您(Are)是否面临网络浏览器自动重定向到奇怪和可疑网站的问题?这些(Are)重定向主要指向电子商务网站、赌博网站吗?您是否有很多弹出窗口显示广告内容?您可能感染了Google Redirect Virus。
Google重定向病毒是互联网上有史以来最烦人、最危险和最棘手的感染之一。该恶意软件可能不被认为是致命的,因为这种感染的存在不会使您的计算机崩溃并使其无用。但它被认为是令人讨厌的而不是致命的,因为不需要的重定向和弹出窗口可能会让任何人感到沮丧。
Google重定向病毒不仅可以重定向Google结果,还可以重定向Yahoo和Bing搜索结果。所以不要对听到 Yahoo Redirect Virus 或 Bing Redirect Virus感到惊讶。该恶意软件还会感染任何浏览器,包括Chrome、Internet Explorer、Firefox等。由于Google Chrome是最常用的浏览器,因此有人根据它重定向的浏览器将其称为Google Chrome Redirect 病毒。(Google Chrome Redirect virus)最近, 恶意软件(malware)编码人员修改了他们的代码以创建变体,以逃避安全软件的轻松检测。最近的一些变种是 Nginx Redirect Virus、 Happili Redirect Virus 等。所有这些感染都属于重定向病毒,但代码和攻击方式有所不同。
根据 2016 年的一份报告,谷歌(Google)重定向病毒已经感染了超过 6000 万台计算机,其中 1/3 来自美国。截至2016 年 5 月(May 2016),随着报告病例数量的增加,感染似乎已经卷土重来。
为什么谷歌重定向病毒(Google Redirect Virus)很难删除?
Google Redirect Virus是一个 rootkit 而不是病毒。rootkit 与一些重要的 Windows 服务相关联,使其像操作系统文件一样工作。这使得识别受感染的文件或代码变得困难。即使您识别出该文件,也很难删除该文件,因为该文件是作为操作系统文件的一部分运行的。该恶意软件的编码方式使其不时从相同的代码创建不同的变体。这使得安全软件难以捕获代码并发布安全补丁。即使他们成功地创建了补丁,如果恶意软件再次攻击包含不同的变体,它也会变得无效。
谷歌重定向病毒(Google redirect virus)很难删除,因为它能够隐藏在操作系统深处,并且能够删除它如何进入计算机的痕迹和足迹。一旦它进入内部,它就会将自己附加到核心操作系统文件(System)中,这使它看起来像是在后台运行的合法文件。即使检测到受感染的文件,有时也很难消除它与操作系统文件的关联。截至目前,市场上没有任何一款安全软件可以保证您 100% 免受这种感染。这解释了为什么即使安装了安全软件,您的计算机也会首先受到感染。
此处的文章解释了如何手动选择和手动删除Google重定向病毒。从技术人员的角度来看,这是对抗这种感染的最有效方法。为一些最大的安全软件品牌工作的技术人员现在也采用同样的方法。尽一切努力使教程简单易懂。
如何删除谷歌重定向病毒
1. 尝试在线可用的工具或寻求专业工具
(1. Try tools available online or go for a professional tool
)市场上有很多可用的安全工具。但是这些工具都不是专门为删除谷歌重定向病毒而开发的。虽然一些用户使用一个软件成功地消除了感染,但在另一台计算机上可能无法正常工作。一些人最终尝试了所有不同的工具,这些工具通过破坏操作系统和设备驱动程序文件来制造更多问题。大多数免费工具都难以信任,因为它们以破坏操作系统文件并使其崩溃而闻名。因此,在尝试任何免费工具之前备份重要数据以更安全。您还可以从专门消除这种感染的专业人员那里获得帮助。我不是在谈论将您的计算机带到技术商店或打电话给极客小队,这会花费您很多钱。我确实提到了一项服务,在此之前你可以尝试作为最后的手段。(try as a last resort.)
2.尝试手动删除谷歌重定向病毒(Try to remove google redirect virus manually)
除了使用软件运行扫描并修复它之外,没有更简单的方法可以消除感染。但是,如果软件无法解决问题,最后的手段是尝试手动删除感染。手动删除方法非常耗时,你们中的一些人可能会发现很难按照其技术性质的说明进行操作。此方法非常有效,但未能正确遵循说明或识别受感染文件时可能出现人为错误可能会使您的努力无效。为了让每个人都更容易理解,我制作了一个分步视频来解释细节。它显示了病毒清除专家用于手动清除病毒感染的完全相同的步骤。你可以在这篇文章的结尾找到视频。
手动删除Google 重定向病毒(Google Redirect Virus)的故障排除步骤
与大多数感染不同,在Google Redirect Virus的情况下,您只会发现一两个与感染相关的文件。但是,如果最初忽略感染,则受感染文件的数量似乎会在一段时间内增加。因此,一旦发现重定向问题,最好尽快摆脱感染。按照下面提到的故障排除方法摆脱Google重定向病毒。下面还有一个视频。
1.通过打开文件夹选项启用隐藏文件(1. Enable hidden files by opening Folder Options)
默认情况下隐藏操作系统文件以防止意外删除。受感染的文件试图隐藏在操作系统文件中。因此,建议在开始故障排除之前取消隐藏所有隐藏文件:
- 按 Windows 键 + R 打开 运行(Run) 窗口
- 类型 控制文件夹(Control folders)
- 单击 查看( View) 选项卡
- 启用显示隐藏文件、文件夹和驱动器(show hidden files, folders and drives)
- 取消选中隐藏已知文件类型的扩展名(hide extensions for known file types)
- 取消选中隐藏受保护的操作系统文件(hide protected operating system files)
2.打开msconfig(2. Open Msconfig)
使用MSConfig工具启用引导日志文件。
- 打开 运行(Run) 窗口
- 键入 msconfig
- 如果您使用的是Windows(Windows 10) 10、8 或 7,请单击 Boot选项卡。在您使用(Boot)Win XP时,请选择 boot.ini 选项卡
- 检查 引导日志(bootlog) 以启用它
- 单击 应用(Apply) ,然后单击 确定(OK)
只有最后一步才需要引导日志文件。
3.重启电脑(3. Restart Computer)
重新启动计算机以确保您所做的更改得到实施。(在重新启动计算机时,会创建一个文件 ntbttxt.log,稍后将在故障排除步骤中进行讨论)。
4.做一个完整的IE优化(4. Do a Complete IE optimization)
已完成Internet(Internet) Explorer 优化以确保重定向不是由 Web 浏览器中的问题或在线连接浏览器的 Internet 设置损坏引起的。如果优化正确,浏览器和互联网设置将重置为原始默认值。
注意:(Note:)在进行 IE 优化时发现的一些互联网设置对于所有浏览器都是通用的。所以,不管你用的是Chrome、Firefox、Opera等,还是建议做个 IE 优化。
5.检查设备管理器(5. Check Device Manager)
设备管理器(Device Manager)是一个 Windows 工具,它列出了您计算机中的所有设备。一些感染能够隐藏可用于恶意软件攻击的隐藏设备。检查(Check)设备管理器以查找任何受感染的条目。
- 打开 运行(Run) 窗口(Windows 键 + R)
- 键入 devmgmt.msc
- 单击 顶部的查看选项卡(View)
- 选择显示 隐藏设备(hidden devices)
- 寻找 非即插即用驱动程序(non-plug and play drivers)。展开它以查看选项下的整个列表。
- 检查(Check)任何条目TDSSserv.sys。如果您没有该条目,请查找任何其他看起来可疑的条目。如果您无法确定条目的好坏,请使用名称进行谷歌搜索以查找其是否真实。
如果发现该条目是受感染的,请右键单击它,然后单击卸载(click uninstall)。卸载完成后,请勿重新启动计算机。继续故障排除,无需重新启动。
6.检查注册表(6. Check Registry)
检查注册表中的受感染文件:
- 打开 运行(Run) 窗口
- 键入 regedit 打开注册表编辑器
- 单击 编辑(Edit) > 查找(Find)
- 输入(Enter)感染名称。如果是长的话,输入被感染条目的前几个字母
- 单击(Click)编辑-> 查找。输入感染名称的前几个字母。在这种情况下,我使用TDSS并搜索以这些字母开头的任何条目。每次有一个以TDSS开头的条目时,它都会在左侧显示条目,在右侧显示值。
- 如果只有一个条目,但没有提及文件位置,则直接将其删除。使用TDSS(TDSS)继续(Continue)搜索下一个条目
- 下一次搜索将我带到一个条目,该条目在右侧有文件位置的详细信息,上面写着 C:WindowsSystem32 TDSSmain.dll。您需要利用此信息。打开文件夹C:WindowsSystem32,找到并删除这里提到的TDSSmain.dll。
- 假设您无法在 C:WindowsSystem32中找到文件TDSSmain.dll 。这表明条目是超级隐藏的。您需要使用命令提示符删除该文件。只需(Just)使用命令将其删除。del C:WindowsSystem32 TDSSmain.dll
- 重复相同的操作,直到删除注册表中以TDSS开头的所有条目。确保(Make)这些条目是否指向文件夹内的任何文件,直接或使用命令提示符将其删除。
假设您无法在设备管理器下的隐藏设备中找到 TDSSserv.sys,然后转到步骤 7。(Assume that you were not able to find TDSSserv.sys inside hidden devices under device manager, then go to Step 7.)
7. 检查 ntbtlog.txt 日志中是否有损坏的文件(7. Check ntbtlog.txt log for corrupted file)
通过执行步骤 2,在 C:Windows 中生成了一个名为 ntbtlog.txt 的日志文件。这是一个包含大量条目的小型文本文件,如果您打印出来,这些条目可能会超过 100 页。您需要慢慢向下滚动并检查是否有任何条目TDSSserv.sys表明存在感染。按照步骤 6(Step 6)中提到的步骤进行操作。
在上述案例中,我只提到了TDSSserv.sys,但还有其他类型的 rootkit 会造成同样的破坏。让我们处理我朋友 PC 的设备管理器下列出的 2 个条目H8SRTnfvywoxwtx.sys和_VOIDaabmetnqbf.sys 。了解它是否是危险文件背后的逻辑主要是通过它们的名称。这个名字毫无意义,我认为任何有自尊心的公司都不会给他们的文件起这样的名字。在这里,我使用了前几个字母H8SRT和_VOID并执行了步骤 6(Step 6)中提到的步骤来删除受感染的文件。(请注意:H8SRTnfvywoxwtx.sys 和 _VOIDaabmetnqbf.sys 只是一个示例。损坏的文件可以以任何名称出现,但由于文件名较长且名称中存在随机数字和字母,因此很容易识别(Please Note: H8SRTnfvywoxwtx.sys and _VOIDaabmetnqbf.sys are just an example. The corrupted files can come in any name, but it will be easy to recognize because of the long file name and the presence of random numbers and alphabets in the name)。)
请您自担风险尝试这些步骤。上述步骤不会使您的计算机崩溃。但为了更安全,最好备份重要文件,并确保您可以选择使用 OS 磁盘修复或重新安装操作系统。
一些用户可能会发现这里提到的故障排除很复杂。让我们面对现实吧,感染本身很复杂,甚至专家都在努力摆脱这种感染。
推荐:(Recommended:) 如何从 Android 手机中删除病毒(How to Remove a Virus from an Android Phone)
您现在有了明确的说明,包括有关如何摆脱Google重定向病毒的分步指南。此外,如果这没有成功,您知道该怎么做。在感染扩散到更多文件并使 PC 无法使用之前立即采取措施。分享本教程,因为它对面临同样问题的人有很大的不同。
Google Redirect Virus – Step-by-step Manual Removal Guide
Are you facing problems with your web browser getting automatically redirected to strаnge and suspicious-looking websites? Are these redіrects mainly pointing towards an e-commerce ѕite, gambling siteѕ? Do you have many pop-ups coming up displаying ad content? Сhances are you might have a Google Redirect Virus.
Google redirect virus is one of the most annoying, dangerous, and toughest infections ever released on the internet. The malware may not be considered deadly, as the presence of this infection is not going to crash your computer and make it useless. But it is considered annoying than deadly because of the unwanted redirects and pop-ups which may frustrate anyone to no end.
Google redirect virus not only redirects Google results but is capable of redirecting Yahoo and Bing search results as well. So don’t be surprised to hear Yahoo Redirect Virus or Bing Redirect Virus. The malware also infects any browser including Chrome, Internet Explorer, Firefox, etc. Since Google Chrome is the most used browser, some call it Google Chrome Redirect virus based on the browser it redirects. Recently, malware coders modified their codes to create variations to escape easy detection from security software. Some recent variations are Nginx Redirect Virus, Happili Redirect Virus, etc. All these infections come under redirect virus, but variation in the codes and mode of attack.
According to a 2016 report, the Google redirect virus has already infected more than 60 million computers wide, out of which 1/3rd is from the US. As of May 2016, the infection seems to have made come back with an increasing number of reported cases.
Why is Google Redirect Virus tough to remove?
Google Redirect Virus is a rootkit and not a virus. The rootkit gets itself associated with some of the important windows services which make it work like an operating system file. This makes it difficult to identify the infected file or code. Even if you identify the file, it is difficult to delete the file because the file is running as part of an operating system file. The malware is coded in such a way that it creates different variants from the same code from time to time. This makes it difficult for the security software to catch the code and release a security patch. Even if they succeed in creating a patch, it becomes ineffective if the malware attack again which contains a different variant.
Google redirect virus is tough to remove because of its ability to hide deep inside the operating system and also its ability to remove traces and footprints on how it got inside the computer. Once it gets inside, it attaches itself with core Operating System files which makes it look like a legitimate file running in the background. Even if the infected file is detected, at times it is hard to remove cos of its association with the operating system file. As of now, not a single security software in the market can guarantee you 100% protection from this infection. This explains, why your computer got infected in the first place even with security software installed.
The article here explains how to handpick and manually remove the Google redirect virus. From a technician’s angle, this is the most effective method against this infection. Technicians working for some of the biggest security software brands are now following the same method. Every attempt is made to make the tutorial simple and easy to follow.
How to Remove Google Redirect Virus
1. Try tools available online or go for a professional tool
There are plenty of security tools available in the market. But none of these tools are developed specifically for removing the google redirect virus. While some users had success in removing the infection using one software, the same may not work on another computer. A few end up trying all different tools which create more problems by corrupting OS and device driver files. Most of the free tools are hard to trust as they have a reputation for corrupting operating system files and crashing them. So take a backup of important data before trying any free tools to be on the safer side. You can also get help from professionals who specialize in removing this infection. I am not talking about taking your computer to a tech shop or calling geek squad which costs you a lot of money. I did mention a service before which you can try as a last resort.
2. Try to remove google redirect virus manually
There is no easier way to remove an infection other than running a scan using software and fixing it. But if the software fails to fix the problem, the last resort is to try removing the infection manually. Manual removal methods are time-consuming and some of you might find it hard to follow instructions cos of its technical nature. This method is very effective, but failure to follow instructions properly or the possibility of human error in identifying the infected file can render your efforts ineffective. To make it easier for everyone to follow, I created a step-by-step video explaining details. It shows the same exact steps used by virus removal experts to remove virus infection manually. You can find the video towards the end of this post.
Troubleshooting steps for removing Google Redirect Virus manually
Unlike most infections, in the case of Google Redirect Virus, you will find only one or two files which is related to the infection. But if the infection is ignored initially, the number of infected files seems to increase over a period of time. So better get rid of the infection as soon as you find redirect problems. Follow the troubleshooting methods mentioned below to get rid of the Google redirect virus. There is also a video below.
1. Enable hidden files by opening Folder Options
Operating system files are hidden by default to prevent accidental deletion. Infected files try to hide among the OS files. So it is advised to unhide all hidden files before starting troubleshooting:
- Press Windows Key + R for opening Run Window
- Type Control folders
- Click View tab
- Enable show hidden files, folders and drives
- Uncheck hide extensions for known file types
- Uncheck hide protected operating system files
2. Open Msconfig
Use the MSConfig tool to enable bootlog file.
- Open Run window
- Type msconfig
- Click Boot tab if you are using Windows 10, 8 or 7. In you are using Win XP, select boot.ini tab
- check bootlog to enable it
- Click Apply and click OK
The bootlog file is only needed in the last step.
3. Restart Computer
Restart the computer for making sure that the changes you made are implemented. (On restarting the computer a file ntbttxt.log is created which is discussed later in troubleshooting steps).
4. Do a Complete IE optimization
Internet explorer optimization is done to ensure that redirection is not caused by a problem in the web browser or corrupted internet settings that connects the browser online. If optimization is done properly, the browser and internet settings are reset back to original defaults.
Note: Some of the internet settings found while doing IE optimization are common for all browsers. So, it doesn’t matter if you use Chrome, Firefox, Opera, etc., it is still recommended to do an IE optimization.
5. Check Device Manager
Device Manager is a Windows tool that lists all the devices inside your computer. Some infections are capable of hiding hidden devices which can be used for malware attack. Check device manager to find any infected entries.
- Open Run window (Windows Key + R)
- Type devmgmt.msc
- Click View tab on the top
- Select show hidden devices
- Look for non-plug and play drivers. Expand it to see the entire list under option.
- Check for any entry TDSSserv.sys. If you don’t have the entry, look for any other entries which look suspicious. If you can’t make up your mind about an entry is good or bad, then do a google search with the name to find if it is genuine.
If the entry is found to be an infected one, right-click on it and then click uninstall. Once the uninstall is complete, don’t restart the computer yet. Continue troubleshooting without restarting.
6. Check Registry
Check for the infected file inside the registry:
- Open Run window
- Type regedit to open registry editor
- Click Edit > Find
- Enter the infection name. If it is a long one, enter the first few letters of infected entry
- Click on edit –> find. Enter the first few letters of the infection name. In this case, I used TDSS and searched for any entries starting with those letters. Every time there is an entry starting with TDSS, it shows the entry on the left and the value on the right side.
- If there is just an entry, but no file location mentioned, then delete it directly. Continue searching for next entry with TDSS
- The next search took me to an entry that got details of file location on the right which says C:\Windows\System32\TDSSmain.dll.You need to utilize this information. Open folder C:\Windows\System32, find and delete TDSSmain.dll mentioned here.
- Assume that you were not able to find the file TDSSmain.dll inside C:\Windows\System32. This shows entry is super hidden. You need to remove the file using the command prompt. Just use the command to remove it. del C:\Windows\System32\TDSSmain.dll
- Repeat the same until all entries in the registry starting with TDSS is removed. Make sure if those entries are pointing towards any file inside the folder remove it either directly or by using the command prompt.
Assume that you were not able to find TDSSserv.sys inside hidden devices under device manager, then go to Step 7.
7. Check ntbtlog.txt log for corrupted file
By doing step 2, a log file called ntbtlog.txt is generated inside C:\Windows. It’s a small text file containing a lot of entries which might run to more than 100 pages if you take a printout. You need to scroll down slowly and check if you have any entry TDSSserv.sys which shows that there is an infection. Follow the steps mentioned in Step 6.
In the above-mentioned case, I mentioned only about TDSSserv.sys, but there are other types of rootkits that do the same damage. Let’s take care of 2 entries H8SRTnfvywoxwtx.sys and _VOIDaabmetnqbf.sys listed under device manager in my friend’s PC. The logic behind understanding if it is a dangerous file or not is mainly by their name. This name makes no sense and I don’t think any self-respecting company will give a name like this to their files. Here, I used the first few letters H8SRT and _VOID and did the steps mentioned in Step 6 to remove the infected file. (Please Note: H8SRTnfvywoxwtx.sys and _VOIDaabmetnqbf.sys are just an example. The corrupted files can come in any name, but it will be easy to recognize because of the long file name and the presence of random numbers and alphabets in the name.)
Please try these steps at your own risk. steps mentioned above won’t crash your computer. But to be on the safer side, it is better to take a backup of important files and ensure that you have the option to repair or re-install the operating system using OS disk.
Some users might find the troubleshooting mentioned here complicated. Let’s face it, the infection itself is complicated and even the experts struggle in order to get rid of this infection.
Recommended: How to Remove a Virus from an Android Phone
You now have clear instructions including step by step guide on how to get rid of the Google redirect virus. Also, you know what to do if this didn’t work out. Take action immediately before the infection spreads to more files and renders the PC unusable. Share this tutorial as it makes a huge difference to someone facing the same problem.