1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google Redirect Virus Update!

Discussion in 'BlackHat Lounge' started by 2011nfl, Dec 9, 2010.

  1. 2011nfl

    2011nfl Supreme Member

    Joined:
    Aug 9, 2010
    Messages:
    1,223
    Likes Received:
    5,955
    Location:
    Dallas, Texas
    Home Page:
    The "google redirect virus"

    In a recent thread we talked about the google redirect virus, and i promised to update everyone on new or better methods to remove this virus, so here it is.

    As a computer tech and virus removal expert, it is my job to safely remove viruses from my clients computers while also protecting their information, so I have been working for months on the google redirect virus and have finally came up with a gauranteed removal method.

    First, you must know about the google redirect virus and exactly what it does to your computer and how.


    How the "google redirect virus" infects your computer

    The google redirect virus is a "bootkit virus" which hides itself in both system restore, and your system rootkit, making it virtually undetected by most antivirus software. Even the ones that pick it up and say they remove it dont, it still comes back.

    Symptoms of the "google redirect virus"

    1: Directs most searches to malicious websites

    2: Slows your computer down

    3: Gets on your damn nerves lol

    Steps to remove the "google redirect virus"

    1: Restart your computer in "safe mode with networking"

    2: Download "malwarebytes" from here http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;1 and run it to remove as many files as possible

    3: Download "ccleaner" from here http://www.filehippo.com/download_ccleaner and run both the cleaner and registry fix

    4: Run your normal antivirus software

    5: Turn off all antivirus software currently running

    6: Download "combofix" from here http://www.bleepingcomputer.com/download/anti-virus/combofix
    Run "combofix" and let it do its magic

    7: Restart back into safemode and repeat steps 1-4

    8: Restart in normal windows and repeat steps 1-4 again

    9: Run a google search and see if it is fixed

    10: Your done!


    Conclusion

    The reason for repeating these steps, is that you want to be more aggressive than the virus itself. It is quite possible that the virus will be gone way before step 8, but its better to be safe than sorry and have to start all over again. I have used this method several times lately and it has worked every single time. I also set it up so you can come directly to this page and click on all of the right links to download (since obviously google searches will be re-directed) So even if you do not have the virus now, it wouldnt be a bad idea to bookmark this thread for future easy access. Hope this helps many of you and for those who have been waiting, thanks for the patients. If anyone needs further help with this virus or any other virus removal, feel free to pm me and i will help as much as possible. Thanks :D
     
    Last edited: Dec 9, 2010
  2. raidel21

    raidel21 Regular Member

    Joined:
    May 17, 2009
    Messages:
    401
    Likes Received:
    324
    You say you are an "Expert"...but,

    The site you are directing people to is "Not an official ComboFix download site. It Links to spywarecease.com and other rouges"


    The official place to safely download ComboFix is:


    Code:
    http://bleepingcomputer.com/combofix/how-to-use-combofix

    READ:
    Code:
    http://www.mywot.com/en/scorecard/combofix.org
     
  3. 2011nfl

    2011nfl Supreme Member

    Joined:
    Aug 9, 2010
    Messages:
    1,223
    Likes Received:
    5,955
    Location:
    Dallas, Texas
    Home Page:

    Actually you are 100% wrong lol, actually it only redirected to the site you just posted, but I changed that anyways. so it should be right now
     
  4. 2011nfl

    2011nfl Supreme Member

    Joined:
    Aug 9, 2010
    Messages:
    1,223
    Likes Received:
    5,955
    Location:
    Dallas, Texas
    Home Page:
    Its not as easy as that.... trust me. Other viruses can be removed that way, but not this one. Its not only in the registry.
     
  5. Bartman

    Bartman Power Member

    Joined:
    Apr 24, 2010
    Messages:
    569
    Likes Received:
    131
    you are making it too complicated. download and burn AVG rescue cd as an iso image. insert cd. restart computer. done.
     
  6. 2011nfl

    2011nfl Supreme Member

    Joined:
    Aug 9, 2010
    Messages:
    1,223
    Likes Received:
    5,955
    Location:
    Dallas, Texas
    Home Page:

    Yea.... not that easy, tried it..... didnt work.
     
  7. lolikas

    lolikas Newbie

    Joined:
    Dec 14, 2010
    Messages:
    27
    Likes Received:
    4
    There are two possible causes of the "Google redirect virus" (Bing, Yahoo as well) at this moment: TDSS rootkit and Cycbot. If it's a rootkit from the TDSS family then you shoud use TDSSKiller from Kaspersky lab.
    If it's not TDSS then you will have to use Hitman Pro or Combofix. Also, you should check LAN and router settings.
     
  8. GreyWolf

    GreyWolf Executive VIP Jr. VIP

    Joined:
    Aug 17, 2009
    Messages:
    1,930
    Likes Received:
    5,387
    Gender:
    Male
    Occupation:
    Artist / Craftsman
    Location:
    sitting at my PC
    thanks for the mini guide and recommended programs 2011nfl.

    for the guys that keep suggesting simple steps, those might work for some viruses but most of the time it takes a lot more than just editing a couple entries in the registry. I have people bring me their pc because they got a virus and many times they are pretty insidious. If you try some simple solution as suggested by $$Money$$ or Bartman you might get lucky, but usually the virus is just going to come right back again. The guys making the viruses are aware of those simple solutions and will usually make the virus circumvent those possibilities.

    Along with ideas and suggestions on how to get rid of viruses, I'm also looking for some information on what would be the best AVS to load on other peoples computers. I've been loading AVG for them, but I noticed that caused me a bunch of problems with running malewarebytes and combofix. They really don't like AVG.

    This is for other peoples computers that are fairly computer illiterate. So it needs to be something free, that won't expire due to a subscription. Updates regularly etc. Basically the same thing as AVG free version. I was considering either sticking with giving out AVG or maybe switching to AVAST, but I'm wanting to know if there is something even better now.

    Anyone have any better recommendations for FREE antivirus software?
     
    Last edited: Jan 6, 2011
  9. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    As far as free antivirus software goes I have found Avira to be slightly better then Avast or AVG. Easy to use, updates regularly without any user interaction, doesn't consume alot of resources, free to use and doesn't require registration. Higher detection rates with Avira (really high if you want) but on the other hand that means more false positives. Just make sure you google how to disable the annoying nagware popups if you decide to use it ;)
     
    • Thanks Thanks x 1
  10. 2011nfl

    2011nfl Supreme Member

    Joined:
    Aug 9, 2010
    Messages:
    1,223
    Likes Received:
    5,955
    Location:
    Dallas, Texas
    Home Page:


    I agree with grizzy, avast and avg are both ok, but avira is a little better. But i would like to add that, for a small price, the best one I have found is malwarebytes full antivirus version. They sell lifetime product keys for $25 on their site, but my business partner buys in bulk and sells them to me for $15 each. So if anyone wants to try malwarebytes antivirus, I can see if he will sell them to you all for the same price. Im also doing taxes right now so im not gonna be on too much, but anyone can pm me and I will get back with you when I come back on. Also with that being said, anyone in dallas, come to me to get your taxes done, or if you know anyone in dallas and you refer them you will get $25 referral... Hmm that might be a good market for someone lol :D