Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Google ReDirect Rootkit Infected Computer. MSE Bypassed. How Fix?

10 Jul 2012   #1

Win 7 Pro
Google ReDirect Rootkit Infected Computer. MSE Bypassed. How Fix?

How remove google ReDirect Virus (Rootkit) when MSE has been disabled by it?

My computer is infected with something. I think it's the Google ReDirect Virus, because when I try to go to websites like Trend Micro to get an online virus scanner, I can no longer get there.

Additionally, I am getting pop-up windows from something offering to run a security scan. Sometimes the scan starts by itself. It looks something like Microsoft Security Essentials (which I have); but it is not.

I am getting other pop-ups in bold red windows saying I have a virus; but it's not MSE; and MSE is the virus scanner I am running.

These pop-ups are malicious and I am being forced to click on them to close them, which have I don't know what other effects.

At one point I got a malicious phony full screen ad to buy some virus removal software, and clicking on the X close the page in the upper right corner had no effect to close it. I had to shut down the computer to get rid of it.

MSE seems to have completely missed this virus or rootkit and the rootkit has taken over my computer. I am typing this from a different computer.

I did an internet search for how to remove Google ReDirect, and most of the websites advise to download and run certain applications like MalWareBytes, etc. They seem to completely miss the point that many websites are now inaccessible.

My System SpecsSystem Spec
10 Jul 2012   #2

Windows 7 Professional SP1 64-bit

First, disconnect the infected computer from the internet. On the computer you are currently using to write to us, download the installer for MalwareBytes. Also, follow this link to download an updater for Malwarebytes so that you can update it without an internet connection. Copy those files to a USB flash drive (or comparable removable storage device). Copy the files onto the infected computer and install them. You may have to do this in safe mode. If so, you can run Malwarebytes in safe mode, but it is best to try to run it in normal mode. Do a full scan with MalwareBytes. It should remove any malware, after which you should restart you computer. MSE should be running at that point, and if it is, run a full scan to make sure that MalwareBytes did not miss anything. If not, I, or one of our other experts, will post futher instructions. Please write back to let us know the results.
My System SpecsSystem Spec
19 Jul 2012   #3

Win 7 Pro

Hi, I did not get back to this computer for a couple of days. When I turned it on, there was no sign of the virus like before.

I ran Malwarebytes, and then MSE, which was now available and working normally, and both indicated no virus.

I don't know how to explain it. I've never seen a computer get so messed up and then restore itself to normal like that before.
My System SpecsSystem Spec

19 Jul 2012   #4
Microsoft MVP

Windows 7 Ult. x64

Hi Tom,

I would still treat this with some suspicion. I recommend scanning from outside the Windows boot environment, using a stand-alone scanner. Firstly, you mentioned rootkit, so run this:

Anti-rootkit utility TDSSKiller

and then follow it up with this:

Windows Defender Offline

If it doesn't work for you, let me know and I'll suggest an alternative.

My System SpecsSystem Spec
19 Jul 2012   #5

Win 7 Pro

Hi Golden,

I ran TDSS. It found four items it labled as Medium threats, and recommended Skipping them, but I quarantined them anyway.

They were:

a SiSoftware\Sandra Lite file (thats a PC benchmarking application which I downloaded but have never used)
and Adobe\Switchboard\Switchboard.exe (I use Lightroom and Photoshop, and Flash, but I don't know what this Adobe thing is.)

I got the mssstool64 thing working. I'm loading it onto a USB drive on the same computer that is/was potentially infected. It seems to be working but slowly.

I did also run before something called Microsoft Emergency Response tool or Microsoft Safety Scanner. I forgot to mention that above.
My System SpecsSystem Spec
19 Jul 2012   #6

Windows 7 Home Pro SP1 64bit

I also have got several "You Have A Virus" warnings after clicking on an entry from Google search.

I never click anything within the warning to close these messages.

Right clicking on the task bar, then running Task Manager, then Applications, Highlight browser or website, then End Task works in the great majority of cases.

I have, however, had to power down as you did, to get rid of the message in a couple of hard core cases.

I immediately ran a virus check, and so far, have come up clean after all incidents.
My System SpecsSystem Spec

 Google ReDirect Rootkit Infected Computer. MSE Bypassed. How Fix?

Thread Tools

Similar help and support threads
Thread Forum redirect
I have a redirect i cannot get rid of . I set firefox's homepage to and it DOES open to that. However, if i hit the homepage button on my navigation bar once FF is open, instead of going to it goes to a spam site that has google in the name but instead of .com. I can't...
System Security
removed google redirect, how to be sure
I believe I had a redirect virus. Clicking on links in google brought me to an unrelated page. I removed it using Malwarebytes and MSE. Are there any other programs I should run to be sure?
System Security
HELP!! Google redirect Virus
A few weeks ago I got a virus and my computer got fixed. Since then it seems that I have the Google redirect Virus but when I try to do the fix I found online I can't find the file. Furthermore when I downloaded a new software that would find the Google Redirect Virus and get rid of it it kept...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:31.
Twitter Facebook Google+