Google redirect


Google redirect virus is a set of potentially dangerous computer infections that seek to benefit from ad revenue while exposing users to unsafe content

Google Redirect virus (search results)

Google Redirect virus (search results)

Google redirect virus is a term used to describe browser hijackers,[1] adware and other potentially unwanted programs that display intrusive advertisements, change the homepage, alter search results on Chrome web browser. As evident, these infections have nothing to do with Google and are created by third-parties that seek to monetize on ad revenue. In the meantime, users’ web browsing experience suffers, as they struggle to find relevant information, battle the annoying pop-ups and have to deal with the slow operation of the browser.

On the other hand, Google itself has received enough criticism for spying on its users[2], bypassing phishing links[3] among its search results and allowing malicious apps into Chrome Web Store or Google Play Store.[4] Despite that, the industry giant is trying to reduce the malware inside its own store by tightening its security, improving scanners that block malicious URLs and providing users with plenty of information on how site admins can protect their visitors from malware.[5]

Name Google redirect
Type Adware, browser hijackers and other PUPs that affect Google Chrome web browser
Infection means Third-party websites, bundled software, advertisements, official sites of unwanted programs
Symptoms Symptoms vary depending on type of infection; however, users will notice strange behavior on Google Chrome, such as frequent redirects to suspicious sites, pop-up ads, alternative search results, changed startup page and new tab URL, etc.
Risk factors Malware infection, money loss, sensitive information disclosure to unknown parties, etc.
Detection and termination You can always check the list of the installed app on your device and terminate them manually (check our guide below); alternatively, you can use security software that focuses on potentially unwanted apps, such as SpyHunter 5Combo Cleaner
Recovery Some PUPs might act as malware and alter system settings or infect core files. To revert the damage done, use Reimage Reimage Cleaner Intego

The majority of complaints, reporting URL redirects on Google page, and similar search engines, was recorded in 2012.[6] However, the threat is still viable as it surfaces once in a while. Both Windows 10, Linux, and Mac OS users can be victimized. Note that Google redirect virus iPhone and Android versions also exist. Alternatively, this virus is known as Chrome redirect virus

There is no wonder why the Google redirect virus is so active this year. Browser hijackers causing redirects typically target Google Chrome users because it is the most popular web browser in the world. Clearly, it means that attacking users of this browser means hitting the right spot with the biggest number of potential victims.

Some experts tend to shorten the term and simply call the infection as Google virus. However, we want to clarify the meaning of it. Google virus is a potentially unwanted program (usually a browser hijacker) that meddles with browser settings and worsens user’s browsing and search experience. Typically, such programs are designed to collect victim’s search terms and browsing history data and contaminate regular search results with ads.

In case you noticed an excessive amount of ads in your Google search results or if the appearance of them raises your suspicion, check your system for a browser redirect virus. Some of the programs known to be causing such redirects are: 

Google Redirect browser hijackers
A variety of browser hijackers might affect Google Chrome browser

Google Redirect browser hijackers
A variety of browser hijackers might affect Google Chrome browser

In case you have been noticed that Google redirects you to Yahoo[7] or other domains (these sites can be either well-known ones or totally new to you), you should take necessary measures to solve the problem. Just like Yahoo Redirect virus and Bing redirect virus, Safari redirect virus, it functions as a hybrid of a browser hijacker and a potentially unwanted program.[8]

The main problem here is its elimination – the infection can hide under any URL domain name, so it might troublesome to eradicate it manually. Reimage Reimage Cleaner Intego  or Malwarebytes speed up Google redirect virus removal process. They also save your time by wiping all web scripts and “helper elements.” It is of utmost importance to “uninstall” them all in order not to experience this issue again.

Some users start wondering if they’re infected with some Google virus after experiencing “Google bookmarks redirecting” issue. If your browser unexpectedly initiates a redirect loop once you attempt to open your bookmarks, do not worry. This issue is common and can be fixed quite easily. Usually, all that it takes to fix the problem is to clear browser cache, cookies, and history, or to sign out of your Google account, close the browser and sign in again.

Do not trust Google Lead Services – its is not related to the real technology company

Google Lead Services is a threat to your computer, and it is not related to Google Ad Services (all the concepts, features, and networks that comprise Google AdWords account). You should know that redirects through GoogleAdServices.com occur each time you click on an ad in legitimate Google search results, however, if you happen to be using a fake version of it or a search engine controlled by a browser hijacker, you might experience redirects that go through GoogleLeadServices.com. If you check the website, it states the following (this hoax has nothing to do with Google):

We are not affiliated with or related to Google Lead Services™ in any way. The term “Google” is used as a synonym for “Search”

Google Redirect Google Lead Services
Google Lead Services has nothing to do with the industry giant Google

Google Redirect Google Lead Services
Google Lead Services has nothing to do with the industry giant Google

It seems that the problem with this domain has been bothering both Windows and Mac users for years. Some people complain about Google Lead Services Cookie that prevents smooth navigation in Safari and other browsers. If you have run into this domain during your browsing session, we highly suggest scanning your computer and removing all files and components associated with it.

In case you experience continuous redirects to the described domain, check if your browser’s shortcuts aren’t affected. You can find a comprehensive tutorial on how to do it right below the article.

Threats that browser redirect viruses pose

“Is Google redirect virus dangerous”? This is one of the questions curious users might ask. Though technically, it is not as complex as Petna or Cerber malware, its consequences might be as annoying as those caused by these ransomware-type threats.

Before we discuss the prevention of browser hijackers, let’s take a look at the most common symptoms of this infection:

  • Google redirects to Comcast, Bing, Yahoo and similar websites. Naturally, it might trigger the appearance of pop-up alerts. In any case, such behavior indicates that the browser is plagued by a browser infection.
  • Altered browser and system settings. Typically, this virus changes the default search engine, new tab, and the homepage. It might also append extra extensions.
  • Foisted commercial content in the search results. If Google search engine is changed to some fishy Ask or PlusNetwork tool, you might notice more commercial ads beside the search result.
  • Tracking your online activities. More aggressive versions of browser redirect viruses might not only compile information about your frequently visited websites and search entries, but gather personal details, such as name, email, IP and home addresses, and trade this data with business partners. 

Such phenomena should not be ignored even if excessive advertising does not bother you. This issue has nothing to do with safe browsing and, even if you have a reputable malware elimination tool installed on your computer, remain vigilant while adding a new toolbar or a browser extension.

Google Redirect virus
Google redirect is a browser infection that has many forms of disguise. The easiest way to remove Google redirect virus is to scan the system with updated security software.

Google Redirect virus
Google redirect is a browser infection that has many forms of disguise. The easiest way to remove Google redirect virus is to scan the system with updated security software.

Google redirect scheme becomes more and more popular

Redirecting users to modified versions of Google, injecting ads and collecting victims’ search terms helps companies make money by driving traffic to predetermined sites. Some of the authors of such redirect viruses join hands with online advertisers or specific third parties. By directing users to certain websites, they get a certain share of the profit from web traffic.

As we have already mentioned, some of these sites can be entirely harmless (Yahoo, Bing, Facebook or Comcast), but it does not apply to all of them. Modified search results can contain links pointing straight to deceptive or malicious Internet sites you definitely do not want to enter.

If you notice something suspicious, or if you feel that you can’t trust Google results, check if your system isn’t infected with:

  • browser hijacker
  • adware app
  • other potentially unwanted program
  • malware

Be aware that the matter is extremely dangerous and can compromise your computer by stopping it from functioning normally, locking your files, stealing your credentials or other sensitive data, or even corrupting Windows operating system.

Do not trust apps only because they are on Chrome Web Store

Chrome Web Store as such has been launched in 2010. Since then, millions of Chrome extensions have been downloaded by Chrome users and, luckily, most of them were lucky to download original variants. Unfortunately, in 2015 complaints started spreading about copycat extensions being spread on the Store infecting users with adware and browser hijacking malware that initiates active Google redirect campaigns. 

One of the first cases spotted in 2015[9] on the Chrome Web Store was related to the fake AdBlock Super, AdBlock Plus, and other AdBlock applications. Millions of people installed highly popular AdBlock apps believing that they are genuine. However, these rogue variants not only failed to block intrusive advertising but also led to Google redirect virus promoting prodownnet extension download site. 

In other words, the Chrome Web Store has become a spamming platform due to a lack of control over apps that are being offered. According to researchers, the fake AdBlock apps have been downloaded by millions of people who later on started suffering prodownnet redirects to the following domains:

  • downnetpro.info/adblock-plus/
  • prodownnet.info/adblock-plus/

Although the prodownnet virus is not the most suitable term to describe a website that promotes malware, many people on forums[10] expressed their anger about intrusive browser hijacking and unstoppable Google redirects to the mentioned domains. The fact that the mentioned redirect virus is actively promoting other malware is worse than the redirects in general. 

Once the fake Adblock app is installed, browser’s settings are altered in a way to redirects people to downnetpro.info/adblock-plus/ and prodownnet.info/adblock-plus/, or another malicious website, where they are asked to download more malicious apps. These are the apps being promoted:

  • Adguard
  • GOM Media Player
  • Facebook Video Downloader
  • VLC Media Player
  • Retrica
  • Internet Download Manager
  • Adblock Plus Chrome
  • Adblock Super
  • Adblock Pro
  • Adblock Plus Popup
  • AdBlock
  • AdBlock Plus
  • Zenmate
  • Periscope
  • Scorp
  • Shazam, etc.

Google redirect virus after Adblock install
People report about intrusive Google redirect symptoms after installing prodownnet Adblock on Chrome Web Store

Google redirect virus after Adblock install
People report about intrusive Google redirect symptoms after installing prodownnet Adblock on Chrome Web Store

Moreover, such Google redirects can also lead to a browser hijacking. Upon installation of fake Adblock apps and redirect to prodownnet, Chrome’s start page, search provider, new tab URL, and other settings can be aggressively modified. Despite being annoying, such changes pose the risk of redirects to unwanted or potentially dangerous domains, which is why we strongly recommend being very careful with malware and eliminate it asap. 

It seems that the prodownnet.info domain has been suspended, as well as the apps that promoted it have been taken from the Chrome Web Store. Nevertheless, people keep looking for answers on how do I get rid of a browser hijacker that redirects to downnetpro.info or related sites, so be careful and do not slip on ad-supported rogue adblockers that can diminish your web browsing experience. 

Keep in mind that despite multiple measures that Google’s team takes to protect the Chrome Web Store from malware, hackers seem to be a step forward. In spring 2020, researchers reported 500 Chrome extensions[11] found on the store that have been freely harvesting browsing data and transmitting it to C2 servers. Besides, they’ve also been included in the Google redirect scheme and promoting malware like prodownnet virus. 

Therefore, it’s important to investigate each extension before downloading it from seemingly trustworthy sources. Read the comments section and check the web for the findings of cybersecurity experts. If you see flags about the extension being ma;ware-related, do not install it under any circumstances.

People who noticed suspicious Google redirect symptoms wight after visiting the Chrome Web Store should try to remove prodownnet and related PUPs from the system. The best way to do that is to run an automated scan with SpyHunter 5Combo Cleaner or a similar utility.

Avoid malware using these easy tips

At first glance, it may seem that installing a free application from trusted sources will exclude you from the burden of PUP  and malware. However, few users realize that even recklessly installing the latest update of Skype or Java might lead them to install unwanted elements, such as adware, browser hijackers [12], as well.

What you have to do when installing freeware and shareware is to monitor its installation process carefully. Choose “Custom” or “Advanced” installation method. It discloses optional download options. Remove the checkmarks from irrelevant add-ons and only then click on the “Install” button.

Quite often, users might be mislead by skipping text in fine print during the installation procedure. It usually states the following:

By clicking Next, you agree to the Terms and conditions and Privacy Policy and consent to install [app name] app. Your browser may be restarted

For that reason, it is extremely important to check all the fine print, otherwise you might agree to things you never would,

Google Redirect installation
Users often install Google Redirect virus when not looking at the installation procedure of shareware carefully

Google Redirect installation
Users often install Google Redirect virus when not looking at the installation procedure of shareware carefully

Due to the flexible form, the malware might also function via web scripts. In that case, you might not spot any specific changes in the browser. Luckily, even then, there is a solution. Proceed to Google redirect removal section.

Remove Google redirect virus from your PC

Run an anti-spyware tool to start Google redirect virus removal process. The software will also locate delete the registry keys associated with this threat. After scanning the system, you need to look over detected items and remove them all at once. With a help of anti-spyware program, this can be done in a single mouse click. They instruct how to get rid of unwanted and dubious browser add-ons.

Full browser reset also facilitates the removal process. If you are still bothered by the occasional redirects, change your proxy settings and host file. You can find the instructions specific for your browser on the Web. Now proceed to the below guidelines. Safari users will also find the Google redirect scam removal instructions for their browser.

Though the infection is widely spread and operates already for several users, it might take the liking of users residing in a specific country, for instance, Germany.[13]

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.