How Can I Remove The Google Redirect Trojan?

by Lee on January 23, 2010

in Malware

If you are infected with the Google Redirecting Virus (a type of Trojan Horse that initiates itself whenever you open your web browser) then you are probably seeing an awful lot of spam advertisements and affiliate links whenever you are viewing search results pages.

how can I remove the Google redirect Trojan?

how can I remove the Google redirect Trojan?

Not only is this extremely annoying but it also makes money for the hackers behind it, something I certainly wouldn’t want to be part of.

The problem also seems to be growing – as I’m finishing off this post davkal has just written this tweet -

@Security_FAQs , are there easy removal instructions anywhere for the google redirect trojan, seems more people are getting it

So, what you all need is a removal guide…

Removing The Google Redirect Trojan

  1. As ever, I always recommend using a good antivirus program (and make sure you keep it updated with the latest virus definitions!)
  2. Go to C:/Windows/System32 . Find regedit.exe in this folder and right click on it. Rename it with a new name (one that you can easily remember). Disable regedit.exe, which will disable Google Redirect Virus from executing.
  3. Download and install Anti-Malware by Malwarebytes. Run the Anti-Malware complete scan and select to search all drivers, folders and files. Complete the scan and remove any Trojan horses found.
  4. Go back to the “System32″ folder and rename the file “regedit.exe.”
  5. Click on “Start.” Select “Run” and type in “regedit” or type “regedit” in the “Start Search” box. A new window will open called “Registry Editor.”
  6. Click on the arrow to expand “HKEY_LOCAL_MACHINE”. Click on “Software,” “Microsoft,” “Windows,” “CurrentVersion,” “Run.” Look for an entry in the right-hand window called “RegSvr32=%System%msmsgs.exe”. Right-click and delete the file. Restart the computer.

Share this post: Tweet It | Facebook It | Stumble It | Digg It | Delicious It

Related Posts:

  • How Do I Remove The Harry Potter Virus?
  • How Can I Remove The Koobface Virus From My Computer?
  • Wipeout! New Trojan (Trojan.KillFiles.904) Can Obliterate Your Computer
  • Heres A Simple Confiker Removal Guide
  • Trojan.Kardphisher – Effects And Removal
  • Trojan KillRDDL.A – The Hash N Slash Horror
  • How Do I Remove The Conficker Virus?
  • What Are Trojan Horses And Worms?
  • The Teddy Bear Email Hoax
  • Conficker – How To Kill DLL Files And Delete Registry Keys And Values

    • { 2 comments… read them below or add one }

    yutannelson April 22, 2010 at 3:16 am

    I about went crazy trying to fix this. Every recommendation I found did not help until I found this one. Thank you to whoever posted this. Everyone needs to repost this elsewhere on the web to get the message out.

    Look in (windows)\system32\drivers\etc\hosts. There should be only some lines starting with # and “127.0.0.1 localhost”. Anything else in there might be redirecting you to a fake Google or other fake site.

    Reply

    Lee April 22, 2010 at 9:38 pm

    I’m glad you found this post useful :)

    Reply

    Leave a Comment

    { 1 trackback }

    Previous post:

    Next post: