If you have had the misfortune of acquiring the "Google Redirect Virus" or "Browser Redirect" then you are probably ready to scream! Fixing this so-called Google virus has been an issue for many people.
Ive read many many posts where frustrated people have tried all manner of anti-virus scans and still could not find the problem. Fortunately the Google redirect virus was finally identified as "atapi.sys".
The problem is a rootkit hooked or embedded into the Windows Hard Drive control file "atapi.sys" and slips under the anti-virus radar because atapi.sys is a normal and required windows system file..
Tools such as RootkitRevealer, and GMER were able to locate the problem because atapi.sys was acting unusually. They can detect this because "kernel mode rootkits" exhibit behaviors or anomalies that can be detected by rootkit scanners. It may take several scans to detect the google redirect virus because of the nature of kernel mode rootkits in general.
To repair this issue I recommend downloading and running Combofix because it has been updated to check for this.
If for some reason combofix does not repair the problem, download GMER and scan 3-5 times. This should point to any suspicious system files that may be infected or altered.
If the search reveals a system file is the problem, you need to get a clean copy of that file from either a Windows CD / Re-Install latest Service Pack or the Internet. Be aware that simply copying and pasting the system file may not cure the issue. You may need to boot the infected pc off the Windows CD and select the repair option.
Lastly, to prevent future reinfection, perform a Windows search to locate the infected file, delete the old file and install the clean copy. Right click and select properties. Under the Attributes heading, check the box that says "Read Only" and click "apply".
This will prevent re-infection.
Ive read many many posts where frustrated people have tried all manner of anti-virus scans and still could not find the problem. Fortunately the Google redirect virus was finally identified as "atapi.sys".
The problem is a rootkit hooked or embedded into the Windows Hard Drive control file "atapi.sys" and slips under the anti-virus radar because atapi.sys is a normal and required windows system file..
Tools such as RootkitRevealer, and GMER were able to locate the problem because atapi.sys was acting unusually. They can detect this because "kernel mode rootkits" exhibit behaviors or anomalies that can be detected by rootkit scanners. It may take several scans to detect the google redirect virus because of the nature of kernel mode rootkits in general.
To repair this issue I recommend downloading and running Combofix because it has been updated to check for this.
If for some reason combofix does not repair the problem, download GMER and scan 3-5 times. This should point to any suspicious system files that may be infected or altered.
If the search reveals a system file is the problem, you need to get a clean copy of that file from either a Windows CD / Re-Install latest Service Pack or the Internet. Be aware that simply copying and pasting the system file may not cure the issue. You may need to boot the infected pc off the Windows CD and select the repair option.
Lastly, to prevent future reinfection, perform a Windows search to locate the infected file, delete the old file and install the clean copy. Right click and select properties. Under the Attributes heading, check the box that says "Read Only" and click "apply".
This will prevent re-infection.
