How Can I Remove The Google Redirect Trojan?

How Can I Remove The Google Redirect Trojan?

If you are infected with the Google Redirecting Virus (a type of Trojan Horse that initiates itself whenever you open your web browser) then you are probably seeing an awful lot of spam advertisements and affiliate links whenever you are viewing search results pages.

Not only is this extremely annoying but it also makes money for the hackers behind it, something I certainly wouldn’t want to be part of.

How Can I Remove The Google Redirect Trojan?

The problem also seems to be growing – as I’m finishing off this post davkal has just written this tweet –

@Security_FAQs , are there easy removal instructions anywhere for the google redirect trojan, seems more people are getting it

So, what you all need is a removal guide…

Removing The Google Redirect Trojan

  1. As ever, I always recommend using a good antivirus program (and make sure you keep it updated with the latest virus definitions!)
  2. Go to C:/Windows/System32 . Find regedit.exe in this folder and right click on it. Rename it with a new name (one that you can easily remember). Disable regedit.exe, which will disable Google Redirect Virus from executing.
  3. Download and install Anti-Malware by Malwarebytes. Run the Anti-Malware complete scan and select to search all drivers, folders and files. Complete the scan and remove any Trojan horses found.
  4. Go back to the “System32″ folder and rename the file “regedit.exe.”
  5. Click on “Start.” Select “Run” and type in “regedit” or type “regedit” in the “Start Search” box. A new window will open called “Registry Editor.”
  6. Click on the arrow to expand “HKEY_LOCAL_MACHINE”. Click on “Software,” “Microsoft,” “Windows,” “CurrentVersion,” “Run.” Look for an entry in the right-hand window called “RegSvr32=%System%msmsgs.exe”. Right-click and delete the file. Restart the computer.
About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. yutannelson says:

    I about went crazy trying to fix this. Every recommendation I found did not help until I found this one. Thank you to whoever posted this. Everyone needs to repost this elsewhere on the web to get the message out.

    Look in (windows)\system32\drivers\etc\hosts. There should be only some lines starting with # and “127.0.0.1 localhost”. Anything else in there might be redirecting you to a fake Google or other fake site.

Trackbacks

  1. […] Redirect Virus though, as I discussed a short while ago in a post where I referred to it as the Google Redirect Trojan. AKPC_IDS += "25705,"; Article by LeeLee is a Retail Manager who wishes he had chosen a career in […]

  2. […] This post was mentioned on Twitter by gryffyn, SafeSites2ClickOn, vivicaca, 尾崎リサ, CyberCrime101 and others. CyberCrime101 said: RT @Security_FAQs How Can I Remove The Google Redirect Trojan? http://bit.ly/4vqWNm […]

Speak Your Mind

*