Remove Virus Which Redirects to | Redirect Virus Removal tool for Windows

by Rohit Khurana on October 4, 2008



We were reading some of blogs where we get know about the one of the most spreading malware these days via Internet called the redirects virus which redirects the user browser while browsing to some fake sites containing adsense ads. mainly redirects the google search results to corrupt adsense web sites and also stops user from downloading files from the Internet. When user clicks on download links displays the following fake errors is browser hijacker tool which infects firefox and Internet explorer and redirects the user to the following sites


Let’s see the symptoms of this virus and how can we remove on Windows Vista and Windows XP.

Fix: also disables the running firewalls and anti-virus softwares, records and send the urls visited to the hacker.


Most common symptoms of browser hijacker


  • It corrupt Registry files and "Blue Screen of Death"
  • It changes the desktop background
  • IE and Firefox slows down after getting infected by virus
  • Also infects e-mail attachments, messenger and other freeware programs

There are two tools available on the Internet which can remove virus from Windows XP and Windows Vista

Note: Both of these tools are Shareware programs classified as spyware and antivirus tools which lets you remove the virus completely free of cost, so you can use them in their trail version time period.



[ Download virus removal tool for windows XP | Download tool for Windows Vista ]


For Those who are not able to remove virus by above mentioned tools can try Malwarebytes’ Anti-Malware (MBA-M)

We have received a comment on this post which will again help you remove redirect virus given below

Last Method to Remove virus

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

Right click on it, and select “Disable”

Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

In simple terms, TDSSserv.sys is a service/server redirecting all software updates to (your own computer) so they won’t update

Thanks Bomp for this useful comment

See also our articles on Virus Removal

If still none of the above methods worked to remove the virus on your computer then you can try Trojan Remover which can finally delete this virus on your computer  ( as suggested by some of the readers )

Updated on 12 Jan 2010:

Another Method To Fix redirect problem:

There is Malware Removal tool called Combofix which can fix this virus if the above methods are not working for you. Beware that its a DOS based tool and do not interrupt the tool while it is running as it may cause problems with registry entries. Be sure that you are not running any softwares while running scan using Combofix.

[Download Combofix Malware Removal Tool]

If you like this article or this article helped you, you can +1 to recommend this article on google plus.

You can follow us on Twitter or join our Facebook Fan Page. If you have a question to ask us, submit your question at Answers By Trouble Fixers.

Looking for something else? Search here :

{ 229 comments… read them below or add one }

zejkio October 6, 2008 at 8:34 am

MALWAREbytes anti-malware solved it 4 me

capricious November 9, 2008 at 12:08 pm

MALWAREbytes anti-malware solved it for me too, until I rebooted again…. then the shit came right back. Ugh. This is coupled with VUNDO which is *THE* worst malware EVER. I cannot get rid of this and think I’m going to have to resort to just formatting. I hope this program works.

Palmera November 11, 2008 at 5:09 pm

I can’t Launch any anti virus softwares, I think the virus blocked it. Malwarebytes’ Anti-Malware and XoftSpySE doesn’t launch. please help

Rob November 12, 2008 at 9:06 am

I can’t launch Malwarebytes either like Palmera said.

Any help? It says it’s running in Task Manager -> Processes, but it won’t show on screen.


Peter November 13, 2008 at 8:49 am

XP Removal tool gets stuck during installation. Well, no help here.. :(

Peter November 13, 2008 at 8:50 am

Google Spyware Doctor found some issues but not all.

Peter November 13, 2008 at 8:52 am

Installation finely completed but the tool won’t run.

Peter November 13, 2008 at 8:56 am

Malwarebytes’ Anti-Malware is recommended but it won’t start either. This virus is very smart. It blocks certain URLs, redirect Google results, and prevents certain programs from running.

abhishek November 13, 2008 at 12:11 pm

@Peter, @Rob, @Palmera,
Hi, guys – The post has been updated with a link to another tool to remove the virus

abby November 13, 2008 at 4:24 pm

I have both on my computer and cant run either….help :(

jclayart November 13, 2008 at 8:43 pm

Hey all, I have this same virus, stupid thing is sooooo tricky!!!! Won’t let me run the programs you listed, Malwarebytes program won’t install and the removal program (XoftSpySE) will install but won’t run, I’ve tried everything!!!! Pleasssssseeeee help, this is getting to be sooo frusterating.

Also certain websites won’t even load, like trendmicro’s housecall, and (tried on my GFs computer and it works fine, not on mine though).

Also my programs won’t update, antivirus won’t, spyware won’t, its like this thing is one step ahead of me!!!

Please help!!!!!

Abby November 14, 2008 at 12:40 am

Exactly the same as me so any help would be grately appreciated.

I have tried to copy to CD Malware bytes from my desktop to run on the laptop but it fails and wont copy so i cant even do that now!!

Im at the end of my tether :(

OkieMomma November 14, 2008 at 10:11 am

Has anyone come up with a solution? I can’t get MBA-M or Xoft to run…

jclayart November 14, 2008 at 10:44 am

I’ve searched the web up and down for the past 2 days with no avail. Tried everything imaginable just can’t figure it out.

Curse this wretched virus! Someone knew what they were doing when they made this sucker!

OkieMomma November 14, 2008 at 10:55 am

No joke!! Whatever you do, don’t download Cyber Defender. It ran a scan, but in order to go any further I would have to have subscribed ($20 or so), but it messed up my toolbars and search bars…It got ugly, but uninstalling it from my control panel fixed it. Have you tried the STOPZilla?

The Guru November 14, 2008 at 7:31 pm

I’m in the same boat guys. I’ve tried running the following programs in safe mode and regular mode:

AVG – can’t update definitions, blocked by this virus
McAfee – same, can’t update DAT files
Ad-aware – nothing found
Spybot Search + Destroy – can’t update, download includes via other PC, applied them manually, no threats found
Hitman Pro 3 – found and fixed 1 threat, but did not solve problem
Hijack This! – exe won’t run
Super Anti Spyware – exe crashes when run

I’ve spent hours on this – freakin spammers and hackers deserve to burn in the fires of hell.

Anyone else have luck purging this thing??


F22AbIrD November 15, 2008 at 3:01 pm

Same problem happening to me. Can’t search bleepingcomputer or techguy forums as redirects. Can’t access either.

I’ve run SmitFraudFix & Combofix both in Safe Mode and rebooted with no luck. Seems like it went away but a day later here I am again and Malwarebytes won’t run for me either.

Best of luck to everyone


Dan K November 15, 2008 at 3:17 pm

I spent a good 10 hours on this over the course of a week. Trojan Remover finally worked. It found a backdoor file with TDSS in the name. It stopped the file upon restart and it solved the problem. That is one tough virus.

Mark November 15, 2008 at 6:49 pm

After manually updating and running SpyBot S&D, it found it (i think..) It referred to “Microsoft.Windows.RedirectedHosts” which sounds exactly like what we’re after. It found 2 entries then my screen suddenly went black. Are the files smart? Did they know they were found and triggered this? I don’t know, but i force shut down in case something bad was happening. Now trying SpyBot in safe mode. still scanning…

It found them again, 4 entries this time. Screen went black again even though I’m in safe mode. Grr. I’m gonna just wait and see what happens. This sucks.

Mark November 15, 2008 at 6:50 pm

Oh man, I’m such an idiot, hahaha. I’m so paranoid about this bug that I freaked out over the SCREEN SAVER starting, haha.. Yeah, the files don’t turn the screen black, i’m just a retard.

Bil November 16, 2008 at 12:19 am

Browser redirects to

Symptoms: Slow internet search, text fonts in Google are bigger than normal, redirected to and then on to advertisements after clicking on links on Google page, unable to download any anti-spyware downloads, unable to download Microsoft’s malware program (says page is unavailable), unable to go to many trouble-shooting help forums and download pages (says pages are unavailable or that there is no internet connection), Malwarebytes and other malware programs will not run (they freeze up during the install)

After fighting with this for 2 days, I finally found the following solution posted (worked on 11/16/08):

Go to for free (you will have to do this on another computer, because the malware will not let you do it on the infected computer), download the program on a jump drive, and then run on the infected computer.

It worked for me, my computer is back to normal (after cureit deleted a tdssxxom file in Windows/System32/drivers)!!!

To whomever posted the solution originally, thank you!!!!

Bomp November 16, 2008 at 5:13 am

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

Right click on it, and select “Disable”

Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

In simple terms, TDSSserv.sys is a service/server redirecting all software updates to (your own computer) so they won’t update.

Keith November 16, 2008 at 10:30 am

To get the programs to run, just rename the exe file…the virus is preventing them to run. Just rename Malwarebytes and it will run.

mike November 17, 2008 at 3:19 pm

awesome from BOMP!
i think i will get it corrected now

Chey November 17, 2008 at 11:00 am

Keith’s right. I just renamed the .exe file, and it was no longer blocked.

By far the easiest and simplest option.

Jesus November 17, 2008 at 8:38 pm

Thank you Bomb…you saved me there. I did everything except your instructions and after everything just clicked. Awesome…..

Neil November 18, 2008 at 3:17 pm

Bomp – Thanks so much

Alan November 18, 2008 at 7:01 pm

Dear Mr. Bomp:

You are awesome!!!! Thank you! Thank you! Thank you! Many hours and attempts with many virus or rootkit fixes did nothing. But you, you did it, man. Did I say thanks? Thanks!!!!

EG November 19, 2008 at 8:18 am

WOW, THANK YOU!! Keith’s suggestion did the trick for me in renaming the Malwarebytes setup file so that it would actually install. I couldn’t install any anti-virus program because this thing recognized all of them until I tried the rename. I did manage to get rid of the Antivirus2008 malware popup with the free program Avira Antivirus which for some reason loaded while being infected. Malwarebytes did the rest and everything seems back to normal.

Dominic Desbiens November 19, 2008 at 6:01 pm

You are a God !!!

I spent some 2 hours to try to clean the computer of a friend. Malwarebytes that i use to remove spywares on all computers can’t open. Same thing for other popular anti spywares.

I tried the last solution (disable TDSSserv.sys) and it worked. I was able to update again Malwarebytes and run it. It found the virus and removed them.

Many many thanks

All Hail Bomp November 20, 2008 at 8:22 am

Thanks bro, you just made my day – this worked perfectly. After losing a hard drive on my laptop and getting my gf’s laptop infected with this virus in the last 3 days, I was about to lose my mind and spend $300 to take the machine to Geek Squad. The system had to recover from a serious error and it scared the crap out of me. I even had to dig out my 5 year old Compaq PC just to get internet access.

Thank you, thank you, thank you, thank you.

Everyone should kiss this mofo’s feet.

YNH November 20, 2008 at 3:41 pm

Bomp i realy want to thank you for your post, also I want to thank Rohit for making this thread, without you guys I still would have had this virus on my laptop.
Thank so much =D

hckyplyr10 November 20, 2008 at 9:48 pm

What a pain!!! After seeing that someone else had success with Trojan Remover, I gave it a try and VOILA it was gone. Thank you so much for the help!

JohnB November 21, 2008 at 7:16 am

I made a post, just to thank you. :D

frankiefourfingers November 21, 2008 at 11:12 am

Thankyou Bomp.

Bomp November 22, 2008 at 7:34 am

Thanks for the comments, I’m glad that I could help others to solve it, as I know what a pain it was. It took me 2 days to figure it out, as I was monitoring my HOSTS file mostly, and I thought there was a Trojan editing my HOSTS file on the fly, or some kind of Stay Resident In Ram application being linked to and bypassing the HOSTS file altogether. Got there in the end though.



paul November 22, 2008 at 8:46 am

Bomp, you saved my arse. Much appreciated.

heath November 22, 2008 at 12:32 pm

after dealing with several malware infections before, this one is proving to be quite a problem. Typically MBAM run through SafeMode catches everything, but this particular one seems to be more troublesome. I can remove everything MBAM finds, which is usually just 2 registry entries of the form tdss* but then when i reboot it comes back.I already figured out to just rename the mbam.exe file to get it to run, but that didn’t seem to solve everything…
found the device manager -> hidden devices suggestion , and that allowed me to skip the rename step. but when i reboot and scan again then try to go back into normal windows mode, it comes back. at what point can i delete the tdssserv.sys hidden device?
do i actually need to run a combofix or sdfix. i have no other spyware/malware infections other than this redirect thing…which i may be incorrectly assuming is linked to the tdss trojan?
in summary, i can make everything work fine in safe mode, but somehow it gets reinstalled when i get back to normal windows mode…

malevu November 23, 2008 at 5:00 am

Thanks Bomp you’re a legend. Saved me hours of headache and head scratching. Much appreciated.

Lucid November 23, 2008 at 4:39 pm

Thank you very much, been struggling all day..
It wouldnt open this page either, but over “google translate” or “Cached” link i was able to open it.
Saved me! Nice one Bomp and this is the only page that helped me.

Melo November 24, 2008 at 4:29 pm

Thanks a million Bomp!
I got rid of it, now struggling with karna.dat…:(

ian November 25, 2008 at 11:33 am

a wanna thank you for this information – yes ave been stuck with this issue as well for a couple days – my mind has been twisted over this

Marcus November 27, 2008 at 7:50 am

THANK-YOU soooo much was the device manager solution…disabled the hidden plug and play device TDSSserv.sys and rebooted. you saved me from a reinstall this worm frustrated me for atleast 8hours. damn clever what they did…. after the reboot guess what Mcafee jumps on it and deletes the files when they try to run again, why didnt it catch it in the first place “it musta been sleeping” lol

thanks again for the help!!!

Christian November 27, 2008 at 11:11 am

B O M P – - T H A N K Y O U ! ! ! !

Thank you a million times over, sir. I nearly lost my mind with this violation of my laptop! I followed your instructions to disable the TDSSserve.sys in Device Manager, renamed the Malwarebytes exe and ran the program.

I would like to follow up on Heath’s request –

“at what point can i delete the tdssserv.sys hidden device?”

oh, yeah….

and how?


Bomp November 29, 2008 at 5:06 pm

I used comboFix.exe to get rid of TDSSserve.sys, before I even updated my AVG Anti-Virus so I don’t know if AVG will catch it. ComboFix.exe also found av.dat.

But after I updated AVG, it found:

TDSSrigp.dll – c:\windows\system32\
TDSScfum.dll – c:\windows\system32\
TDSSnrsr.dll – c:\windows\system32\
TDSSofxh.dll – c:\windows\system32\
TDSSpaxt.sys – c:\windows\system32\Drivers\

After clearing those files out, I used CCleaner to get rid of all IE7 & Firefox temp files, then RegCure to clean up the registry.

You may be able to just delete TDSSserve.sys, once it has been disabled.

Another program I use is “Process Viewer” which I find handy for killing hidden processes, so if any of the above dll’s are active then prcview.exe can kill them.

Get Process Viewer here

Bomp Rules November 29, 2008 at 8:10 pm

Dude, you rock. A million thanks. For two days I’ve been fighting this stupid thing on a friend’s computer. With all the worthless slime out there thinking up ways to screw up people’s computers, thank God there’s people like you figuring out ways to fix ‘em.

Thanks again.

Oh yeah, you’re a lot smarter than I am. :)

Allison November 29, 2008 at 9:39 pm

Thank you so much Bomp!! I’m sure that you get tired of hearing this, but you are an absolute genius!! Rock On

Nora November 30, 2008 at 2:46 pm

I disabled the TDSServ.sys and it worked like a charm! I was able to update my AVG where before I couldn’t even load the site.

A million thanks!

Kris November 30, 2008 at 3:49 pm

Had the same problem after letting a friend “check his email” on my computer. I’m guessing the got this from opening an attachment in gmail and/or clicking on/going to an adult website. Said friend is now banished from “checking his email” on my computer. I’m not even sure I’m going to let him back into my apartment.

Ran Dr. Web’s Cure It as referenced above, found a file named “BackDoor.Tdss.29″ in C:\windows\system32\drivers, deleted it, problem solved.

This was also flat-out killing Google’s “chrome” browser’s ability to connect to any websites.

Thanks all for the helpful hints.

Bad Horsie December 1, 2008 at 4:36 am

Thanks! Bomp’s trick worked. I updated and was able to download another malware checker, and took care of the problem. Just as you said. TDSS is the problem file. It gets into registery and replicates and … well it’s nasty. Thank you for helping me get rid of it, and it was easy too!

Yeti December 2, 2008 at 10:30 am

Bomp – As many before have stated – thanks!
I deal with this crap at work all the time and I was stumped beyond belief as to why it wouldn’t allow Smitfraud.exe and the rest to run.

Disabling that hidden device worked and I am now kickin it.
Thanks a million and I am filing this fix away for future needs.

Now all we need is for someone to track these a$$holes down who make this crap.

K says "YES!!!" December 2, 2008 at 12:45 pm

Did you ever know that you’re my hero????

Thank you so much!!!!!

Aaron December 3, 2008 at 8:16 am

You are a legend Bomp.

Thanks for your time.

Chuck December 3, 2008 at 11:32 pm

After disabling the file in device manager, i was able to find the file in the folder listed below and remove it.
this seems to take the file out of the computer completely out of device manager instead of leaving it there disabled.


Props to the guy that made this thing, one of the best hidden virus’s yet. and thanks to the person that found it and told us here :)

Good luck all.


Mike December 3, 2008 at 7:30 pm

BOMP, you da man!!!
your thing worked like a charm for me.
Many Thanks!

Pat December 4, 2008 at 8:11 am

My hat’s off to everyone on this forum. Thanks for sharing solutions, this list helped me rid myself of this bug in only a few hours. Thanks again.

Richard December 7, 2008 at 3:34 am

Thank you all you guys for help – especial to “Bomp rules” who provided the solution for me, at least. Many, many thanks

Dave December 7, 2008 at 4:59 pm

Hey guys, I got this virus however there is no TDSS or hidden devices starting with T that I can disable. Maybe the virus has changed now?

dan December 9, 2008 at 1:04 pm

Thanks a million for the tips given. Did as advised and got rid of this nasty virus. Happy to note that there are still good souls in this world.

I am just amazed at the devious mind of the person who wrote the code . .

John December 9, 2008 at 3:55 pm

I am also not finding any TDSS files.. Please Help.. google redirects to pages full of ads, can’t update my windows, ect..

DaveKOregon December 9, 2008 at 10:51 pm

This thread worked for me. Thanks to BOMP and the rest. I disabled the “hidden device”, rebooted, ran malwarebytes (updating its detection first) which detected a BUNCH of infected files, rebooted, and am now running a full scan.

How come we never hear about the bad guys getting caught?!

Thanks for all your help.


leslie December 10, 2008 at 12:24 am

Hey Dave, I had the same problem as you, I could not find the TDSS file, but I was able to download the MALWAREbytes anti-malware and it found like 11 trojans on my computer after I did a full scan and it removed them all. The full scan took about 3 hours for me because I have alot of files on my computer, but it was so worth it and my google works now. Hope that helped ya out there buddy :)

jen December 10, 2008 at 8:17 am

Thanks BOMP and to my Wii`s Internet browser for letting me find this, since my PC wouldn`t.

lucas December 11, 2008 at 5:35 pm

dave, i also couldn’t find the TDSS device at first. but i restarted my computer (because of windows updates) and got a blue screen of death, so i rebooted into safe mode, and there it was. i’m running XoftSpySE right now, and it seems to be finding the trojan.

Greg December 11, 2008 at 9:31 pm

Thank you for the help!

I went straight to the device manager and Disabled the device you list above. After a restart, the computer works fine, I am currently scanning with Anti-Malware. Thanks again!

Ronel December 12, 2008 at 8:54 am

Please do not forget to check the HOST file in C:\WINDOWS\system32\drivers\etc\hosts

The virus adds all the redirects in that file, simply remove them all and add the normal entry:

For me, after cleaning everything the stuff was still there until a collegue asked to check the hosts file and BINGO!!

Matt December 13, 2008 at 11:15 am

Thanks Bomp! Just got infected and your solution worked perfectly. ALL HAIL BOMP!

schmoe December 13, 2008 at 8:44 pm

Bomp, you rock.

Having I’ve run malwarebyte, I see that the tdss server is still present in the system window, although it is now marked with a yellow “!”.

Should I uninstall it?

Bakemaster December 17, 2008 at 6:50 am

If you’re having trouble running Malwarebytes, browse to the install directory (C:\Program Files\Malwarebytes’ Anti-Malware) and rename the mbam.exe file to something like mbam1.exe or mbam_.exe, this will allow it to run. It still won’t update. Be sure to change the filename back to mbam.exe before rebooting to fix any problems or the program will not be able to find itself again on startup.

:(confused:( December 18, 2008 at 12:55 am

wondering if u have to pay for any of the virus protectors/removers or is there a simple way that i could use?

theduck December 19, 2008 at 6:47 pm

“…Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers…..” Worked for me; After rebooting AVG came right up with an update and worked great;


Ryan December 19, 2008 at 5:30 pm

Hey guys you have to read through everything in order for your programs to run to remove this malware you will need to disable that rootkit in the Device Manager!

Van December 21, 2008 at 2:27 pm

You the man Bomp!!!

Thanks a Million… It did worked for me. I was strugged with this for two days…

Keep up your good work.


David December 21, 2008 at 7:34 pm

Thanks for the help, Bomp!

Philipp December 22, 2008 at 5:06 am

Thank you – tried absolute everything and nothing worked. Your solution (disable TD….) fixed it in 5 seconds!!

TRunn December 22, 2008 at 7:33 am

Thank you soooooooooooooooooooo much for this solution. My internet is working great now. I had the most difficult time fixing this, and now, all gone. Again, thank you.

Jman December 23, 2008 at 3:17 am

Thanks for this website. I have spent days agonising about ow to fix the problem. I couldn’t download patches from Microsoft, couldn’t download the Google Chrome couldn’t download the malware program.

Must disable that TDSSserv.sys thing.

SF Bay Area December 24, 2008 at 2:34 am

Thanks to this website, thread, and especially BOMP for posting this solution online. I’ve spent the past week trying everything to fix this issue.

If only people like Bomp could find a way to reverse track all the people who write the malicious codes, viruses, and spyware and give them a taste of their own medicine.

I don’t know how I got this ‘redirect’ code in my computer, but it seemed to happen right after I downloaded AVAST from CNET. I’m not saying that it was the reason, but it suspiciously happened around the same time.


Halla December 26, 2008 at 8:13 pm

stupid question…but where is the disable option???? I right click on TDSSserv.sys and it says uninstall, scan for hardware changes, and properties? Where’s disable?

Tommy December 28, 2008 at 11:56 am

Hey this sounds like the same problem but there is no TDSSserv.sys option in the device manager. The actual problem is that whenever i open firefox (my homepage is the default google homepage) it comes up as corrupted text with links to a microsoft site which doesnt look very legitimate. This happens in IE as well and it seems like only certain sites are ‘infected’, so far i have found google,yahoo,youtube,facebook which come up with the same problem. Other sites work but it is always the same thing with those specific ones. Does anyone have any idea what this could be or any solution? thanks, Tom

Aggrivated December 29, 2008 at 5:15 pm

i am having the this problem with google and yahoo search, but there is no TDSSserv.sys there. Is there another way?

Bobby December 30, 2008 at 6:14 pm

Bomp you rock, this one kicked my tail all day (felt sorry for those that have fought it longer). Disabled the tdss and loaded Malwarebytes – found them all…all is well now.
Thank you so much for your insight!

Matt January 1, 2009 at 12:23 pm

Hi All,
And thanks for the soultion , will try this one later and let you know if it worked , but it looks promising!
So i need to understand something here….
The file in question is TDSSserv.sys , correct?

Has anyone actually looked at this file , does it yield anything in there , or does anyone have an idea what languages this virus is written in?

Maybe examining the file , in some sort of dev studio , or notepad (yeah right!!) might give us some clues…..

Any ideas anyone?


cmjg January 2, 2009 at 1:33 pm


Do I need to do anything with that file (TDSS) now that I have removed the virus?

Dave January 4, 2009 at 11:26 am

Hey Bomp – how did you figure out that it was TDDS? I was pulling my hair out, thinking it was the hosts file. Had I not found your post, I would still be going nuts. How did you diagnose the problem?

roro80 January 4, 2009 at 6:23 pm

Finally I came across a solution! THANKS SO MUCH. Disabling the TDSSserve.sys fixed it. I would never in a million years thought of checking there. Man those hackers!!!!!! I can’t believe they thought of redirecting the virus update like that.

I had tried increasing security and privacy and blocking all cookies, and removing all the crap I found in the IE Temp folder but it just kept coming back and then messed up my desktop.

UNLIKE ALL OF U OUT THERE, I discovered that I could read all the searched websites by clicking on the CACHED pages. Those didn’t ever get redirected.

I CANT BELIEVE GOOGLE is sitting back on this one!

Darryl January 4, 2009 at 10:15 pm

I had this virus in my computer and it was driving me crazy trying to remove it. Your information helped me so much. Thank you very much for sharing this information.

wardair January 6, 2009 at 3:19 pm

thanks Bomp

was struggling with my computer going to did the procedure as you stated update malwarebytes and fixed the problem

thanks again

King Cricket January 8, 2009 at 2:12 pm

Thanks for your help. Your lesson are good, you should apply for a job at a Anti-Virus/Malware/Spyware company. I would recommend

froh January 9, 2009 at 10:14 am

I could kiss you!

runeAletheia January 9, 2009 at 3:34 pm

Thanks to Bomp! I was able to get a work-around so I could download malwarebytes, but then I couldn’t install it nor could I run spybot to just reset to a previous reg save; once I disabled TDSSserv.sys it was no longer a problem. So long redirect! :)

Electro--Girl January 9, 2009 at 4:04 pm

Bomp… You’re a God…. hehe…. My boyfriend has been sat at his laptop for hours trying to fix this…. he’s trawled the net… well that was before the net went awol on him…. he’s tried every suggestion going… to no avail…. Then I stumbled onto this site by sheer luck… and thanks to you I was able to suggest ‘your cure’…. Its not often I get to out geek by boyfriend so I’m totally basking in the glory…. Yay!… Go me… and *erm* you of course… The milkybars are on me!!!

Mark from Massachusetts January 10, 2009 at 5:19 pm

I can’t thank you enough for posting this fix, I’ve tried for days to fix this and this was the ONLY thing that finally worked. As soon as I followed the disable portion:

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

Right click on it, and select “Disable”

Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this….!

Thanks once again for your help, you are now in my favorites!!!

Vapors January 10, 2009 at 11:21 pm

Thanks for this forum! I was getting frustrated with this virus. I used Spybot and that didn’t locate it, I have Norton Securities and anti Virus and that didn’t locate it. I didn’t have the TDSSserv.sys. in the Non plug and play. I tried other software Malwareremoval.Bot (I thought it was Malawarebytes Anti-malware but it was something different that found a few virus’s that Spybot didn’t find. Finally I came across this post and saw Bomps message and then downloaded the correct malawarbytes AND IT WORKED LIKE A CHARM!! My system is back to normal now! I was on this computer for several hours trying to figure this virus out!

Thanks again!

Adam January 13, 2009 at 7:27 am

Hey, I’ve been trying to figure out where this virus came from or what the hell we can do to get out a fix for it… I only use firefox and have no clue how I got it. Also, the most recent version for me gave me the blue screen of death at one point, refused to let my computer boot (froze it), and wouldn’t let me run combofix or HJT off the desktop. Anyone have a clue how this gets downloaded onto your system? I don’t think I’ve had any recent downloads except from safe (trusted) sites…

Adam January 13, 2009 at 8:49 am

Oh, as a sidebar, I got the virus this last weekend somehow (like the 10th/11th, not sure) and recently fixed it using the “disable TDSS” method from the device tab, then running combofix, HJT, and spybot S&D

Ghostman January 13, 2009 at 9:33 pm

FINALLY!!!! / jump virus GONE!!!

Thanks to all on this thread; I tried a number of things…
Found that I could NOT disable “TDSSserv.sys” as that option just was not there…
Tried ParetoLogic – 4hrs to scan and then says I had to spend 40 bucks to clean up – waste ‘o time!!

I downloaded (off another PC, and placed on a net-drive accessable by the duff one)…

It installed OK, but would not run…so RENAMED it “CF.exe” and ran that like a charm…all gone…took 30mins in total…

Here’s a detailed link of how it all works…

Happy fixing fellow N3rds!!

tbear January 17, 2009 at 9:00 pm

THANK YOU!!!!!!!!!!!!!!

simi January 21, 2009 at 1:22 am

hey bomp

ur post helped me to diable and temporarily stop tdssserv.sys i have installed malwarebytes and hijackthis softwares and done the scan but i m not able to kill tdssserv.sys forever it still remains in the same place with an exclamation mark in yellow circle ,what does this mean , i m not able to figure out wat to do now ??

tim January 22, 2009 at 4:25 am

Bomp – you saved me. I wrestled with this for hours and thne I found this post. I followed the disable tdsserv.sys instructions and then ran malware and bye bye virus. I have the same question, however, as many others on this thread: when is it safe to enable TDSSserv.sys again?

many thanks.

wheatthins January 21, 2009 at 3:54 pm

There is no TDSSserv file in the device manager- even when i click “show hidden files” any suggestion?

Ross Warren January 22, 2009 at 4:34 am

Thankyou I am working on a machine that had this issue plus antivirus2009 and antispyware2008. Nothing I installed would work becuse it stops any kind of update. This has been one of the worse infections I have seen, as it seems this hijack also redirects the machine to further attacks.I was almost at my wits end. As they say you learn something everyday.

Thankyou again.

Dan January 24, 2009 at 3:55 am

Excellent article. Solved my problem.
What sort of sick people write this stuff.


Bomp January 24, 2009 at 5:12 pm

For those wanting to know what to do with TDSSserv.sys once it has been disabled, I can only suggest that you delete it, (Don’t re-enable it) it’s a trojan.

Go to > start > Search, and type TDSS, and press the
“Search Now” button, to find all the files with the TDSS name. Windows will then give you a list of where the files reside, so it’s just a simple matter of going to the address of those files with Windows Explorer and deleting them. (Empty it out of your recycle bin too) Be aware that the TDSSserv.sys trojan agent now has a multitude of names, so it could be anything TDSS****.***

For those that have the greyed out “Disable” selection on Device Manager, I can only suggest that you enable the viewing of hidden files and such.

Go to > Start > My Computer > Tools > Folder Options.
Select the “View” tab, then:
Click on the “Show hidden files and folders” button.
Uncheck the “Hide extensions for known file types” box.
Uncheck the “Hide protected operating system files (Recommended)” box, and select
“Yes” at the warning prompt, then “Apply” then “OK”

You might also need to click the icons
“Show/Hide Console Tree” and “Show/Hide Action Pane”
twice on each one just to get windows to refresh things, then select;
Action > Scan for hardware changes, or select the icon of the PC with the magnifying glass.

For those with Vista, I can’t help at all, I installed Vista and put up with it for a few months, hated it, then put XP back on my PC, sorry. But if anyone with Vista has disabled the TDDS trojan, update this thread for other people too. Hope that helps.


Oh yea, good man Rohit, for starting this thread.

Heartmadeforyou January 26, 2009 at 8:09 am

THANK YOU! I am so appreciative of your posts, Bomp. I gave my daughter a laptop for Christmas and this is the second security issue she has had since then. I don’t mind being her teck support, but geez… the hackers are waaayyy smarter than I am.

Want a discount on a t-shirt quilt as a thank you, Bomp? It’s yours for the asking as a thank you!

Harlanb January 25, 2009 at 8:39 pm

You would not beleive how long it took to find someplace that knew how to fix this problem. I found so many web sites that said to run this program or that program. I am sure the programs work good to fix the virus, but I could never run the prograj. I feel silly not thinking of changing the name of the program. Koodos to Bomp who explained how this virus works. You guys are AWESOME!!!!

Angela January 29, 2009 at 4:49 pm

BOMP!! I love you!! Thank you!!!!!!

Sohaib January 30, 2009 at 8:26 am

windows update redirects to google
avg wont update
cant find tdss
what to do?

mike January 31, 2009 at 4:11 am

i followed the advice given at the end of the fix, the manula advice, but when i finally got to the unplug section i was unable to find the tdssserv.sys file. it does not seem to exist on my computer.
any advice ?


Grumpy January 31, 2009 at 12:47 pm

Bomp … great tip … worked fine … you’re a good man.

On behalf of UK users I am pleased to confirm you are now Sir Bomp..

punny January 31, 2009 at 8:53 pm




SFBeagler February 1, 2009 at 9:10 am

I can’t thank Rohit and Bomp enough for their help with this! I had the same “redirect problems” and could not find a solution. After an hour on the phone with DELL tech support (and being asked “do you really use a search engine that often?”) I was told to call Dell software support and pay for help. Luckily I was able to find this solution via a search engine on a San Francisco newspaper web site and the last method was the solution. THANK YOU!

VGonthelake February 2, 2009 at 7:10 am

Thank you very much for this post. After nearly 30 straight hours of frustration trying everything I could find, and weeding through dozens of “try downloading this…” suggestions (hello, I can’t download!!), I thought my head would explode. This allowed me to update all my new AV sofware and run to finish cleaning up. (BTW, dumped Kaspersky and got my money back since it won’t play nice with Spybot S&D – I’m convinced I wouldn’t have been in this mess if I’d been able to run Spybot the last three weeks.) THANKS AGAIN!!

keiran February 5, 2009 at 5:31 am

aye thanks keith like renaming the prog exe worked like cheers!

Shaun February 6, 2009 at 5:51 pm

Thanks to ROHIT for first publishing the solution and thanks to BOMP for Ctrl-C – Shift – Ins the solution from ROHIT in your post….

Give credit where its do…


Jon February 7, 2009 at 8:29 am

I have had a similar problem, IE redirects to google when trying to go to windows update, none of my spy or malware programs will update, they will run but not update. Nothing found with MBAM or superantispyware. Mcafee AOL version will not update, on the advice of AOL I uninstalled Mcafee and tried to reinstall to no avail either it locks up and says to try and reinstall if using AOL browser or webpage not found using IE.

No TDSSserv.sys found anywhere

Here is my fix for this.

Download and run Combofix.exe
Now you can update MBAB and run it
Download MCPR.exe the Mcafee consumer products removal tool
run this to remove all traces of Mcafee products.
Now everything works fine all updates can be done Mcafee reinstalled and no more google redirects.

I have no idea why this worked for me but it did!!!!

CheapThrills February 8, 2009 at 9:24 am

Eureka! It worked. No more redirect! I love it. Sign me up.

paulc February 8, 2009 at 3:40 pm

you guys that can’t find TDSS while trying manual removal, make sure you show hidden devices.

Bomp February 10, 2009 at 6:46 am

Rohit gives credit for the comment, it’s in bold text, below the fix. And I’d use Ctrl+v to paste, it’s quicker as it’s the next key over from c.

bker February 16, 2009 at 6:58 pm

Many thanks! I had no luck with this for weeks until finding this page. I did so by Googling “”. I scoured my machine but never thought to check in “non-plug and play drivers”.

Matthew February 22, 2009 at 2:52 pm

HELP ME !!!!

I fount this: TDSSserv.sys manualy and I set it on deactivate… I was able to run Malwarebytes and the virus was gone.. I only had a small virus in google with an IP adres

Now The Virus is BACK !!! with 2 spyware scanners instead of 1.. ANTI SPYWARE 2009 and a fake Windows virus scanner..

I can not run or install anything… Google does not work.. Internet falls out after 5 minutes… System Recovery doesnt work anymore.

And I am not experienced enough to use a Hijach or Combofix.

When the Virus came back it still was deactivated so I deleted it in the hope it would come back and I hoped to do the same trick.. No way.. It still is gone.. and I have no idea what to do..

Please help …

Geoff February 22, 2009 at 10:48 am

I did exactly what Bomp said, and there is no file in the list called “TDSS”.

I’m not sure what to do :(

I’m guessing over time, the virus mutated and got more difficult to get rid of?

Can someone please help me?

amos March 8, 2009 at 5:08 pm

malwarebytes anti-malware solves the problem for sure but the scan takes a long-long time so u have to be patient

minds March 9, 2009 at 5:24 pm

cannot find tdss in non plug and play I did click show hidden devices tried search for tdss nothing comes up
I Know its there somewhere but cant find it? maybe under different name now? Any ideas

minds March 9, 2009 at 8:17 pm

I ran malwarebytes anti-malware and it took care of it!

Pixel March 16, 2009 at 2:30 am

I tried it and I can’t find the TDSS thing and malbytes won’t update :<

Scott March 24, 2009 at 1:18 pm

Ditto. Not under that name anymore. Any new suggestions?

Jess March 25, 2009 at 3:45 pm

Same here — no TDSS file found (show hidden files WAS checked) and I can’t get ComboFix to run no matter what I do. I’ve tried 5 different anti-spyware programs and they find nothing. Does anyone have a solution?? This virus has obviously evolved something wicked …

Ed March 30, 2009 at 5:18 am

I don’t know if I have the same virus or not. I get redirected to various advertising sites when I click on a Google search result. The name in the seach result seems right, but upon clicking I get sent somewhere else. Malware anti-malware finds the system is clean, as does Spybot S&D, Spyware Doctor and Registry Mechanic. Any thoughts on how to remove this???

Ed March 30, 2009 at 5:21 am

I have also tried CCCleaner as someone else had suggested in the past. Still no luck with that.

Anil A. Desai March 30, 2009 at 8:08 pm

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

No such driver as ” TDSSserv.sys ” !!! Any other way to fix this ??? Thanks … Anil A. Desai

Chris March 31, 2009 at 6:35 pm

Same issue. I clicked to view hidden devices, checked everything and it isn’t there. I also tried renaming the setup files for MBAM and Spybot and niether of them will actually run. I get the prompt asking if I want to run, but it just stops after that…

Also, after a full search, no files were found with TDSS in the name.

It must have evolved, because everything else is exactly as it has been described. Any ideas anyone?

Gaurav April 3, 2009 at 11:01 am

Same issue . I too could not find TDSS anywhere .There was netsik and port135sik in DeviceManager->Hidden Devices.

Diabled them. Restarted the laptop. Ran the MalwareBytes but no help . Still my firfox and IE are getting redirected .

I have run almost e’thing available on web like registry cleaner.Uninstalled the firefox and tried but no help.

I am stuck from two days. Please help ….

frank April 9, 2009 at 8:13 am

I also cant find the TDSS, anyone help

frank April 9, 2009 at 9:29 am

Ran the MalwareBytes and it worked:)
Thanks everyone.

Robzy April 10, 2009 at 2:39 am

Hi all of u guys who can’t find the TDSS file even though u are clearly clicking show hidden devices.

Follow this step by step and your computer will be back to normal.

1. Download malwarebyte (latest version with all the updates) on a good computer.
2. Put it on a flash drive
3. Transfer it to the infected computer
4. Rename the file to setup.exe
5. Run the setup.exe file
6. Rename the directory it’s installing to as Malware and rename the folder as Malware too in the installation setup screen
7. When it gets to the final step of the installation it will seem like it froze….it hasn’t but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.
8. Go into the Malware folder in through Program Files
9. Rename the mamb.exe or what not file to mab.exe and run it.
10. Do a full computer scan
11. It should bring up 10-20 viruses most of which are the source of this problem the TDSS trojan virus.
12. Check all and remove/fix/delete them.
13. Restart your computer and you should be back to normal.

Hope that helps,


peter April 12, 2009 at 6:54 pm

Just went through Robzy suggestions. Was able to load spydoctor from the malware sight on a flash drive and get it to run on the computer. Found 28 infections but then had to pay $30 dollars for a license to remove the found infections. After paying and removing the infections google worked once. The second time the redirection started all over again. What’s up with that?

Scholar April 12, 2009 at 9:54 pm

This is one of the most malicious and dumbfounding viruses ever, but the solution actually isn’t that complicated. Bomp’s solution didn’t work for me because I had a mutated form of the virus and my laptop runs on Vista. I couldn’t launch any anti-spyware programs because as some users have mentioned, the virus prevents them from running. System restore was down, windows kept shutting down, got redirects during online surfing, etc. I had pretty much every problem mentioned above and then some.

All I had to do was start in ‘safe mode with networking’. Then I downloaded Trojan Remover. If your internet pages are being redirected just keep hitting the back button and clicking on the link until you get to the right site—it may take several attempts, but eventually you’ll get there.

Download, install, and launch Trojan Remover. It will do a scan that takes only a minute or two, compared to other utilities that take hours.

It found the problems right away and gave me the option of resetting my drivers. Do that and then TR will automatically tell you it needs to restart your computer. Once it reboots, shut it down and reboot your computer, allowing Windows to start normally. You shouldn’t have any problems after that.

Drama April 15, 2009 at 9:10 pm

I didnt bother with the malware downloads but the Last method worked! After restarting pc, a box popped up saying the virus had been deleted! Thank you so much….

Robert April 22, 2009 at 11:10 am

After MANY hours, the above suggestion worked like a charm (ie. download Trojan Remover in Safe Mode with Networking and run). THANK YOU THANK YOU THANK YOU

Jamie May 27, 2009 at 12:16 am

THANK YOU for this last post from Scholar,
I too had no TDDSS as I had a mutation of the original virus
THANK YOU all who helped me remove this virus after so long

Joey June 6, 2009 at 9:40 pm

I fought this redirection for 14 hours. Tried every suggestion and removal software I could find. Finally landed on this site and saw the Trojan Remover entries. Trojan Remover worked so quickly I found it hard to believe at first. Thank you…!!!

Tom June 8, 2009 at 1:57 pm

THANK YOU ALL! Particularly scholar – you are a gent, and a scholar! This took me days until I found this page. I had tried everything. Installed Norton – this thing stopped it working… two online scans (wouldn’t run), updates, patches, ZoneAlarm (couldn’t start), TrendMicro, SpywareDoctor…none worked. Then found here.

Malwarebytes did a pretty good job, as Robzy said, but didn’t seem to fully fix it. Then followed Scholars ’safe mode with networking’ approach and downloaded Trojan Remover (, followed the instructions and between TR and Norton, it’s fixed! Google and Norton working properly for the first time in 4 days! Fingers crossed!

Thanks All – I owe you a pint, and I’ll give the cretin that wrote this virus the empty glass…


Kevin June 10, 2009 at 6:22 pm

Anti-malware did the trick for me. Thanks so much!!!!!!!!!!

You are an lifesaver <3

RockabillyRob June 16, 2009 at 5:17 am

Trojan remover did the job for me….many thanks.

only problem i had was that even in safe mode this bloody virus wouldnt let me download the prog. luckily for me there is more than 1 computer in the house, so i downloaded on another laptop, stuck it on a memory card and transfered…worked a treat…


James Haynes June 17, 2009 at 8:13 pm

where does this virus come from, specifically?
can some or any of you pinpoint the moment of infection?
if they are via email attachment, then what kind of attachment?
what type of scrip is the virus done with? java? activeX? how did it do what it did?

thanks for the input. shoot me an email if you have details…
jameschaynes1 at hotmail

Ash June 19, 2009 at 8:25 am

One thing. THANK YOU SO MUCH! I used trojan remover and now its gone!! yay!

Morgan June 23, 2009 at 2:49 pm

Thanks!! Trojan Remover success with safe mode and networking!!!!

Derrick Borrer July 1, 2009 at 2:10 am

Here is the easy way to remove go google

Most common symptoms of browser hijacker

• It corrupt Registry files and “Blue Screen of Death”
• It changes the desktop background
• IE and Firefox slows down after getting infected by virus

• Also infects e-mail attachments, messenger and other freeware programs

Method to Remove virus
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

In simple terms, TDSSserv.sys is a service/server redirecting all software updates to (your own computer) so they won’t update

kernelko July 2, 2009 at 5:39 pm

Thanks, many, many thanks. I finally resolved this Trojan issue with Trojan Remover. After restarting induced by T-R,
there was one more TDSSmqlt.sys.vir backed up in system32/drivers, I have deleted it and the problems ended.
About year ago similar virus penetrated thru up to date Kaspersky antivirus program thus preventing updates and internet link to any anti-virus sites. When I’ve send an e-mail to Kaspersky team, they tell me to perform tracing, and provided link with explanation-which is of no use if you cant get to it. After my second e-mail, they respond in the same way. And that time I reinstalled OS. Also, this particular Trojan came when I was browsing sites which have .it as ending.

topyout July 9, 2009 at 7:44 am

trojan remover does remove this virus, i am begining to think this thing was developed by them.

Emily Grace July 14, 2009 at 10:49 am

This completely sucks! I picked up this virus yesterday and have been working feverishly to get rid of it since. I’m no pro, but I’m no moron either, and I’ve done EVERYTHING this posting recommends, and I still have this thing. Running Vista on a new laptop; had Norton 360 running 24/7 and this virus dodged it somehow. I’ve been able to run MalwareBytes after renaming its EXE file (otherwise the virus prevented it from running) and got some files, which I removed, but it didn’t work. I’ve also run TrojanRemover, SpywareDoctor, and HijackThis, all without unusual results and no conclusion. I’ve looked in the non-PnP drivers (yes, I made sure that everything was visible!) and I have no trace of anything with the tag “TDSSS” in my system, anywhere. Nothing I’ve tried has worked, and I’m getting really annoyed. Anyone got any ideas?!?

vlob July 16, 2009 at 8:09 pm

I was a fool and forgot to start in safe mode with networking like scholar said. Instead i just downloaded Trojan Remover into normal mode. TR detected it and asked to reboot, but after rebooting virus “Trojan.Agent” appears again and again.

I’ve scanned and rebooted about 5 times now and it won’t go away. I’ve also tried going to safe mode with networking but windows will not let me!!!!

Help is much needed and appreciated!! SOS!!!

Michael July 17, 2009 at 9:29 pm

This was a particular nasty one.
i fell into the ‘mutated’ category where it doesn’t show up as TDSSS, mbam and spybot will show up on the task manager, but not run.

I downloaded Trojan Remover from a laptop,
restarted in safe mode + networking, installed and ran TR.
Shut downed, restarted, then ran spybot S&D.
After which I restarted again and ran MBAM for a final clean.

Now it seems to be working fine. Fingers crossed.

Sharmi July 17, 2009 at 9:57 pm

So my google gets redirected, i get random music or ads playing in my background, I get this virus called PC security, Trojan horse and some homesecurity 2010. Everything is so slow. I cant even go to most websites.
I took my computer to tech shop and his antivirus would not even run. The tech shop guy siggested he delete everything from my computer just to save it.

My computer is pretty new a lenovo t61 and I have my cpa exam cd installed which is very expensive and I dont have the source cd for the program i cant get that erazed.

Can someone please help! I need my computer for my work and school!

Pamela July 31, 2009 at 4:58 pm

I got this trojan from watching movies online. I don’t have the money to take it to be repaired so my friend let me borrow her laptop so I could find this site. Thank you so much Scholar! The Trojan Remover found it in a few minutes and after two reboots I was able to access my computer out of safe mode and was able to run malwarebytes and mcafee. You have no idea how excited I am!!! TDSSS had renamed itself. I ran every online virus scanner I could and nothing found it. Trojan Remover found it so fast. Thanks again!

Cyberdefender August 3, 2009 at 5:33 am

thanks for sharing some of the good information about cyberdefender.

cpg951 August 7, 2009 at 7:27 am

Thank you Scholar. Trojan Remover does what it says on the tin.
First scan in Safe networking found the nasty drivers, the second found a few other bits and the third was clean. Vista, Avira, Defender and Spyware Doctor were then able to update and I now have a clean uptodate machine. Perfect. Thanks again.

zedjay August 9, 2009 at 4:09 am

Have the same problem as everyone here..except I have not been successful in getting any of the solutions to work !

I do not have the TDSS file anywhere….

Tried Safe Mode and then Downloading Trojan Remover. The program starts running, and then simply vanishes about 10 seconds after it starts…pretty much like the other 10 Anti Virus programs I’ve tried…

How can this Virus disable all of these programs ?

I’ve tried clean copies from another PC…tried renaming them… tried Avast which works before the PC boots into Windows…

My brain is fried…

megan August 12, 2009 at 4:02 pm

i tried the manual removal but got stuck at the Non-plug and play drivers list.

there is no TDSSserv.sys on the list, so how can I disable it?

and yes, im sure that i have the same probably that is being described.

hypex August 12, 2009 at 6:15 pm

I tried all methods but the only one that worked for me was Scholar comment. Downloaded Trojen Remover from Thanks again Scholar

Scholar August 30, 2009 at 2:44 am

I’m glad that my solution was helpful to many of you.

A bit of further information~

Not all google redirect viruses are tdds viruses. The solution I outlined here did not work when I encountered the same problem on my laptop, since I had encountered a different mutation.

I’m working on some alternative solutions for such instances~ I actually repaired my laptop by going a completely different route. If you are fortunate enough to only get this once and you have the same virus I did initially, the Trojan Remover solution will likely work and be the simplest route to repairing your PC’s functionality. However, my suggestion is to uninstall Trojan Remover AS SOON AS IT CLEANS YOUR PC~ don’t wait for the trial period to expire.

Not to be a conspiracy theorist, but I left Trojan Remover on one of the PCs I work on just as a test, and that machine mysteriously had the google redirect virus again shortly after the free trial expired. I can’t say they invented it, but the company definitely wants your money! I still swear by it for a quick and very effective fix, but to be safe, follow my advice and get rid of it once it cleans your machine. It’s quite easily uninstalled and not worth the risk of it causing problems down the line. I’ve used it only once and uninstalled it on several other PCs and haven’t had any problems afterwards, so no need to be fearful of using it for a one-time clean.

I have the most updated version of Malwarebytes, and while it’s one of the best freeware programs online IMO, it doesn’t seem to catch this virus even when it’s able to run. If you download an anti-malware program and can’t install it, the best way to trick this virus (or any other that disables your system) is to simply change the .exe extension to .com. That generally allows you to install/launch the anti-viral/anti-malware program of your choice.

If you find the solutions I’ve outlined don’t work, please be as specific as possible about the problems you are experiencing. I’ll try to help you out as best I can.

dave August 31, 2009 at 10:37 am

Same issue as zedjay. Nothing seems to work. Can’t locate TDSS file. I tried starting in “safe mode w/networking” but I can’t open explorer even in safe mode (says “windows cannot access the specified device, path or file”). I then downloaded Trojan Remover and Malwarebytes to a flash drive via another computer and tried running them in safe mode on the infected computer. Both started to scan and then simply vanished.

Any other ideas? Anyone have any luck with a system restore?


Charmer September 6, 2009 at 5:56 pm

Thanks everyone for all solutions. Dowloading the free program from did it for me.

Thanks again.

Me September 7, 2009 at 10:06 am

I have a computer infected with the latest goggle redirect virus. There is no TDSS file to remove. I downloaded Trojan Remover to a non-infected computer and changed program names and ran it on the infected computer. The first time it found two potential problems and fixed them. I thought the virus would be gone, but it was still there. I can still run Trojan Remover, but it finds no problems. The virus disables all other anti virus software by either not allowing it to start, or allowing it to start and then hanging it up. I don’t know what else to try.

Me September 9, 2009 at 8:34 pm

IT’S FIXED !!!!!!!

Thanks to Simply Super Software. Their tech support is really super. They make Trojan Remover. I was at a point where none of the malware removers would work. The virus would disable all the many removers I tried. I emailed Simply Super Software and they led me through a solution.

Here is the sequence of events:

I emailed them telling them my problem.

Here is their return email:
Please send us your Trojan Remover logfile so that we can see what is
loading on the infected machine.

Trojan Remover’s logfile is called TRLOG.TXT and is located in:

For 2000/XP:
“My Documents”\Simply Super Software\Trojan Remover Logfiles

For Vista and above:
“Documents”\Simply Super Software\Trojan Remover Logfiles

I sent them my logfile.

Here is their return email:
Your system is infected with a rootkit (Trojan.Crot), which prevents
many anti-malware programs from working correctly

Please look for the following files:

I expect only one of them to be present. When you determine which file
is on your system let me know and I should be able to provide removal

Here is my reply:
I located a c:\windows\system32\logevent.dll file. There was no c:\windows\system32\ntelogon.dll file. I also did not find a c:\windows\system32\sceclt.dll file; however, there was a c:\windows\system32\scecli.dll. I don’t know if that is an okay file.

Here is their reply:
Proceed as follows:
1. Open a Command Prompt (START | Run – type in CMD and press Enter).
2. At the prompt, type in the following exactly as it is shown:


and press the Enter key.
NOTE: there is no space before the = sign, but there is one after it.
If you have typed the command correctly, you should see the message
ChangeServiceConfig SUCCESS.
3. Close the Command Prompt screen and restart the PC.
4. FInd the following file:
Right-click on it and select the option to delete it.

The file should be automatically replaced (within 1 minute) by Windows
File Protection. Look for the file again and check that it is back
(you may see it re-appear at the bottom of the directory, unless you
close Windows Explorer and then re-open it).

If you were successful in deleting EVENTLOG.DLL, and the new file
returns, you can then delete the LOGEVENT.DLL file (this is a backup
of the original eventlog.dll file, created by the malware – if we
don’t need it, we won’t use it).

Problem Solved !!!!

Me September 10, 2009 at 9:09 am


I received another email from
There’s one more step you need to take, to restore the now fixed eventlog.service.

Open a command prompt, and issue the following command:


Me September 10, 2009 at 9:12 am


Their web site is

Ewald September 11, 2009 at 4:45 pm


Removing all the redirects (and there were many …) in the HOST file in C:\WINDOWS\system32\drivers\etc\hosts, while leaving the normal entry (localhost in place, took care of everything.

I had almost given up hope, but thanks to your advice I was back on track in no time!

Thanks again,

Silk Huber September 17, 2009 at 12:17 am

Thanks for sharing some great reviews about Cyber Defender, this is really a great announcement for all cyber users.

Bruce September 25, 2009 at 10:30 pm

Hey thanks all for the good info. I could not get the redirect virus off my computer (TDSS). Malwarebytes would find it and always said it would be deleted on restart but it doesn’t ever work.

So I download trojan remover and it finds it, deletes it, and when it restarts, it works perfectly. It diagnosed the problem and told me the virus was going under a different file name to hide from virus programs. This is why I could never find a “TDSS” file anywhere in my device (unhidden) manager or windows explorer search. Download trojan remover and malwarebytes and you should be good to go! Thanks Again.

Heilig Story October 29, 2009 at 2:51 am

I had major problems with this virus, but i downloaded a trojan remover and it worked perfectly!!!

Thanks everyone for the help!


Allison November 5, 2009 at 5:17 pm

PLEASE HELP! Nothing is working for me, I’ve tried everything and I’m going crazy. I have been trying to fix this problem for more than 9 hours. I tried to fix the host file but it is a read only file does anyone know how I change it so I can save it with just the local host line.

jill November 10, 2009 at 12:31 pm



Jacob November 13, 2009 at 5:22 am

I think this thing is back in full force. I have downloaded and run nearly every virus scanner I can find. Updated all security on IE and XP. I have searched for TDSS. It has been 5 days with this virus which started as the some false Virus Scanner downloading on to my system, basically a variant of sysgaurd.exe, I had “bahwsysguard.ese”.

Thoughts?? Anyone???

Last option is to rebuild PC and wipe memmory clean..


Ambrose Santiago November 14, 2009 at 9:31 am

How to remove the Google Hijack virus?

That is a question without a solution for me, after struggling for about a week to rid the Google Hijack virus from my laptop!

I stumbled on to this website this moring and was hoping that I could take advantage of the suggestions on here after reading several successful posts, but it was not to be for me.

1. Did not find “TDSSserv.sys” file.
2. Can’t start up computer on “safe mode” or “Safe mode with networking.”
3. Trojan Remover, downloaded from did not work for me.
4. Malwarbytes, McAfee, and Spybot Search and Destroy did not do the trick either.

This virus is one tough cookie!


John November 29, 2009 at 1:41 am

AAARRRGGGHHH – I have the same problem. It’s driving me crazy. Not sure what to do now. I have tried EVRYTHING. Hours spent on this issue now. I am going to have to rebuild the laptop.


BILL November 30, 2009 at 8:05 pm

none of the suggestions here have helped.

Karri December 3, 2009 at 6:12 pm

I have too attempted with spybot, avast!, several others and i think I have it fixed and when I open IE up and go to google and click on a result link, I am redirected to a different site or a another window pops up for an advertisement. I have followed several suggestions from several differnt sites and still same results. Does anyone have the answer for this thing?

Eric December 7, 2009 at 8:09 am

I am having the same issue as Karri…I believe this must be a new version of the Redirect malware as the steps above have not helped. I have used AVG, Norton, SpyBot and all of the tools on Microsoft’s site. The disk is clean as far as they can tell, but the problem persists.

For God’s sake…help!

manny December 14, 2009 at 2:04 am

hey, i have a question, i went to device manager and i couldent find TDSSserv.sys and i tried malwarebytes and it didnt find anything, please help me

SUNNY December 16, 2009 at 9:44 am

I have also been trying to get rid of this nasty problem. nothing is working for me
pls help

tom December 19, 2009 at 2:29 pm

i cant do anything because i get a message saying application cannot be executed. the file rundl32.exe is infected. do you want to activate your antivirus software now?
then it redirects me to a site to buy this

paula December 20, 2009 at 2:30 am

I don’t have it in my device manager either. UGH!

Adam M December 20, 2009 at 7:49 am

Okay i use trojan remover, but then the virus comes back on reboot. So i need help, do i rename the files or delete them with trojan remover? What do i do after trojan remover? be specific plz. And i can’t find the TDSS file in my drivers from control panel! I have 2 hard drives. C: and D: and a back up J:. I hope this helps some people other than me.

scott December 24, 2009 at 7:09 am

ive got it also trojan remover found alot of things the others didnt thought it was gone but merry christmas

NAM December 24, 2009 at 11:49 pm

Trust me run combofix and it will work!!!

P'd Off January 6, 2010 at 4:10 am

i really dont know why everyone is talking about “TDSSserv.sys”
i am having massive problems with redirection from and it has nothing to do with TDSSserv.sys. i dont even HAVE TDSSserv.sys on my system, i’ve checked and double checked the hidden drivers and the registry, and every other place i could think of but it isnt on my system. and the advice to get pareto just seems like a scam because i finally got pareto installed and it did nothing except prompt me to spend more money on registering the product and do a lot of upgrades.

i’m still looking for a fix, but everyone is hung up on TDSSserv.sys. superantispyware doesnt help. malwarebyte doesnt help. i used iobit360 but it only removed spyware. ive tried just about everything else (including new firewalls and scanners to trace what’s going on) but nothing has helped me get a handle on it, google searches still get redirected unless you type it directly into the address window.

Gospel January 16, 2010 at 5:32 pm

Atm, i too am attempting to remove this virus, but the reason why tdssserv.sys might not be showing is because what i’ve bene reading from other websites and what someone even mentioned here is that this type of virus switches its file name, and certain ones do it everytime you reboot. So if you do remove it make sure to use your other antiviral progs to make sure its gone and hopefully this will work for me after i use trojane remover O.o

Lance359 January 19, 2010 at 3:34 pm

Most current search engine (Google) redirections are currently caused by an infected atapi.sys file (TDL3 rootkit). You can try Hitman Pro 3.5 which is capable of finding and removing the infection in just a few minutes.
If Hitman Pro asks for a Product Key just click on the ‘Activate free license’ to get rid of the infection for free.

Dave January 26, 2010 at 8:18 am

Thanks, Lance. Free at last, I’m free at last!!!!

Been obsessing over this bug for days. It slipped right by all
my spyware. Malwarebytes couldnt help, I didnt have that TDSS
thingy, and Pareto did nothing.

The Hitman Pro 3.5 was the only spyware to even see the infection! I think I all clear.

Thanks again, Lance.

Hannah January 27, 2010 at 9:33 am

I have been trying to get rid of redirect for five days now and nothing has worked. I just tried Hitman Pro 3.5 and it’s finally gone. I feel like I have just waged battle and won. I too didn’t have TDSS in my drivers and malewarebytes and combofix would not run because the virus was blocking both of them.

Thank you Lance!!

Felice January 27, 2010 at 9:56 am

Thank you so much! I have been fighting with this thing for 2 days. The first time I used Hitman Pro it didn’t find it. I had to rename my regedt32 file and then run Hitman Pro.

Monica January 28, 2010 at 7:42 pm

I just want to thank Lance for the information about hitman pro!!! I was getting weary with my search engines after trying several different program, but one touch of hitman pro solved my issue!!! I may have to invest in hitman pro!!! Thanks a million!!!

Gill February 7, 2010 at 5:42 am

Lance…..THANK YOU!!

After a week of going crazy Hitman pro has fixed it!!
I to had no TDSS,Malware wasnt finding anything wrong nothing was.

Again Thanx!!!

Phil February 13, 2010 at 3:31 am

Hi, Hitman Pro 3.5 removes this virus in just a few minutes. Does a cloud scan so the virus cannot block it. I had a couple of problems which it identified as Unsafe DNS Server Address, and atapi.sys rootkit, and which it resolved. After reboot everything was fine. As a temporary work-around if this doesn’t work you can use dogpile for searches as even though this uses Google, Yahooo, Bing for searches it doesn’t trigger the redirect.
Hope this helps

johnny alonso March 5, 2010 at 11:50 am

(got rid of the redirecting!!!! ) (here’s the solution) :)
hai guys -
i HAD the EXACT problem and it was driving me mad! seriously i was ready to kill somebody. and the redirecting was only happening to my work/website and the site to log into for me to update it – how f*cking convenient….
this is how i got that crap off my laptop (vista 32 bit w/firefox)

1.get the latest version of malwarebytes – perform a quick scan in regular operating settings

2. re-run malwarebytes in SAFEMODE – it will find the redirecting bastard trojans

3. download and install HITMAN PRO 3.5

4. turn off any anti virus programs and make sure youre not online

5. run HITMAN PRO 3.5

within 5 minutes it discovered another error on my system (a file called magic “something”) it said there was something funny about the license authenticity –

i deleted that issue – rebooted made sure norton 360 was back on. got back online, went straight for my website – loaded without a hitch!!!! now my computer is back to normal!!!

no more of that redirecting crap! and now im clear to view and update my website.

i stand by this procedure – i was ready to throw my computer against the wall if i saw another blank page trying to redirect me to nowhere.

im not a computer guy by any stretch – i just needed this thing fixed and as i said – i stand by this procedure 100% – it worked for me (friday march 15, 2010 1:19am)

i hope it works for you! :)

let me know

johnny alonso

Tracy March 26, 2010 at 10:18 pm

I just used Hitman Pro and it took care of the problem. I had been pulling my hair out for three days!

.NET MCPD March 28, 2010 at 11:41 pm


Hitman does the job because it runs from the cloud and detects the crapy dns entries that mess with your system.

I have tried several malware and antivirus software (MalwareBytes, Trojan Remover, Norton, Windows Defender, etc…) and the only one that worked is Hitman.

Hope this helps

AZbob April 9, 2010 at 8:53 am

Jonny A,
Thank you for the information on the redirect virus. I followed your instructions and Hit man pro 3.5. 4 found the scum sucker atapi.sys and removed it. However I did have to connect to the internet for it to run. I rebooted and so far my system it working correctly. No redirect and MS update site works. I battled this piece of mallware for over two months. I have read hundreds of posts on forums and help sites.
I contacted my virus protection program support for help. I also contacted Microsoft Support.
I informed them that I believed my system was infected with a virus that prevents me from accessing Microsoft Update site. It also redirects me to random sites when I do a specific Google search, along with subjecting me to pop up and fake virus removal tool sites and programs that mimic a Microsoft Site. I ran their suggested fixes and scans. I followed their directions and fixes. My anti virus program scan was supposed to automatically upload a file for their review. This never worked and at they suggested I copy and sent them the report via e mail. I did this several times asking for a acknowledgement that they received the file. I would get an automatic response with a new ticket number each time. I then received several notices that they would consider the mater closed if I did not respond. I did, but either they did not receive my response or they choose to ignore them. Needless to say I am disappointed with the support.
Over the next several weeks MS support suggested I clear this and change this and scan my system with their scanning programs. Nothing worked. They too decided that my case was closed and I have yet to hear back from them.
In my research I have noticed that a variant of this scum ware has been around for a year or two. It affects all MS operating systems, from XP to 7 along with Internet Explored, Firefox, Google, and Bing. One would think that with all of the resources the soft ware developers and costly virus programs have, they would identify and fix this problem.
Why is there an add on this site claiming I am the 100,000 visitor. Is this a scam? This is the kind of pop ups I was getting with the infection.

schoup April 14, 2010 at 9:31 pm

Ran Hitman and malwarebytes. The redirect virus comes right back at next reboot.

yutannelson April 22, 2010 at 7:43 am

I about went crazy trying to fix this. Every recommendation I found did not help until I found this one. Thank you to whoever posted this. Everyone needs to repost this elsewhere on the web to get the message out.

Look in (windows)\system32\drivers\etc\hosts. There should be only some lines starting with # and “ localhost”. Anything else in there might be redirecting you to a fake Google or other fake site.

Alicia May 12, 2010 at 10:32 pm

OH my gosh, thank God.

Downloaded the Hitman 3.5. I actually could NOT download it from because the stupid virus was blocking it. So I went to and downloaded it from there. I turned off my anti-virus stuff (Norton included – thank you, Norton, by the way, for STOPPING this virus for me). Ran the Hitman. 5 minutes later there were 4 files there and I had to reboot. Did it, worked! I restarted the computer again because someone above said that it did it again after restart. And this is again and it still worked.
Holding my breath it stays away!
What a horrible little thing.

What I question now is WHY does Malware, AdAware, Norton, Panda – all those NOT stop or NOT find this except for Hitman? It makes me maybe want to pay for Hitman for my home computer and have that be my virus protection for $25…

MJ May 20, 2010 at 4:19 pm

I have this google redirect problem.
Can someone instruct me in basic step by step terms how to remove it. I am a complete amatuer.

aida May 30, 2010 at 3:56 am

Download Microsot Security essential and have a full scan. It removed the virus. It was rootkit alureon virus.

I had problem w. google redirect virus and tried to fix it for many days. Could not do any search cause I got redirected, got music and commercial playing while surfing, pc was so slow and it was very frustating.
I tried avast, Hitman 3.5, malwarebytes and avg but none of them worked. Avast kept blocking the trojan virus, but it didnt not remove it. I couldnt find tdds file either on my laptop as what Bomp suggested.

Now I use MS security essential as my antivirus. I used to like avast but not anymore.

Ross June 3, 2010 at 5:03 pm

I have had all the symptoms in this thread and nothing seemed to work or remove the virus until I tried the advice above on scanning with the Microsoft Security Essential. It found the win32/alureoun virus which all other virus scanners failed to find (and ive pretty much tried them all) and removed it. Even Hitman Pro failed to find anything. Thankfully the problem has now gone, so i definitely recommend downloading the free Microsoft Security Essential virus protection and run the full scan. Cheers for the advice and post aida.

Don June 8, 2010 at 4:44 am

Same problem here. Kept getting redirected. No TDSS anywhere. Disabled “Google Toolbar” and no more problem, so far.

Laurie June 8, 2010 at 8:19 pm

It sounds like I have the same redirect virus as discussed in this thread and I sent the link to my husband who has been working for days to fix it. But I have a question.

In addition to the redirect, my computer keeps getting a pop-up windon for Just-In Time Debugging with “New instance of Microsoft Script Editor” in its text window. We’re trying to figure out if this is related to the redirect virus. I didn’t see that symptom mentioned in the thread and wondered if anyone else experienced that problem.

Sydney Barrows June 15, 2010 at 7:10 pm

I got as far as “non-plug and play drivers”. I have nothing that even vaguely resembles that and I clicked on everything is the Hidden Devices window. I have Vista Home Basic. What do I do now?

TN June 19, 2010 at 9:56 pm

I have the Malwarebytes and I’ve already used it and it removed about 30 something files that were infected, but I still get redirect to other sites and random sites still pop up even after I ran the Malwarebytes and I also have an antivirus program running at the same time that is not picking up the program.

dom June 27, 2010 at 8:19 am

looked in the hidden devices and i couldnt find it under non plug and play drivers but i know i still have the virus

Nijo July 7, 2010 at 11:58 am

I highly recommend using
Spyware Blaster
Spybot Search & Destroy

as well. MB didn’t pick up the Virtumonde.prx

Then give ‘Superantispyware Portable’ a shot, it found a few more things on my computer.

yogeshkansal July 8, 2010 at 6:40 pm

i am Search This site( harm your computer. fix it for many days.
how to remove a virus
please help me

John July 21, 2010 at 11:18 pm

This is a nasty, nast virus!!
I got this same virus and was not able to download Malware bytes or open anything.
I was able to reboot into safe mode then do a restore. This then allowed me to download malware bytes and run it. It seems to clear it up everywhere but in explorer. I still had the problem with search links re-directing me all over, major pain!!
I found this thread and ran Combofix. You can get it at:
This found it, and cleared it out. AWESOME software!!!
I would donate to these guys if I knew how!
It might have fixed everything if I ran it first and only, but don’t know since I found this thread later.

k July 27, 2010 at 12:00 pm

Hey guy’s I’ve had this one before and I think how I caught it was by running the computer in safe mode and then running malware bytes I have vista and that fixed it, don’t know if it’ll help but thats how I caught the stupid little head ache of a thing.

ken August 13, 2010 at 4:11 am

I tried the method of starting my computer in safe mode with networking and than was able to download combofix. It worked after weeks of trying other things. I was ready to give up.

Gadget Guy August 20, 2010 at 7:32 am

I’ve used Malwarebytes on a million peoples computers and it takes care of everything completely pretty much 100% of the time. Haven’t experienced this one though.

Rick August 28, 2010 at 2:29 pm

Well, was in the same boat here.

This thread was of great help, using combofix did the trick for me though. Malwarebytes could not find this bug.

Combofix is a great piece of software for this particular infection. Kudos to the developers.

Paul September 19, 2010 at 8:50 pm

Followed Alicia above and downloaded Hitman 3.5 from the NL website. Worked first time, although I paid for the one year version rtather than the free one. Have not got the one year codes yet, so used the free version, which has fixed it.

Jewls October 16, 2010 at 1:32 am

Why the hell is everyone so excited over Bomp’s post? He just copy pasted directly from this guide…

Anyways, mbam fixed it mostly, then trendmicro did the rest.

LaTresa November 3, 2010 at 8:19 am

I want to know if I was ripped off. I had the google-analytic virus and was charged $132 to take it off. He said he had to take everything off my computer, and he didn’t even load the AVG 2011 anti-virus software I had bought, which I requested that he do since I was having trouble downloading it with the virus. When I loaded it myself and ran the analytic after I got my computer back, there were 200 problems, which AVG fixed. My regular computer guy would probably have done it for $40 or less and would have run scans to get everything fixed…that’s what he usually, but he was unavailable. Is the google-analytic virus that hard to get rid of? I feel ripped off. I had to spend hours putting settings back and reloading everything, too.

dan November 23, 2010 at 3:47 am

hello there people

I would just like to quote ronel cause he is right

you just have to delete/Remove all redirects in
C:\WINDOWS\system32\drivers\etc\hosts, leaving the normal entry (localhost

at first i thought it was a virus but at some point i realized that every windows xp sp3 that came from torrents has it so it’ll activate once you fresh installed xp to fix it just follow the steps above

note : if you experienced the blue screen of death then definitely its a malware

PWNkne November 30, 2010 at 7:48 am

Jewl the thread starter edited the thread and put in what bomp said so bomp figured this out

Dave Alfred January 24, 2011 at 7:00 pm

i found another way to disable it you see in your network connection you got another connection do this Go to Start > Control Panel > System > Hardware > Device Manager > View > devices by connection then disable microsoft loop back adapter and a unknown device do not uninstall them they will come bak again so just disable them thats all i hope it helps :) be sure usemalwarebytes too scan it first then delete virus and if its still there follow my instruction

Parrotoga February 1, 2011 at 6:58 pm

I managed to get both this and at the same time.
Nasty stuff, but if you’re fast you can regain control of the task manager by CTRLALTDEL immediately upon booting up.
(in this case bloatware actually helped! They ‘turn on’ late in the system processes, so having to wait for skype, UAC, realplayer and others to load gave me enough time to get rid of the processes that cease .exes from working. FYI if you get it is called something like svershld.exe or similar, it’s the fake AV systray shield icon.)

Bryan February 6, 2011 at 7:38 pm

I tried to remove this virus but i couldnt. I tried looking for this TDSSserv.sys but i couldnt find anythin, if anyone can email me with som help please do so thanks

MarkMckayTnt May 7, 2011 at 12:25 am

Trojan Remover got rid of it for me!… Thank God… 3 weeks of it on my laptop

Emily September 2, 2011 at 11:25 pm

I need help! I cannot get rid of this. I’m in no way a computer person. I need a step by step…(for dummies) HELP!

Leave a Comment

Previous post:

Next post:

© TroubleFixers – All about fixing computer troubles2007-2014 . All Rights Reserved.