So just the other day a friend hit me up over the phone about something wrong with his computer at work (it seems lately those were the only types of calls I get from my friends). He immediately identified the problem as always being redirected from his Google searches. I immediately thought “Uh-Oh”…those are never, ever good. Being redirected away to another website seems pretty harmless to some but imagine if that redirection took place when you logged into your bank account or some other private website. Luckily for my friend, he doesn’t bank on that computer. However, he does have a very crucial software application installed in which he uses to ring up items his customers purchase and whatnot. If a picture of a credit card immediately popped inside of your head, than you’ll know exactly how I felt at that time.
Redirection is nothing new. You think you’re going to a website but instead you end up somewhere completely unexpected. Website redirection does have legitimate uses, however. Take this blog for example. If you browse to www.anotherwindowsblog.com on your iPhone’s browser, you’ll be “redirected” to my mobile site instead at www.anotherwindowsblog.wirenode.mobi. Many legitimate websites use redirection all the time. However, in my friends case, it’s certainly a big problem because Google shouldn’t redirect you to some bogus looking third-party search site with tons of advertisements when you know you have clicked on a legitimate website on the search results page. This my friends, is the famous Google Redirect Virus (GRV). There are probably other names for it but this one seems to be the most common from what I have read.
After a little research, I found also out that the GRV is actually a part of a dangerous and evolving rootkit called TLD3. The problem with a rootkit is that it is one of the most dangerous types of malware that you can infect yourself with. Rootkits bury themselves deep within your operating system and depending on the type of rootkit installed and the skill of the malware author/developer, they can pretty much have free reign over your computer. The most scary part of all? It can even hide itself to prevent detection and removal. If you are also having redirection issues with Google search results, than you most likely have contracted the TLD3 Rootkit as well.
Luckily, there are products out there that will help you remove the TLD3 Rookit. Even after scanning my friend’s computer with some of the most popular anti-virus and malware removal products, we came up empty (although they did find other nasty type of malware installed on the computer *sigh*). Therefore, we need a tool that knows where specifically to look for the TLD3 Rootkit within our system and accurately destroy it. One such tool is Hitman Pro by Surfright.
OK, so first you’ll want to download Hitman Pro 3. You’ll obviously need to download the right version for your computing environment (32bit or 64bit). Hitman Pro offers a generous 30-day free trial of the software, which is plenty enough to help you remove the TLD3 Rootkit. After the download completes, fire it up. Immediately, Hitman Pro will begin updating itself.
Before hitting Next, hit the Settings button. Select the License tab and click on the big Activate Free License button. As stated, you have 30 days to freely use Hitman Pro to remove any malware that it finds. You can also choose to activate after the scanning process. However, you won’t be able to remove those malware until you complete the activation process..
Once you are back at the main menu screen, click the little down arrow next to the Next button and select the Default Scan option for best results.
Accept the EULA presented on the next page. The Setup page after that is very important. Here, you get to choose whether or not to fully install Hitman Pro onto your computer (for trial and testing purposes *after* removing the TLD3 Rootkit) or just simply forgo any installation and have it only run this one time (sort of like a self-executable). Once you hit Next, the scan will commence. Hitman Pro should then detect the TLD3 Rootkit along with all the other malware junk installed on your computer.
Once it the scanning process has ended, you’ll want to definitely remove all the malware Hitman Pro has detected. With the TLD3 Rootkit, you’ll need to most likely restart your computer for Hitman Pro to successfully wipe it out. After that, the GRV should bother you no more!
Alternate Removal Method
There is an alternate method to ridding yourself of the TLD3 Rootkit and that is directly going in for the kill with Kaspersky’s TDSSKiller utility. This nifty tool was created especially to target the TLD3 Rootkit family of malware.
You can download the TDSSKiller from Kaspersky here. Unzip the executable to a folder of your choice and then run it. Make sure both options are checked and then hit the Start Scan button to begin. Simple as that.
Remove the threats that it has found and then restart your computer.
In the End…
It’s never feels good when you find out you have malware and viruses living within your computer. You should feel even more worst if any of those were rootkits. With the TLD3 Rootkit, many users have fallen victims and will most likely continue to do so. It’s also weird how many of the professional anti-virus and malware removal products available now cannot detect this type of rootkit. Therefore, anytime you notice or feel something is wrong with your computer, you should always scan it with different security tools because no one product will catch everything. It’s just not possible.