How to remove Google redirect virus

What is Google redirect?

First of all, we should define that there is Google redirect is not a single threat, but a name for a group of malware that, as the name implies, redirect a victim to Google.com or to the pages that copy its design. Why this approach is so popular among malware creators? Because it is efficient, as users may not notice the difference between the genuine Google search page and its malicious clone. So, they suspect nothing from an accustomed page and continue to use the search engine though it acts strange. Such pages are created to make money on landing a user on third-party sites through adjusting search engines that will generate fake results.

Google redirect page

To make a user use malicious search services almost all versions of Google redirect virus force the change of your browsers’ main pages, as well as the default, managed, and provided search engines. Alongside with it, you may notice that your browser icons and Windows hosts files are altered without your consent. To revert these changes and secure your system you need to remove Google redirect virus.

How Google redirect got installed on your computer?

From the first view, it may seem that the malware appeared without any notification out of the blue. However, with the deeper look, it turns out that Google redirect virus emerges after installation of a freeware program. So, all malware experts agree on the fact that it is dangerous to perform an installation without examining the details of the setup. You can monitor the additional elements by changing the installation method to Advanced or Custom, and then deselecting the components that seem harmful.

Symptoms of Google redirect infection

  • First and the most striking proof of having a browser hijacker is change of the main page. Usually it is a search engine page that is designed so that user would believe in its legitimacy.
  • Generally, hijackers cause redirections when user makes a search query on its page or tries to reach a blocked site (usually another search engine or anti-malware sites)
  • Another indicator of hijacker infection is appearance of new programs, toolbars and browser extensions that you don’t remember installing and processes in start-up queue.
  • Also, you may notice the significant slowdown in the system operating, since running of the applications required for malware activity may consume a lot of CPU.
  • Besides, hijacker infection may as well negatively affect the speed of Internet connection.

How to remove Google redirect?

To make sure that the hijacker won’t appear again, you need to delete Google redirect completely. For this you need to remove the application from the Control Panel and then check the drives for such leftovers as Google redirect files and registry entries.
We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to automatic removal tool.

Download SpyHunter

Performing an antimalware scan with Norton would automatically search out and delete all elements related to Google redirect. It is not only the easiest way to eliminate Google redirect, but also the safest and most assuring one.


Remove Google redirect brought by rootkits

Sometimes other more serious infections, known as TDSS, or TDL3 rootkits, are responsible for Google redirect appearance. Rootkits can do serious harm to your computer, as they are able to invisibly operate on the background and download malware from the Internet without informing you.
To deal with this kind of threat, it’s better to use special tool produed by Kaspersky Lab
TDSSKiller tool GUI

  1. Download TDSSKiller tool
  2. Right-click the TDSSKiller.exe icon and choose Rename
  3. Rename it as a random name with .com extension
  4. Launch the file
  5. Click the Start Scan button
  6. When given the result of the scan, click Continue
  7. After the end of the process, reboot the system

Steps of Google redirect manual removal

Uninstall Google redirect from Control Panel

As it was stated before, more likely that the hijacker appeared on your system brought by other software. So, to get rid of Google redirect you need to call to memory what you have installed recently.

How to remove Google redirect from Windows XP

  1. Click the Start button and open Control Panel
  2. Go to Add or Remove Programs
  3. Find the application related to Google redirect and click Uninstall

How to remove Google redirect from Windows 7/Vista

  1. Click the Start button and open Control Panel
  2. Go to Uninstall Program
  3. Find the application related to Google redirect and click Uninstall

How to remove Google redirect from Windows 8/8.1

  1. Right-click the menu icon in left bottom corner
  2. Choose Control Panel
  3. Select the Uninstall Program line
  4. Uninstall the application related to Google redirect

How to remove Google redirect from Windows 10

  1. Press Win+X to open Windows Power menu
  2. Click Control Panel
  3. Choose Uninstall a Program
  4. Select the application related to Google redirect and remove it

noteIf you experience problems with removing Google redirect from Control Panel: there is no such title on the list, or you receive an error preventing you from deleting the application, see the article dedicated to this issue.
Read what to do if program won’t uninstall from Control Panel


Remove Google redirect from browsers

Since some of hijacker threats use a disguise of a browser add-on, you will need to check the list of extensions/add-ons in your browser.

How to remove Google redirect from Google Chrome

  1. Start Google Chrome
  2. Click on Tools, then go to the Extensions
  3. Delete Google redirect or other extensions that look suspicious and you don’t remember installing them

How to remove Google redirect from Internet Explorer

  1. Launch Internet Explorer
  2. Click on the Tools/Gear icon, then select Manage Add-ons
  3. Delete Google redirect or other extensions that look suspicious and you don’t remember installing them

How to remove Google redirect from Mozilla Firefox

  1. Start Mozilla Firefox
  2. Click on the right-upper corner button
  3. Click Add-ons, then go to Extensions
  4. Delete Google redirect or other extensions that look suspicious and you don’t remember installing them

How to remove Google redirect from Microsoft Edge

  1. Start Microsoft Edge
  2. Click the three-dot button in the upper right corner
  3. Choose Extensions
  4. Click the gear icon near Google redirect or other extensions that look suspicious and you don’t remember installing them
  5. Choose Remove

Reset your browsers

How to reset settings in Google Chrome

  1. Click on the icon in the right-upper corner
  2. Choose Settings
  3. Click Show advanced settings
  4. Click the Reset Settings button

How to reset settings in Mozilla Firefox

  1. Click the icon in the upper right corner
  2. Choose Help
  3. Select Troubleshooting Information
  4. Click the Reset Firefox… button

How to reset settings in Internet Explorer

  1. Click on the Tools button
  2. Go to Internet options
  3. Go to the Advanced tab
  4. Click Reset

How to reset settings in Microsoft Edge

  1. Start Microsoft Edge
  2. Click the three-dot button in the upper right corner
  3. Choose Settings
  4. Under the Clear browsing data category select Choose what to clear
  5. Select everything and click Clear

Delete files and registry entries added by Google redirect

Now you will be able to reach the needed functions and files. For eliminating the ransomware activity, you need to find all of the following items and delete them.

Remove Google redirect files and folders:

%LOCALAPPDATA%\AIM Toolbar\[RANDOM CHARACTERS].dll
%LOCALAPPDATA%\AlwaysNeat\Adobe\[RANDOM CHARACTERS].dll
%LOCALAPPDATA%\AIM\Adobe\[RANDOM CHARACTERS].dll
%LOCALAPPDATA%\Akamai\[RANDOM CHARACTERS].dll
%LOCALAPPDATA%\Adobe\Acer\[RANDOM CHARACTERS].dll
%USERPROFILE%\Local Settings\Application Data\Conduit\Babylon\xriotabb.dll
kbd101V.dll
%LOCALAPPDATA%\7-Zip\[RANDOM CHARACTERS].dll
%LOCALAPPDATA%\Affinix\[RANDOM CHARACTERS].dll
KBDSL1B.dll
%LOCALAPPDATA%\Adobe\[RANDOM CHARACTERS].dll
%APPDATA%\Bitrix Security\[RANDOM CHARACTERS].dll
%WINDIR%\system32\msdeltam.dll
%LOCALAPPDATA%\APN\Adobe\[RANDOM CHARACTERS].dll
%LOCALAPPDATA%\Ahead\[RANDOM CHARACTERS].dll
TDSSserv.sys
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\SYSTEM32\4DW4R3.dll
C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sy
C:\WINDOWS\Xzagua.exe
Xwo.exe
C:\Windows\System32\wdmaud.sys
C:\WINDOWS\system32\UAC.dll
C:\WINDOWS\SYSTEM32\4DW4R3c.dll
C:\WINDOWS\system32\drivers\UAC.sys
C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
Xwk.exe
dmgsh.exe
C:\WINDOWS\_VOID\_VOIDd.sys
C:\WINDOWS\system32\_VOID.dll
C:\WINDOWS\system32\drivers\_VOID.sys
Xzagua.exe
C:\WINDOWS\system32\UAC.dat
C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
%Temp%\UAC.tmp
C:\WINDOWS\system32\UAC.db
C:\WINDOWS\system32\_VOID.dat
C:\WINDOWS\Temp\UAC.tmp
C:\WINDOWS\_VOID\
C:\WINDOWS\system32\uactmp.db
C:\WINDOWS\Temp\_VOIDtmp
%Temp%\_VOID.tmp

Remove Google redirect registry entries:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3


If the above-mentioned methods didn’t help in eliminating the threat, then it’s better to rely on an automatic way of deleting Google redirect.

Download SpyHunter

We also recommend to download and use Norton to scan the system after Google redirect removal to make sure that it is completely gone. The antimalware application will detect any vicious components left among system files and registry entries that can recover Google redirect.

Leave a Reply

Your email address will not be published. Required fields are marked *