Google Redirect Infection, Removal Instructions Options

[LDTate]

Google Redirects




DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


You might want to print these instructions out.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• It doesn't take long to run, once it is finished move onto the next step

Next:

Download TDSSKiller and save it to your Desktop.

• Make sure all other windows are closed and to let it run uninterrupted.
• Extract the file and run it.
• Reboot your machine and see if the infection is gone

Reboot and the infection should be removed.

If you still need help Start a new topic:
Also please post the contents of that log TDSSKiller and GooredFix log.

Start a in Spyware / Malware / Virus Removal Forum

[LDTate]

Position "bump"

[robregions1974]

Wow, I got the redirect virus yesterday and COULD NOT GET IT REMOVED until found this post and now I'm virus free. I used a program called Hitman Pro to scan my computer, it found the rootkit virus but could not remove it. I typed in the statement that it gave me into google and found this post, followed the instructions and now it appears the virus is gone. I executed the 3 programs, rebooted then ran Hitman pro again and there was no note that any virus was identified, I've been opening new windows and new tabs like a madman and no redirects, so I think I'm clean THANK YOU SO MUCH FOR YOUR HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[LDTate]

Wow, I got the redirect virus yesterday and COULD NOT GET IT REMOVED until found this post and now I'm virus free. I used a program called Hitman Pro to scan my computer, it found the rootkit virus but could not remove it. I typed in the statement that it gave me into google and found this post, followed the instructions and now it appears the virus is gone. I executed the 3 programs, rebooted then ran Hitman pro again and there was no note that any virus was identified, I've been opening new windows and new tabs like a madman and no redirects, so I think I'm clean THANK YOU SO MUCH FOR YOUR HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

You're more than welcome.
Glad we were able to help

Peace be with you

[LDTate]

Updated

[estone]

Wow, I got the redirect virus yesterday and COULD NOT GET IT REMOVED until found this post and now I'm virus free. I used a program called Hitman Pro to scan my computer, it found the rootkit virus but could not remove it. I typed in the statement that it gave me into google and found this post, followed the instructions and now it appears the virus is gone. I executed the 3 programs, rebooted then ran Hitman pro again and there was no note that any virus was identified, I've been opening new windows and new tabs like a madman and no redirects, so I think I'm clean THANK YOU SO MUCH FOR YOUR HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Exact same experience here as of Oct 16. Ran Hitman Pro 3.5.7 after fix and it no longer picked up "TDL3 (alias Alureon)" issue. Many thanks gentlemen for providing a very helpful solution to this highly annoying redirect problem!!

[LDTate]

Thanks for posting back and letting us know

Peace be with you

[virusesluvme]

LDTate - you da man!

HitmanPro couldn't fix this problem - until I stumbled onto this fix. TDSS found the rootkit (on the second try) and sent TDL3 to bye-bye land!

Thanks for being one of the good guys!

[LDTate]

You're more than welcome.
Glad we were able to help

Peace be with you

[werdnaJT]

I have had the same problem, ran hitman, and it only said that a possible variation was detected. I ran step 1 on this post, then tried to open the link for step two. All it shows is a blank page, and the same for step #3? Not quite sure where to go from here...

[inzanity]

Hi werdnaJT,

The links should take you directly to download those tools. The infection may be preventing you from doing so.

I would suggest reading here: Getting Started: How To Get Help

then create a new topic here: Virus, Spyware & Malware Removal

One of our Malware fighters would help you in removing this infection. Thank you.

[LDTate]

I have had the same problem, ran hitman, and it only said that a possible variation was detected. I ran step 1 on this post, then tried to open the link for step two. All it shows is a blank page, and the same for step #3? Not quite sure where to go from here...

Sounds like a browser issue.
Right Click on the link and select "Open In New Windows"

[werdnaJT]

Thanks alot for your help, the problem is gone. I can't start to tell you how helpful people like you are, i really appreciate it. Thanks!

[LDTate]

You're more than welcome.
Glad we were able to help

Peace be with you

[LDTate]

Updated