix the Goole Search Rediret Virus and Impacted Registry Entries, Files and Folders.

Step 1. Check your hosts file for malicious entries.
Hosts file resides on C:\Windows\System32\Drivers\etc\hosts

If you see more lines of code and IPs, you should delete these, especially if they rewrite Google or Microsoft sub domains.

Before editing, backup the current HOSTS file. You need to delete all the lines from this hosts file except “127.0.0.1 localhost”. The other entries you saw there need to be removed as they are malicious. (This is why IE unable to connect, because the HOSTS file block the huge list of websites…and you get a warning that “The Page cannot be displayed

Step 2. Check DNS (Domain Name Server) settings
1. Go to Control Panel->Network Connections and select your local network.
2. Right-click your local network icon and select Properties.
3. A window will open, then select Internet Protocol (TCP/IP) and click Properties.
4. You will see a window like the one below – this is the Internet Protocol window. Select “Obtain an IP address automatically” and “Obtain DNS server address automatically”.
5. Click OK to save changes.

Step 3. Checking your proxy settings on Internet Explorer
1. Launch your internet explorer.
2. Tools ->Internet Options, Connections tab. Press LAN Settings
3. Unselect everything or enter parameters that were given by system administrator.
4. Press OK.

TDSS, Alureon, or TDL3 Rootkit Files:

C:\WINDOWS\_VOID\
C:\WINDOWS\_VOID\_VOIDd.sys
C:\WINDOWS\system32\UAC.dll
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UAC.db
C:\WINDOWS\system32\UAC.dat
C:\WINDOWS\system32\uactmp.db
C:\WINDOWS\system32\_VOID.dll
C:\WINDOWS\system32\_VOID.dat
C:\WINDOWS\SYSTEM32DW4R3c.dll
C:\WINDOWS\SYSTEM32DW4R3sv.dat
C:\WINDOWS\SYSTEM32DW4R3.dll
C:\WINDOWS\system32\drivers\_VOID.sys
C:\WINDOWS\system32\drivers\UAC.sys
C:\WINDOWS\SYSTEM32\DRIVERSDW4R3.sys
C:\WINDOWS\SYSTEM32\DRIVERSDW4R3.sys
C:\WINDOWS\Temp\_VOIDtmp
C:\WINDOWS\Temp\UAC.tmp
%Temp%\UAC.tmp
%Temp%\_VOID.tmp
C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll

TDSS, Alureon, or TDL3 Rootkit Windows Registry Information:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesDW4R3

But on a long run, I would suggest you to keep a license of http://pcreimage.cz.cc/

Reimage works by comparing each and every OS system files with the correct files from a web repository of 25 million Windows components. (since Reimage works by comparing with correct file, it can easily find the hiding rootkit, infact this is what a rootkit remover do……dumps a list of files from your hard disk drive and compares it with the list from the recovery console in order to find a hiding virus) This is the sole reason you can get a PC as good as new once you run Reimage, all other antivirus and antimalware programs just delete the virus….but they don’t correct the damage…which results in re-infection and slow performing PC.

Reimage first scans your computer thoroughly; all the files, folders, registry keys and values, drivers, software, stacks and then either repair or remove those stuffs that should be there. But it’s not just that it does. They have an enormous web repository of application, drivers, system objects, etc. from where they compare your PC’s files and if corrupted replace it with the healthy ones.

Visit Reimage to fix Google Redirect Virus, Fix altered OS Files, Folders and Permissions 

Mike J Bennett is a Software System Architect, who has more than 15 years of experience. He has wide knowledge on System Security. Mike also has great interest in sports, fitness and games.

This entry was posted in Google Free Ebooks and tagged , , , , , , , . Bookmark the permalink.