If you have ever been infected with the Google Redirect virus, you’ll know how annoying it can be. A Google Redirect virus affects your searching abilities. When you go to Google, or any other search engines, and do a search, the virus randomly redirects you to websites that are totally irrelevant to your search terms. Your computer will also start to slow down dramatically. It may take you two or three tries to eventually end up on the right site.

Not only is a Google redirect virus very annoying and time consuming, but it also may lead to a malicious website that could further infect your computer. Your computer can become infected with spyware and other viruses, also known as browser hijacking.

Most of the time you’ll never know that your computer has been taken over. Then the spyware infiltrates your system and gets access to personal information like credit card numbers, passwords, personal banking info and more. This is the start of your identity being stolen.

The first thing you should do to get rid of the Google redirect virus is to scan your computer using any free spyware scanner. Sometimes this simple scan and clean will clear out the virus. If that doesn’t work, then try scanning your computer in the ‘safe mode’. Then remove any infected files.

If the previously mentioned solution doesn’t work then you’ll have to go out and buy a trusted anti-spyware software like PCTools’ Spyware Doctor. When you’re looking for an anti virus software you should be going online to find one that has had some good reviews written about it. Spyware Doctor has received great reviews through the years like PC Magazine Editor’s Choice and PC World Best Buy Award. Go ahead and download Spyware Doctor below and perform a free scan of your system. This will give you an excellent view regarding the health of your system and verify if you are infected with Google Virus or any other malware.

When you do find one tool that you trust, simply download to your computer by following the prompts. Once it has been successfully downloaded you can run the ‘scan’ feature of the program. This will initiate the scanning of all your files and directories and notify you when it has found a malicious virus. This process may take a little time as it has a lot to go through. Once the program has finished its scan, you can view a list of all the infected files and directories.

In most cases you’ll have the option of completely deleting them or you can have them quarantined or sent to a vault for safe keeping. Either one of those options are sufficient. To make 100% sure that your anti virus software found all there was to find, it is recommended that you reboot your computer and do another scan.
If you want to remove a Google redirect virus completely, and make sure that it doesn’t come back, then purchasing an anti virus software will be your best bet. Some anti virus software will come complete with life time updates, while others may only be good for one year. So be sure that you know exactly what you’re getting. Another great way to find software that will eliminate the Google redirect virus is to talk to your local computer repair store like Geek Squad or similar. A lot of the time they’ll tell you to bring it in, but if they’re kind they’ll tell what they would use to fix it.

EDIT: There is a final version of BackTrack4 released, both an ISO image and a VMWare image. Also, backtrack is now distributed from www.backtrack-linux.org instead of remote-exploit.org. I suggest you to download and install the final VMware version.

I have been using BackTrack3 so far for my ethical penetration testing tasks with great success. I decided recently to give BackTrack4 a try, even if it’s still in Pre-Release stage. The guys at remote-exploit state that even if it is pre-final stage, this release is the sturdiest from all previous BackTrack versions so I decided to try it now rather than waiting for the final release. A notable change with BackTrack4 is that it uses Ubuntu now as the underlying operating system which is a very good move in my opinion.

I will explain below the steps I took to install BackTrack4 on VMWare Workstation running on Windows XP Pro. I have used VMWare Workstation 6.5.3 (it should work with older versions) and BackTrack4 pre-final.

First download the BackTrack 4 pre-final file (bt4-pre-final.iso) from its original location from http://www.remote-exploit.org/backtrack_download.html. The file comes in dvd ISO format. Save the iso file locally on your hard disk.

• Start the VMWare Workstation and go to File>New>Virtual Machine
• Select Typical Install
• Select option to use Installer Disc image file (iso)
• Click the Browse button to find the ISO image that you downloaded above.
• Click Next, select Linux and for version select Ubuntu.
• Click Next and select the location where the Virtual Machine will be installed.
• Leave the defaults (maximum disk size 8GB and Store Virtual disk as a single file).
• Click Next and Finish.
• Go to “Edit virtual machine settings” and change the network adapter to “Bridged”.
• Power on the virtual machine.
• This will boot up the Live CD from the ISO image and give you several boot options. Select the first option (BackTrack Framebuffer 1024×768).
• After it boots, it will get you into command line prompt as root@bt:#
• Type startx
• This will take you into the graphical interface of BackTrack. However you are still under Live CD. Any changes you make will be lost with next reboot. Therefore you need to install it on the VMWare virtual disk.
• Double click the “install.sh” script that you see on the desktop. This will start the installation procedure. Follow all steps. This will finally install BackTrack on the VMWare disk.
• Press “Restart” button to reboot. After rebooting, it will now boot from the VMware disk and not from the Live CD. At the login prompt, enter the username and password that you configured during the graphical installation above.
• You need to configure a root password here. Type “sudo passwd root”. It will ask you for your own user password to execute the command above. Then it will ask you to enter new password for root (twice). After that, the password for root will be changed.
• Login as root and get into graphical interface with startx.
• You are ready to Rock Baby!!!

I advice you to visit the offensive security blog (http://www.offensive-security.com/blog/) to read some very useful posts about BackTrack4. Especially useful is the post about upgrading the Kernel which is required because of a security hole in the default Kernel of bt4.

Make Sure to Follow all steps exactly below.

STEP 1: Download the Antispyware Tool Below

STEP 2: Download the Following two Registry Fix Files

Enable-Task-Manager.reg
Enable-Executables.reg

STEP 3: Read ALL Details Below

If you see a window pop-up like the picture below, it means that you are infected with the Windows Police Pro virus, and this is not good at all!!! Read more details below to learn how to Remove Windows Police Pro both manually and automatically.

As you can see from the picture above, Windows Police Pro looks like a legitimate antivirus software, but this is not true. It is a rogue program that claims to be genuine antivirus software in order to convince the computer user to purchase it. Of course, if you fall in the trap and pay for it, you will just lose your money because Windows Police Pro is a virus itself. For a free scan of your system to verify if you are indeed infected with Windows Police Pro, download the Antispyware tool that I mention in Step1 above, install it and perform a full system scan. If you are unable to run the Antispyware tool I suggest, Download and run also the two Registry Fix Files that I mention in Step 2 above. More Details in the Automatic Removal section below.

If you got infected with this pesky malware, it will block your PC from running various windows legitimate programs stating that they are infected with viruses and thus you can not execute them. Furthermore, various bogus windows warnings and system alerts will start showing up stating that your computer is under attack and that you should purchase Windows Police Pro to fix your system.

You MUST take action immediately to get rid of this scam parasite as soon as possible. You can remove Windows Police Pro either manually or automatically (recommended). Manual removal requires you to be expert in computers and is not recommended since you have to delete entries in the Registry or delete files under “Program Files” folder which makes it kind of dangerous if you don’t know what you are doing. Anyhow, read below for both methods of removing Windows Police Pro permanently.

Remove Windows Police Pro Automatically (Recommended)

Since Windows Police Pro will not allow you to run any programs on your PC and also will disable your task manager, you need to download the following two files and save them on your desktop.

Enable-Task-Manager.reg
Enable-Executables.reg

First double click on the first file (Enable-Task-Manager.reg) and press YES when it asks you to merge the data into your current registry. After you do that, you will be able to start the Task Manager as following:

Press Start + R and then type “taskmgr” and press Enter. This will open the Task Manager window. Put a checkmark on “Show processes from all users”. Then go to “Processes” tab and find the process WindowsPolicePro.exe. Right click on it and select “End Process”. Using the same procedure, stop also the following processes (some processes might not be present on your own system):

svchast.exe or svchasts.exe
ANTI_files.exe
dbsinit.exe
minix32.exe

After you terminate the processes, you need to enable again the ability to execute windows programs on your computer. Double click on the second file that you downloaded above (Enable-Executables.reg) and select YES when it asks you to merge the data into your current registry. After you do that, you will be able to run antispyware tools to clean the infection as described below.

To safely remove Windows Police Pro and any remnants of it, or any other malware and viruses residing on your computer, I would recommend to Download the Free Trial of Spyware Doctor Here, or visit the Spyware Doctor Website for more information. If you have already downloaded and installed the Spyware Doctor in Step 1 at the beginning of this guide then you can skip this step.

You can download the free version of Spyware Doctor and perform a system scan. Spyware Doctor free version is for spyware detection only. If the computer scan confirmed that you are infected, you can register the full version of Spyware Doctor to remove Windows Police Pro permanently.

Remove Windows Police Pro Manually

The following steps are not guaranteed to always work and we take no responsibility for any computer damage. You should proceed only if you know what you are doing. Backup your registry first before proceeding by going to Start>Run>regedit and then File>Export to save the registry.

Step1: Stop Windows Police Pro Processes
Press Start + R and then type “taskmgr” and press Enter. This will open the Task Manager window. Put a checkmark on “Show processes from all users”. Then go to “Processes” tab and find the process WindowsPolicePro.exe. Right click on it and select “End Process”. Using the same procedure, stop also the following processes (some processes might not be present on your own system):

svchast.exe or svchasts.exe
ANTI_files.exe
dbsinit.exe
minix32.exe

Step2: Delete the following Registry Values
Press Start + R and then type “regedit” and press Enter. Delete the following registry keys: (Your system might not contain all the registry keys shown below)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “minix32″
HKEY_CURRENT_USER\SOFTWARE\Windows Police Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_100

Step3: Delete the following files and folders
c:\WINDOWS\system32\dddesot.dll
c:\WINDOWS\system32\desote.exe

Delete the following folder with all files inside the folder:

c:\program files\windows police pro\

Delete also the following:

%UserProfile%\start menu\Programs\windows police pro\Windows Police Pro.lnk
%UserProfile%\Desktop\Windows Police Pro.lnk
c:\WINDOWS\svchasts.exe