OnlineSafety411 Internet Safety Source Network

Like OnlineSafety411.com on FacebookFacebookFollow OnlineSafety411 on TwitterTwitter Follow OnlineSafety411.com on Google+Google+Subscribe to OnlineSafety411News (RSS) Feed

Browse > Home / Malware, Online Safety Blog, Virus / Remove ‘Google Redirect Virus’ (Malware)

Remove ‘Google Redirect Virus’ (Malware)

July 25, 2012 by  
Filed under Malware, Online Safety Blog, Virus

19 Comments

Google Redirect Virus may be the culprit of your Google web search results redirecting or linking to malicious sites. We have found that Google Redirect Virus has been around for a long time and still remains to be quite effective in disrupting internet searchers from finding the site that they seek on the internet.

Google Redirect Virus is able to execute commands that may lead to other malware infections. Some security resource sites have verified Google Redirect Virus installed from bundled software such as a shareware program or even a movie codec download. When installed, Google Redirect Virus usually hijacks web browsers so it may redirect PC users to malicious sites such as Blendersearch.com, blinkx.com, Search.babylon.com,scour.com, Bodisparking.com,coolsearchserver.com, , find-fast-answers.com, search-netsite.com, webplains.net, toseeka.com, Worldslife.com and many others. These sites represent malicious intentions, some of which act as phishing sites to gather personal information from PC users.

The other major issue with Google Redirect Virus is that it has the capability to go undetected from commonly used antivirus programs. Google Redirect Virus has specialized coding that makes it hidden in most circumstances. Fortunately, updated antimalware programs are able to safely detect and remove Google Redirect Virus.

In an effort to alleviate the problems that come with Google Redirect Virus, you should take action now to remove Google Redirect Virus. The process of removing Google Redirect Virus can be tricky, which is why you may use a malware solution to easily remove it from your system. New antimalware software is one key to removing Google Redirect Virus in addition to manual removal, which may be performed by more experienced PC users.

How you can easily remove Google Redirect Virus from your computer

Automatically Detect and Remove Google Redirect Virus:

Download SpyHunter
Remove Google Redirect Virus
Download SpyHunter AntiMalware

 

If your internet browser is being blocked and you are unable to download SpyHunter, please follow these instructions:

1. Hold the WinKey (Windows Key on your keyboard) and press the R key at the same time.

Windows Key

WinKey (Windows Key)

2. Type in (or copy and paste) http://www.onlinesafety411.com/go/download-spyhunter and press Enter.

3. The SpyHunter download will begin.

4. You must find the downloaded file SpyHunter-Installer.exe and open/run it (double-click) to start the installation of SpyHunter.

Note: Google Redirect Virus may block installation of antimalware or antivirus software. You may need to boot your PC into Safe Mode with Networking to install an antimalware program.

Steps to boot into Safe Mode with Networking:

  1. Bookmark or Favorite this Post/Web Page.
  2. Restart your PC
  3. Press the F8 key (before Windows starts to load – during the boot sequence text screens) a few times until it registers.
  4. Select “Safe Mode with Networking” and press Enter.
  5. Allow the system to boot into Safe Mode with Networking and then return to this page to download an antimalware application.

DIY Google Redirect Virus removal resources

*If you are an experienced computer user, you may locate and delete the Google Redirect Virus files and registry entries below. The manual removal process for Google Redirect Virus is best performed while in Safe Mode.

Google Redirect Virus Files

  • %Temp%\_VOID.tmp
  • %Temp%\UAC.tmp
  • C:\WINDOWS\system32\UAC.dat
  • C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
  • C:\WINDOWS\system32\UAC.db
  • C:\WINDOWS\system32\_VOID.dat
  • C:\WINDOWS\Temp\UAC.tmp
  • C:\WINDOWS\_VOID\
  • C:\WINDOWS\system32\uactmp.db
  • C:\WINDOWS\Temp\_VOIDtmp
  • C:\WINDOWS\system32\uacinit.dll
  • C:\WINDOWS\SYSTEM32\4DW4R3.dll
  • C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
  • C:\WINDOWS\Xzagua.exe
  • C:\Windows\System32\wdmaud.sys
  • C:\WINDOWS\system32\UAC.dll
  • C:\WINDOWS\SYSTEM32\4DW4R3c.dll
  • C:\WINDOWS\system32\drivers\UAC.sys
  • C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
  • C:\WINDOWS\_VOID\_VOIDd.sys
  • C:\WINDOWS\system32\_VOID.dll
  • C:\WINDOWS\system32\drivers\_VOID.sys
  • C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
  • dmgsh.exe
  • Xzagua.exe
  • Xwk.exe
  • Xwo.exe

Google Redirect Virus Registry Entries

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOID
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys

 

Tags: , , , ,

  • JuneBug007

    If you load chrome or firefox the redirect virus does not work. just a tip. I stopped using internet explorer… complete garbage microsoft!!!!!!

  • Jason Lewis

    The download actually worked. Thought it was just a trick but it has found the correct redirect virus files. I tried manually removing but not all files are listed here. I think the virus has evolved into something new with more malware files. Anywho, it worked.

  • joy blog

    Hello there. I discovered the blog site your online. A great report. I was able to use this to remove the redirect problem.

  • John Slick

    I removed the Google Redirect Virus with a tool found on yourpcoptimizers

  • Rusty

    Now network connection and the facilities are frequently used by the peoples to know the information. Most of the viruses are infected by using the Internet, Pen drive and CD.

  • Louis

    FYI: Most times one in 10 of the google results are some fake website link.

  • Colby

    God Bless you man! This redirect virus was so annoying.

  • Luis McJay

    What do I look for in my directory to delete files for this virus? My Mcafee is not detecting anything. Do I need to use an AntiMalware instead of AntiVirus?

  • Jason Weisman

    your program detected it as redirect virus and removed it after i registered. I think it is gone now because after reboot it lets me load google to the home page and then do a search without any delay now. also the results all look normal. thanks you all at online safety.

  • Pingback: Remove ‘Firefox Redirect Virus’ Malware | OnlineSafety411

  • Sean Fennellas

    Magnificent! Finally Free from this redirect virus. It kept stealing my google search results. My son found out what Porn was because of the virus. Anywho, thankyou!!!

  • Marty

    Do you have more great softwares like this one? SpyHunter is the SHI*!!!!! THANKS!!!!!!!!!!!!!!!!!

  • Marcelo

    Thanks Jason. On the macro’s general prireptoes tab I’ve got a browse prireptoes button which I assume is the same thing. The Is301Redirect property is there, defined as bool and can be seen on the Parameters tab of the macro same idea as prireptoes , I assume. The naming seems to be slightly different on our installation compared to what you’ve laid out which may be what’s thrown me.I’ve also added a property to the PWRedirectPage Document Type with the name IsPermanentRedirect , alias IsPermanentRedirect and type True/false .The PWRedirect Template then looks like this:I think that’s covered all the bases of course I’m using the updated .dll file in the /bin/ folder too.I’m still getting 302 responses though so I must have missed something Thanks againTom

  • Nayliitha

    Tom,Go to the developer area and open the Macro foledr. Find the PWUrlRedirect macro and press the Get Properties or Load Properties button. There should be a property named Is301Redirect. Click OK and save the macro. Then reload it and go to the Properties tab. Make sure the type is set to bool .Do you have an Is301Redirect true/false property on your PWRedirectPage Document Type? If not you will need to add that. Once that is in place you can do the template edit I have listed above (the little code snippet).

  • Paulette and Randy Wilkons

    really appreciate the honesty and in helping us to remove this from our computer. we are 68 and retired, cannot afford or have the ability to take our PC into best buy to get fixed. you guys are the next best thing. thank you again.

  • Bill Newman

    I am not sure if I have google redirect virus. My google searches work but the results have many ads on the top and bottom. is that normal or do I need to scan for google redirect virus?

  • Fred D.

    FYI, removing those files and even changing your internet settings in internet options does not work with the latest google redirect virus. You need to remove it with antispyware or antimalware programs. There are almost 40 files assocaited with google redirect virus that need to be removed and manually deleting them will only recreate more when you reboot your computer. something i learned because i build pcs and help my friends with removing viruses and malware.

  • http://abhijeetmuneshwar.koding.com/ Abhijeet Ashok Muneshwar

    I would like to download “Google Redirect Virus” to perform some experiments on it. Can you please help me.

  • Shane

    DUde, you would have to visit a few porn sites and get some file share downloads and I guarantee you will get the redirect virus on your machine. Just give it time… watch some porn and watch your junk get hijacked.