Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

how do I remove google redirect virus??? I can't get onto any sites that will offer help - as they're all "redirected!!"


I've got a GOOGLE REDIRECT VIRUS, and am not able to enter any websites that will give removal information - as I'm being REDIRECTED! I need to know the name of the file to remove...and where/how!!! Any/ALL internet inquiries for assistance are....being redirected/hijacked. HELP.

This happened

Every time Firefox opened

== yesterday.

Chosen solution

Additional System Details

Installed Plug-ins

  • -AOL Media Playback Control
  • Office Plugin for Netscape Navigator
  • ActiveTouch General Plugin Container Version 102
  • npunagi2
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • RealJukebox Netscape Plugin
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Adobe PDF Plug-In For Firefox and Netscape
  • Java(TM) Platform SE binary
  • Default Plug-in
  • Shockwave Flash 10.0 r32
  • 4.0.50524.0
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • Java Plug-in 1.6.0_13 for Netscape Navigator (DLL Helper)
  • DRM Netscape Network Object
  • Npdsplay dll
  • DRM Store Netscape Plugin


  • User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729)

More Information

Application Basics
Profile Directory
Open Containing Folder
Installed Plugins
Build Configuration
Java Console 6.0.02 false
Java Console 6.0.03 true
Java Console 6.0.13 true
Java Quick Starter 1.0 true jqs@sun.com
Microsoft .NET Framework Assistant 1.1 true {20a82645-c095-46ed-80e3-08825760534b}
Modified Preferences
accessibility.blockautorefresh true
accessibility.typeaheadfind.flashBar 0
browser.history_expire_days.mirror 180
browser.history_expire_days_min 0
browser.places.importBookmarksHTML false
browser.places.importDefaults false
browser.places.leftPaneFolderId -1
browser.places.migratePostDataAnnotations false
browser.places.smartBookmarksVersion 2
browser.places.updateRecentTagsUri false
browser.startup.homepage http://www.google.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
browser.startup.homepage_override.mstone rv:
browser.zoom.full false
extensions.lastAppVersion 3.6.6
font.name.serif.x-western Maiandra GD
font.size.variable.x-western 14
general.useragent.extra.microsoftdotnet (.NET CLR 3.5.30729)
network.cookie.cookieBehavior 1
network.cookie.lifetimePolicy 2
network.cookie.prefsMigrated true
places.last_vacuum 1274032384
print.print_printer HP LaserJet P1006
print.printer_HP_LaserJet_P1006.print_bgcolor true
print.printer_HP_LaserJet_P1006.print_bgimages true
print.printer_HP_LaserJet_P1006.print_downloadfonts false
print.printer_HP_LaserJet_P1006.print_edge_bottom 0
print.printer_HP_LaserJet_P1006.print_edge_left 0
print.printer_HP_LaserJet_P1006.print_edge_right 0
print.printer_HP_LaserJet_P1006.print_edge_top 0
print.printer_HP_LaserJet_P1006.print_evenpages true
print.printer_HP_LaserJet_P1006.print_footerleft &PT
print.printer_HP_LaserJet_P1006.print_footerright &D
print.printer_HP_LaserJet_P1006.print_headerleft &T
print.printer_HP_LaserJet_P1006.print_headerright &U
print.printer_HP_LaserJet_P1006.print_in_color true
print.printer_HP_LaserJet_P1006.print_margin_bottom 0.5
print.printer_HP_LaserJet_P1006.print_margin_left 0.200000002980232
print.printer_HP_LaserJet_P1006.print_margin_right 0.200000002980232
print.printer_HP_LaserJet_P1006.print_margin_top 0.5
print.printer_HP_LaserJet_P1006.print_oddpages true
print.printer_HP_LaserJet_P1006.print_orientation 0
print.printer_HP_LaserJet_P1006.print_pagedelay 500
print.printer_HP_LaserJet_P1006.print_paper_data 1
print.printer_HP_LaserJet_P1006.print_paper_height 11.00
print.printer_HP_LaserJet_P1006.print_paper_size_type 0
print.printer_HP_LaserJet_P1006.print_paper_size_unit 0
print.printer_HP_LaserJet_P1006.print_paper_width 8.50
print.printer_HP_LaserJet_P1006.print_reversed false
print.printer_HP_LaserJet_P1006.print_scaling 0.90
print.printer_HP_LaserJet_P1006.print_shrink_to_fit true
print.printer_HP_LaserJet_P1006.print_to_file false
print.printer_HP_LaserJet_P1006.print_unwriteable_margin_bottom 0
print.printer_HP_LaserJet_P1006.print_unwriteable_margin_left 0
print.printer_HP_LaserJet_P1006.print_unwriteable_margin_right 0
print.printer_HP_LaserJet_P1006.print_unwriteable_margin_top 0
print.printer_HP_Photosmart_D7300_series.print_bgcolor false
print.printer_HP_Photosmart_D7300_series.print_bgimages false
print.printer_HP_Photosmart_D7300_series.print_downloadfonts false
print.printer_HP_Photosmart_D7300_series.print_edge_bottom 0
print.printer_HP_Photosmart_D7300_series.print_edge_left 0
print.printer_HP_Photosmart_D7300_series.print_edge_right 0
print.printer_HP_Photosmart_D7300_series.print_edge_top 0
print.printer_HP_Photosmart_D7300_series.print_evenpages true
print.printer_HP_Photosmart_D7300_series.print_footerleft &PT
print.printer_HP_Photosmart_D7300_series.print_footerright &D
print.printer_HP_Photosmart_D7300_series.print_headerleft &T
print.printer_HP_Photosmart_D7300_series.print_headerright &U
print.printer_HP_Photosmart_D7300_series.print_in_color true
print.printer_HP_Photosmart_D7300_series.print_margin_bottom 0.5
print.printer_HP_Photosmart_D7300_series.print_margin_left 0.200000002980232
print.printer_HP_Photosmart_D7300_series.print_margin_right 0.200000002980232
print.printer_HP_Photosmart_D7300_series.print_margin_top 0.5
print.printer_HP_Photosmart_D7300_series.print_oddpages true
print.printer_HP_Photosmart_D7300_series.print_orientation 0
print.printer_HP_Photosmart_D7300_series.print_pagedelay 500
print.printer_HP_Photosmart_D7300_series.print_paper_data 1
print.printer_HP_Photosmart_D7300_series.print_paper_height 11.00
print.printer_HP_Photosmart_D7300_series.print_paper_size_type 0
print.printer_HP_Photosmart_D7300_series.print_paper_size_unit 0
print.printer_HP_Photosmart_D7300_series.print_paper_width 8.50
print.printer_HP_Photosmart_D7300_series.print_reversed false
print.printer_HP_Photosmart_D7300_series.print_scaling 0.70
print.printer_HP_Photosmart_D7300_series.print_shrink_to_fit false
print.printer_HP_Photosmart_D7300_series.print_to_file false
print.printer_HP_Photosmart_D7300_series.print_unwriteable_margin_bottom 0
print.printer_HP_Photosmart_D7300_series.print_unwriteable_margin_left 0
print.printer_HP_Photosmart_D7300_series.print_unwriteable_margin_right 0
print.printer_HP_Photosmart_D7300_series.print_unwriteable_margin_top 0
privacy.clearOnShutdown.offlineApps true
privacy.item.cookies true
privacy.item.offlineApps true
privacy.sanitize.migrateFx3Prefs true
privacy.sanitize.sanitizeOnShutdown true
privacy.sanitize.timeSpan 4
security.OCSP.disable_button.managecrl false
security.warn_viewing_mixed false

Question owner

I have the same problem. Same O/S, same version of Firefox. I've searched the web 'til my fingers bleed and can't seem to find a way to get rid of the thing. I've run just about every scan on the web and nothing touches it. If you can help, please do as I really don't want to have to rebuild my whole system. Somewhere I read these kinds of things are trojans and can infect more than just Firefox. Now I don't trust my system until I can remove it.

  • Top 10 Contributor
  • Moderator
3195 solutions 24389 answers

Some of those re-direct exploits purposely block access to known Anti-Virus application websites, Malware detection application websites, and even support forum websites dealing with garbage like that. Other than re-formatting your computer and re-installing all your Operating Programs and all your programs, your best course of action is to use a different computer to download Malware detection / removal programs, and transfer them to the afflicted PC via a USB stick. Or use that other PC to visit some support forums that specialize in Malware detection for more specialized help than we can provide here at SUMO . BTW, there's a few Rootkit's out there that cause search engine re-directs, they seem to target Google searchs.

Install, update, and run these programs in this order. They are all free for personal use, but some have limited functionality in the "free mode" - but those are features you really don't need to find and remove the problem that you have. (Not all programs detect the same Malware.)

Malwarebytes' Anti-Malware - http://www.malwarebytes.org/mbam.php SuperAntispyware - http://www.superantispyware.com/ AdAware - http://www.lavasoftusa.com/software/adaware/ Spybot Search & Destroy - http://www.safer-networking.org/en/index.html

If these don't find it or can't clear it, post in one of these forums for specialized malware removal help: http://www.spywarewarrior.com/index.php http://forum.aumha.org/ http://www.spywareinfoforum.com/ http://bleepingcomputer.com

Question owner

What is the actual file name/extension of the virus? Can it be found/removed in "safe mode?" I also find it fascinating that GOOGLE is totally unreachable. Their "live help" is dead, no phone numbers, no way to actually write to them for help... extremely "user friendly..." I'd say.

Question owner

Thanks Ed. I'll give it a try. I've already run most of those packages with the exception of the Super Anti-spyware one. I'll give it a try.

Question owner

Just great - when I went on to "bleepingcomputer.com" to try one of their "fixes..." the Google Redirect Virus took over...again. Great help.

clearspt 0 solutions 1 answers

Just wanted to say as a workaround if you right-click on the link in a web page, where you would normally just left-click and zip off to the place you want to go --- right-click and choose "Copy Link Location" --- then paste that into the address bar it seems to avoid the redirection thing.

Where is the solution to this extremely irritating problem ? Mozilla has nothing to say ? Beautiful.

SassyS 0 solutions 1 answers

Also, if you create or have a an igoogle account and stay logged in, it will allow you to right click a link on google and select "Open Uncleaned Link" and this will allow you to open the link as normal. You just have to remember to do this everytime or it will be redirected. I hope we come up with a better solution soon!

RC_Collins 0 solutions 1 answers

I hope this isn't too obvious or non-tech savvy or whatever, but I just used System Restore in Windows and it worked like a charm. Again, apologies if this post is causing eyes to roll or if this is a Linux-only forum or something like that.....

MAllenArt 0 solutions 4 answers

Well I got it again so I did an experiment. I used two other laptops with the same router and it came back so it must locate you from affecting the DNS settings in your router.

Somehow it doesn't instal or leave folders on your system so your virus protection doesn't find it. I think it attacks your router so who ever uses your www connection may encounter it also.

I did find some ways to slow it down using two soft wears. First I used Ad-Aware

and it found something spyware terminator,Avast,AVG,spyware doctor and orbit 360 didn't find. It was two infections called GiftLoad and Win32.Kido

these infections need a removal tool and you can find it here.


and the Giftload remover

TDSSKiller http://www.kaspersky.com/downloads/utils/tdsskiller.zip

More removers good luck! http://www.kaspersky.com/virus-removal-tools

joost5 0 solutions 1 answers

Ad-Aware spotted something my the registry called "eUniverse" (Euniverse.Incredifind) and described it at a level 10 out of 10 data miner.

Plaugh 0 solutions 1 answers

I did not have it on IE as well, so uninstalled and reinstalled Firefox and it seems to have cleared it up.

anavidfan 0 solutions 2 answers

Ive been having the same problems. I uninstalled firefox, then reinstalled, didnt help. Scanned with malwarebytes, nothing showed, uninstalled, same thing, I installed google chrome, same thing. I searched on internet, found lots and lots and lots of others with same problem, so many suggestions and antivirus suggestions, many very complicated and involved with many warnings about messing with registry files etc. Found one that identified the trojan as one that attacks thru firefox . It attaches itself thru registry files in the personal data files firefox creates, such as your bookmarks, cookies etc. I kept getting it again after transferring my bookmarkfiles(json files) that you back up so you keep all your preferences, searches etc) I did about 3 -4 scans with Malwarebytes and finally did another update.(guess it took a while for Malwarebytes to adress and identify the trojans/virus and find a way to zap them. I did a full scan on all my hardrives and found 18 threats including trojans , virus, and registry and HTky errors, pretty scary. Malwarebytes zapped them and now all is well. Unfortunately I could not import my bookmarks and preferences. It didnt affect Internet Explorer as I had never imported preferences to it as I HATE IE. It affected google chrome after I imported my firefox prefs. It seems to attack the search engine in combo with google search. I was at a loss as to what to do as far as weather I should reinstall firefox, but being a bit cautious, I reinstalled chrome, no probs , all is great, perfect searched no redirections, hope this helps. Its terrible going thru this, but Malwarebytes saved the day.Just rescan and do updates, even if you just updated, I update daily, just in case, I had just updated today so as the person who posted the help said, I just kept at the updates with Malware till it caught up with the weapons to kill the google/search redirect monster.

anavidfan 0 solutions 2 answers

PS. If you uninstall firefox or any other search engine affected, make sure if you do reinstall it, to do a CLEAN install, meaning you have to go thru your programs and get rid of any thing left after uninstalling firefox, files will be in the program files, in your users app data(usually a hidden file) , just go to folder options in windows and check show hidden files and it will show up. it will be in users, app data, local, and in a file called mozilla firefox. Hope all this helps.

sumrah 0 solutions 1 answers

Helpful Reply

This malware is actually in your add-ons. Go to Tools in your browser and click Add-ons and see if there are any add-ons that you didn't install. Mine was called XUL Cache that added itself. I uninstalled it and the problem was gone but the addon can have different names.

Modified by Noah_SUMO

jackieaustin 1 solutions 5 answers

Chosen Solution

check this out: http://reallyhowto.com/24-minutes-google-redirect-virus-removal/

Worked like a charm!!!

cuayicra 1 solutions 3 answers

Thanks a lot Jackie, really helpful. it worked

tekkenjourney 0 solutions 1 answers

Google Redirect Virus is a rootkit and one of the toughest infection to fix.Try the steps mentioned in the article google redirect virus removal guide .There is also a video guide on how to remove the infection.

Hope this helps

Modified by tekkenjourney

coolaij 0 solutions 1 answers

Download and run an anti-rootkit tool to fix any redirect issues on your Web browser. Anti-rootkit tools are capable of detecting any hidden rootkits that can cause your Web browser to malfunction.They will also monitor your computer for malware infections.

You can use following Tool from below site to remove redirect virus correctly, It worked for me. http://googleredirectvirusremovaltoolx.webs.com

690771 0 solutions 3 answers

You have this Google Redirect Virus, don't worry I had it too and here is the easiest permanent solution - Google Redirect Virus Removal Tool

Good Luck!

removed spam link and kept thread as is for moment.

Modified by James