Google redirect problem solved using RegRunCK.exe. It detects MAX++ rootkit and removes rootkit's NTFS mount points
If you have the similar problem : "I am having a problem with Google redirects. Almost everytime I do a google search, when I click on a search result, I get redirected to another site." |
You should check your computer immeditelly. Probably you are infected by MAX++ or TDSS rootkit.
Download and open RegRunCK.exe.
RegRunCK.exe is a free of charge. It doesn't include viruses/adware/spyware.
You will see DOS-like window:
Wait for finishing executing of the RegRunCK.exe.
You will see execution log on the screen.
RegRunck.exe v.1.0.3 Processing C:\WINDOWS. Found rootkit point! C:\WINDOWS\$hf_mig$\KB912812\KB912812 Type is MOUNT POINT Final Destination: \Device\__max++>\^ |
If you see the words "Device\__max++" in your result report - you are infected.
Search the report for "Access is denied" text.
If you find the result linke this:
Failed to open:
C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Access is denied.
some of your system files are infected by rootkit and need to be replaced by original files from Windows CD or from another sources.
Why it is dangerous? |
The rootkit is hard in removal and you need be very careful!
If you simply delete rootkit files c:\windows\win32k.sys:1,c:\windows\win32k.sys:2 using your antivirus or another software, this may cause the Windows BSOD at next reboot.
Removal |
Please, follow our instructions step by step:
1. Download RegRun Reanimator (free of charge, no ads):
http://www.greatis.com/reanimator.html
or update your UnHackMe or RegRun Suite software.
Reanimator already includes RegRunCK.exe.
2. Open "Scan for Viruses" screen using Reanimator.
Look at the video lesson how to use "Scan for Viruses".
Watch Video
Reanimator automatically detects presence of the rootkit and starts the "RegRunCK.exe" for removing rootkit's mount points.
RegRunCK has a switch "/f" that is used for going to the removal mode.
To start RegRunCK manually, open Windows Start menu, "All Programs", "Run", type the path to the RegRunCK and switch /f:
regrunck.exe /f
3. Be careful! The "win32k.sys" is stored in the Windows folder is a rootkit file.
The legitimate win32k.sys is located in the Windows\System32 folder.
4. Rootkit will be removed after Windows reboot.
5. Restore infected system files.
Look at the video lesson how to use "Scan for Viruses".
Watch Video
Reanimator automatically detects presence of the rootkit and starts the "RegRunCK.exe" for removing rootkit's mount points.
RegRunCK has a switch "/f" that is used for going to the removal mode.
To start RegRunCK manually, open Windows Start menu, "All Programs", "Run", type the path to the RegRunCK and switch /f:
regrunck.exe /f
3. Be careful! The "win32k.sys" is stored in the Windows folder is a rootkit file.
The legitimate win32k.sys is located in the Windows\System32 folder.
4. Rootkit will be removed after Windows reboot.
5. Restore infected system files.