Google redirect virus

Yup, I got it. I have been unsuccessful trying to remove it.

McAfee, AdAware and SpyBot are not helping. Any advice?

Ouch, man. That sucks big time. I had the virus once before and I can tell you that any security program you try to use will be useless. I searched all day for a solution and I found none.

Unless someone else here has a better solution, I'm afraid that you may have to wipe your computer and start over. =(

try looking here : http://www.xdelbox.com/how-to-remove...edirect-virus/

If you can figure out what IP is causing it you can use HOSTS file to direct it to 127.0.0.1 instead. You could also look up NoScript if you are using firefox.

A friend of mine got a similar malware and we found info to fix it on http://www.spywareinfo.org/

Note the .org - .com looks like a malware site. sheesh.

Then post the results of this program:

• HijackThis - it will show us what's running on your computer concurrently with CoH. Click on "Do a system Scan and save a logfile." It will automatically open up Notepad and put the info there. Make sure Wordwrap is off in Notepad (Format > Wordwrap unchecked) before you cut and paste here.
  
  NOTE: If you suspect you have a virus on your computer, then when you install HijackThis do not install it in a directory called 'HijackThis' -- modern viruses look for that and disable anything in that directory. Rename it. Also, when it starts up, do *not* run a report. Back out of the program and rename the HijackThis.exe file to something else (I renamed mine to Love.exe ) -- again, to fool the modern viruses that would stop it from running.

Good info - working on this now, crossing my fingers I can get rid of this annoying virus.

TY to all for the info so far....

Ew.

I got this once as well, with the added effect of having any anti-virus/spyware being disabled whenever I tried to start it to remove the virus. (I think it was a Trojan though.)

Luckily, it was time for a new HDD, and I had already made backups of all of my data before I caught that virus, so I just chucked the infected HDD and never again tried to download what gave me the Trojan in the first place. (I was trying to download a MUGEN character.)

Sorry no solution here but I just wanted to let you know I also feel your pain this virus was a PITA and forced me to do a reinstall of Windows >_<

Interesting. I got something similar to this last week, but I'm not sure it's the same thing. Mine was definitely installed by an Adobe scripting attack, and it did redirect my google searches.

In my case, I was able to identify three separate rundll processes that were being installed as autorun registry entries. They were doing something pretty fancy whereby, once started, they appeared to inject themselves as part of every running process on the PC. They would then proceed to periodically update the registry with their autorun entries from every running process. I had trouble killing the processes from either Task Manager or SysInternals' Process Explorer, but for some reason I was able to kill them the "taskkill /F" command. Killing the trojan processes would cause every running process to eventually crash (forcing me to reboot), as losing the connection to the trojan after whatever injection they were performing apparently made the processes very unhappy.

Ultimately I was able to remove the files by using a SysInternals tool "movefiles", which you can use to tell Windows to delete files during startup. I'm looking back in my command-line history, and I had these bogus files.

C:\WINDOWS\system32\notepad.dll
C:\DOCUME~1\<LoggedInUser>\ntload.dll
C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll

I set these for delete on boot, then killed the running trojan processes. I may not have had to do this last kill, but the list of files to remove on boot is stored in the Windows registry, and I wanted to make sure that the trojans would not wipe references to themselves from the list.

Once I did these steps, my problem was solved.

If you do not have "rundll" images in your task list containing the DLL names listed above, you probably have a different invader, and my info above may not be of any help. Unfortunately, the Task Manager does not show enough of the command-line to know. I would say look and see if you have three or more rundll's in your "Image Name" column in the "Processes" tab of Task Manager. If you do, you might have the same problem as I did. Hijack This should be able to show enough of the command line to make it clear(er).

When i had the problem a few years back i struggled with it for days... Was close to just formatting and reinstalling when i found something called ComboFix. I have no idea where exactly i found it, some googling my help, but it forced the stuff out of my PC. I think it's pretty risky to use though, but it may help if nothing else will.

I also found that ComboFix was the only thing that worked.

I was nervous, because the documentation is real cautious with lots of warnings.. But it worked great!

Good Luck...

While the advice above is good, removing infections from inside a compromised windows installation is a pretty iffy prospect. They have a nasty habit of being able to hide and come back unless you cripple them from outside of windows.

I would start with a bootable anti-virus CD like this one (free):

http://dlpro.antivir.com/package/res...-common-en.iso

Burn it, boot from it and run the scan. It'll delete/rename any infected files and (with luck) cripple any virus/malware/rootkit you might have. Once that's done, other scanners/cleaners can be used inside windows to clean up any remaining files or nasty bits in your registry.

I've gone this route successfully on a few machines where it was down to a format/reinstall as the only other option.