How to Get Rid of a Google Redirecting Virus

By Jason Spidle

Updated September 15, 2017

The Google redirect virus hijacks the Google search result page.
i positive results image by Pix by Marti from

Viruses and malware have always targeted Internet usage as a way to take advantage of unknowing users. More often than not, it was the existence of vulnerabilities in browsers like Internet Explorer that allowed the viruses to capture private data or install malicious software. Now viruses are targeting Google as a way to extract information and trick users into installing software that opens their system to further abuse. These browser-independent viruses can redirect links in Google search results to unsafe web pages. While standard measures like running an anti-virus or spyware scan should typically remove these infections, there are additional measures you can take in the event that the problem is not resolved.

Restore Domain Name Servers (DNS)

Select “Start,” “Control Panel.”

Double-click “Network and Sharing Center.”

Click “Change adapter settings” in the left-hand sidebar.

Right-click “Local Area Connection” (even if you connect to the Internet wirelessly) and select “Properties.”

Select “Internet Protocol Version 4 (TCP/IPv4)” and click “Properties.”

Select “Obtain DNS server address automatically” if it is not already selected and click “OK.” Some Google redirect viruses simply modify the DNS to redirect your search results. If the DNS servers are manually entered and you did not change them yourself, switching back to automatic will resolve the redirect problem.

Edit Hosts File

Launch Notepad by selecting “Start,” “Programs,” “Accessories,” “Notepad.”

Select “File,” “Open.”

Change the “Files of Type” drop-down menu to “All Files” and navigate to the following folder: C:\Windows\System32\drivers\etc

Open “hosts.”

Delete any lines located below “ localhost.”

Run Malware Removal Tools

Download the Win32/Olmarik Remover (see Resources). This is one of two malware removal tools which are designed specifically to remove the most common Google redirect virus infections.

Double-click EOlmarikRemover.exe and click “Run” to begin the scan. If Win32/Olmarik is detected, it will be removed.

Download the Rootkit.Win32.TDSS Remover (see Resources).

Double-click tdsskiller.exe and click “Run.”

Click “Start Scan.” If the scanner detects Rootkit.Win32.TDSS, it will be removed.


Standard anti-virus and anti-spyware software like Norton, McAfee, AVG, Spybot Search & Destroy and Ad-Aware can be used to detect the Google redirect virus. Be sure to run these scans in addition to performing the outlined steps.