Alureon/Google Redirect Virus Removal

This virus has many names, Alureon, Google Redirect, TDSS, TDL3 and is part of a family of malware known as rootkits. Rootkits are viruses that attempt to hide themselves deep inside your operating system so that anti-virus programs cannot remove them. You can read more about rootkits here. Luckily, Kaspersky developed a free tool called TDSS Killer that can detect and remove these rootkits. Bleeping Computer has a nice guide and discussion forum centered around rootkits and this virus located at http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller. This guide will walk you through using this tool to remove the virus.

Step 1: Download TDSS Killer from http://www.bleepingcomputer.com/download/tdsskiller/dl/4/
Step 2: You may need to rename the file you just downloaded before it will run. To do this, right click on tdsskiller.exe and click “Rename”. Change it to a random name such as “123.com” and run it. If that did not work, try renaming it to “iexplore.com” and run it.
Step 3: You will need to accept Kaspersky’s terms before running. Next click the “Start scan” button.
Step 4: TDSS Killer will now scan your computer and then display a window with what it found. Click “Continue”.
Step 5: After it has finished cleaning, click the “Reboot now” button and restart your computer.

For an added layer of security, you could now run Malwarebytes Anti-Malware.

Step 1: Download Malwarebytes Anti-Malware from https://www.malwarebytes.org/mwb-download/
Step 2: Run the setup files and install Malwarebytes.
*When installing Malwarebytes you will have the option to enable a free 30 day trial of their premium service, this is not required.
Step 3: Click the ÔÇ£Scan NowÔÇØ button in green, if an update is available then click the ÔÇ£Update NowÔÇØ button in the bottom right. The scan will begin once the update is finished.
Step 4: The scan may take some time, depending on your computer and the number of infections, but once it is finished click the ÔÇ£Apply ActionsÔÇØ button in green.
Step 5: Malwarebytes may or may not request that you reboot your computer after it has removed the infections, if it does you may proceed to reboot.