Why Does Google Keep Re-Directing Me?by Scott Knickelbine ; Updated September 15, 2017
One type of malicious software that reared its ugly head in 2010 is known as a Google Redirect Virus. When you try to follow a Google search result, the virus redirects your browser to a different website. If you're seeing this kind of behavior in your Google searches, you need to scan your computer for this virus.
How Google Redirect Virus Works
The Google Redirect Virus goes by many names, including TDSS, Alureon and Tidserv. Goggle redirects can also be a function of other viruses and malware programs, such as the XP Repair Virus. It is a combination of a Trojan file that corrupts browsers, and a rootkit virus that allows the Trojan to evade detection and removal. It can also open a non-secure "back door" to your computer, allowing other malicious code to be installed, even if your virus software is running.
About Rootkit Viruses
Rootkit viruses install themselves in the computer's Master Boot Record, so that they start every time the computer is rebooted, usually before other programs or services are started. Once there, they intercept any calls to their resource files, so that virus scanners can't find them. Even if some infected are detected and removed, as long as the rootkit remains in place they will simply be reinfected on the next bootup.
Removing With Anti-Virus Software
Some types of anti-virus software are particularly good at removing Google redirect viruses, such as Malwarebytes and A-Squared Anti-Malware. The good news is that both of these applications are free. Be sure that the threat databases of these programs have been updated before you run them, however.
Removing With Stand-Alone Applications
Several stand-alone programs are also available that specifically target Google redirect viruses and related malware. Among these are TDSSKiller from Kaspersky, Stinger from McAfee and CureIT! by Dr. Web. It's important to read the instructions before you use these applications, however; often they must be renamed before they are installed, to outwit rootkit processes that are dedicated to stopping them.