So just the other day a friend hit me up over the phone about something wrong with his computer at work (it seems lately those were the only types of calls I get from my friends). He immediately identified the problem as always being redirected from his Google searches. I immediately thought “Uh-Oh”…those are never, ever good. Being redirected away to another website seems pretty harmless to some but imagine if that redirection took place when you logged into your bank account or some other private website. Luckily for my friend, he doesn’t bank on that computer. However, he does have a very crucial software application installed in which he uses to ring up items his customers purchase and whatnot. If a picture of a credit card immediately popped inside of your head, than you’ll know exactly how I felt at that time.
Redirection is nothing new. You think you’re going to a website but instead you end up somewhere completely unexpected. Website redirection does have legitimate uses, however. Take this blog for example. If you browse to www.anotherwindowsblog.com on your iPhone’s browser, you’ll be “redirected” to my mobile site instead at www.anotherwindowsblog.wirenode.mobi. Many legitimate websites use redirection all the time. However, in my friends case, it’s certainly a big problem because Google shouldn’t redirect you to some bogus looking third-party search site with tons of advertisements when you know you have clicked on a legitimate website on the search results page. This my friends, is the famous Google Redirect Virus (GRV). There are probably other names for it but this one seems to be the most common from what I have read.
TLD3 Rootkit
After a little research, I found also out that the GRV is actually a part of a dangerous and evolving rootkit called TLD3. The problem with a rootkit is that it is one of the most dangerous types of malware that you can infect yourself with. Rootkits bury themselves deep within your operating system and depending on the type of rootkit installed and the skill of the malware author/developer, they can pretty much have free reign over your computer. The most scary part of all? It can even hide itself to prevent detection and removal. If you are also having redirection issues with Google search results, than you most likely have contracted the TLD3 Rootkit as well.
Removal
Luckily, there are products out there that will help you remove the TLD3 Rookit. Even after scanning my friend’s computer with some of the most popular anti-virus and malware removal products, we came up empty (although they did find other nasty type of malware installed on the computer *sigh*). Therefore, we need a tool that knows where specifically to look for the TLD3 Rootkit within our system and accurately destroy it. One such tool is Hitman Pro by Surfright.
OK, so first you’ll want to download Hitman Pro 3. You’ll obviously need to download the right version for your computing environment (32bit or 64bit). Hitman Pro offers a generous 30-day free trial of the software, which is plenty enough to help you remove the TLD3 Rootkit. After the download completes, fire it up. Immediately, Hitman Pro will begin updating itself.
Before hitting Next, hit the Settings button. Select the License tab and click on the big Activate Free License button. As stated, you have 30 days to freely use Hitman Pro to remove any malware that it finds. You can also choose to activate after the scanning process. However, you won’t be able to remove those malware until you complete the activation process..
Once you are back at the main menu screen, click the little down arrow next to the Next button and select the Default Scan option for best results.
Accept the EULA presented on the next page. The Setup page after that is very important. Here, you get to choose whether or not to fully install Hitman Pro onto your computer (for trial and testing purposes *after* removing the TLD3 Rootkit) or just simply forgo any installation and have it only run this one time (sort of like a self-executable). Once you hit Next, the scan will commence. Hitman Pro should then detect the TLD3 Rootkit along with all the other malware junk installed on your computer.
Once it the scanning process has ended, you’ll want to definitely remove all the malware Hitman Pro has detected. With the TLD3 Rootkit, you’ll need to most likely restart your computer for Hitman Pro to successfully wipe it out. After that, the GRV should bother you no more!
Alternate Removal Method
There is an alternate method to ridding yourself of the TLD3 Rootkit and that is directly going in for the kill with Kaspersky’s TDSSKiller utility. This nifty tool was created especially to target the TLD3 Rootkit family of malware.
You can download the TDSSKiller from Kaspersky here. Unzip the executable to a folder of your choice and then run it. Make sure both options are checked and then hit the Start Scan button to begin. Simple as that.
Remove the threats that it has found and then restart your computer.
In the End…
It’s never feels good when you find out you have malware and viruses living within your computer. You should feel even more worst if any of those were rootkits. With the TLD3 Rootkit, many users have fallen victims and will most likely continue to do so. It’s also weird how many of the professional anti-virus and malware removal products available now cannot detect this type of rootkit. Therefore, anytime you notice or feel something is wrong with your computer, you should always scan it with different security tools because no one product will catch everything. It’s just not possible.
Assassinate the Google Redirect Virus with Hitman Pro,Consider Also Reading...
Sandboxing your Browser for Ultimate ProtectionIt's no question that many of our work that's being accomplished today is composed in our Internet browsers. There's ... 
Windows 7: Easily Revert Back to the Old Taskbar StyleEvery once in a while you get to meet certain computer users that have gotten so familiar with how ... 
Microsoft Standalone System SweeperMicrosoft recently released another stand-alone malware scanning tool (although it's still in beta as of right now) called System ... 
Sync Your Documents with DropboxIn my quest to find a online sync service that worked for me, I've first decided to try Windows ... 
My Pros and Cons with Ubuntu LinuxDubbed 'Linux for Humans', Ubuntu has a lot to live up to, especially when comparing it to Windows. As ... 
Loading ...
Bypass ISP Video Throttling with a VPN
Configuring Remote Access for NAS4Free
Creating VM Clones in Microsoft Hyper-V
Getting to Know DNS! Part 3
Getting to Know DNS! Part 2
I’ll have to recommend this to some people. I prefer Kaspersky over all other anti-virus programs, but I also know that the redirect virus has to be removed manually for the fix to be effective. I was reading an article about it: *link removed*
That’s definitely not something I see myself buying nor would I recommend to users. Not only does it look like a scam/hoax, the videos do not show the product actually working at all. All the vide shows is someone talking repeatedly about what the redirect virus is and how difficult it is to remove it. Then they tell you to buy their product for $29.99.
I personally use Kaspersky TDSSKiller and I believe its one of the best at finding Rootkits ( http://www.softwarecrew.com/2011/04/tdsskiller-detects-and-removes-even-unknown-rootkits-in-seconds/ ) and my favorite feature is that it’s one of the hardest TDSSKiller Detectors to find.
It’s so true. I see this rootkit on so many computers yet many of the virus and anti-malware protection software out there don’t detect it. This is why I stand firmly that a one-stop shop solution for cleaning a computer of malware is far from happening. Users need to understand that as well and not let their guard down just because they have purchased a software claiming so.
Jim
Sorry to hear Hitman Pro didn’t solve the problem for you. However, did you try the alternative method I suggested in using Kaspersky’s TDSSKiller Utility? That tool, unlike Hitman Pro, aims directly for the Google Redirect Virus family malware if installed on your computer. Give it a try. If even that utility doesn’t pick up the rootkit, then I’m afraid you might have something else besides the Google Redirect Virus.
I'd heard a lot of good things about Hitman Pro, so I thought I'd try it. It did nothing to prevent the Google redirects though. It looks like it does a good job of cleaning things out, but if you already have something (like Advanced System Care) doing this, then it is redundant. So far, I have found nothing to prevent those poxy redirects (and the Redirect Remover in Firefox only made them worse!).