Remove Virus Which Redirects to go.google.com | go.google.com Redirect Virus Removal tool for Windows

MALWAREbytes anti-malware solved it 4 me

MALWAREbytes anti-malware solved it for me too, until I rebooted again…. then the shit came right back. Ugh. This is coupled with VUNDO which is *THE* worst malware EVER. I cannot get rid of this and think I’m going to have to resort to just formatting. I hope this program works.

I can’t Launch any anti virus softwares, I think the virus blocked it. Malwarebytes’ Anti-Malware and XoftSpySE doesn’t launch. please help

I can’t launch Malwarebytes either like Palmera said.

Any help? It says it’s running in Task Manager -> Processes, but it won’t show on screen.

Thanks.

XP Removal tool gets stuck during installation. Well, no help here..

Google Spyware Doctor found some issues but not all.

Installation finely completed but the tool won’t run.

Malwarebytes’ Anti-Malware is recommended but it won’t start either. This virus is very smart. It blocks certain URLs, redirect Google results, and prevents certain programs from running.

@Peter, @Rob, @Palmera,
Hi, guys – The post has been updated with a link to another tool to remove the go.google.com virus

I have both on my computer and cant run either….help

Hey all, I have this same virus, stupid thing is sooooo tricky!!!! Won’t let me run the programs you listed, Malwarebytes program won’t install and the go.google removal program (XoftSpySE) will install but won’t run, I’ve tried everything!!!! Pleasssssseeeee help, this is getting to be sooo frusterating.

Also certain websites won’t even load, like trendmicro’s housecall, and bleepingcomputer.com (tried on my GFs computer and it works fine, not on mine though).

Also my programs won’t update, antivirus won’t, spyware won’t, its like this thing is one step ahead of me!!!

Please help!!!!!

Exactly the same as me so any help would be grately appreciated.

I have tried to copy to CD Malware bytes from my desktop to run on the laptop but it fails and wont copy so i cant even do that now!!

Im at the end of my tether

Has anyone come up with a solution? I can’t get MBA-M or Xoft to run…

I’ve searched the web up and down for the past 2 days with no avail. Tried everything imaginable just can’t figure it out.

Curse this wretched virus! Someone knew what they were doing when they made this sucker!

jclayart:
No joke!! Whatever you do, don’t download Cyber Defender. It ran a scan, but in order to go any further I would have to have subscribed ($20 or so), but it messed up my toolbars and search bars…It got ugly, but uninstalling it from my control panel fixed it. Have you tried the STOPZilla?

I’m in the same boat guys. I’ve tried running the following programs in safe mode and regular mode:

AVG – can’t update definitions, blocked by this virus
McAfee – same, can’t update DAT files
Ad-aware – nothing found
Spybot Search + Destroy – can’t update, download includes via other PC, applied them manually, no threats found
Hitman Pro 3 – found and fixed 1 threat, but did not solve problem
Hijack This! – exe won’t run
Super Anti Spyware – exe crashes when run

I’ve spent hours on this – freakin spammers and hackers deserve to burn in the fires of hell.

Anyone else have luck purging this thing??

Eric

Same problem happening to me. Can’t search bleepingcomputer or techguy forums as go.google redirects. Can’t access support.microsoft.com either.

I’ve run SmitFraudFix & Combofix both in Safe Mode and rebooted with no luck. Seems like it went away but a day later here I am again and Malwarebytes won’t run for me either.

Best of luck to everyone

Chuck

I spent a good 10 hours on this over the course of a week. Trojan Remover finally worked. It found a backdoor file with TDSS in the name. It stopped the file upon restart and it solved the problem. That is one tough virus.

After manually updating and running SpyBot S&D, it found it (i think..) It referred to “Microsoft.Windows.RedirectedHosts” which sounds exactly like what we’re after. It found 2 entries then my screen suddenly went black. Are the files smart? Did they know they were found and triggered this? I don’t know, but i force shut down in case something bad was happening. Now trying SpyBot in safe mode. still scanning…

It found them again, 4 entries this time. Screen went black again even though I’m in safe mode. Grr. I’m gonna just wait and see what happens. This sucks.

Oh man, I’m such an idiot, hahaha. I’m so paranoid about this bug that I freaked out over the SCREEN SAVER starting, haha.. Yeah, the files don’t turn the screen black, i’m just a retard.

Browser redirects to go.google/go.yahoo/go.msn

Symptoms: Slow internet search, text fonts in Google are bigger than normal, redirected to go.google/go.yahoo/go.msn and then on to advertisements after clicking on links on Google page, unable to download any anti-spyware downloads, unable to download Microsoft’s malware program (says page is unavailable), unable to go to many trouble-shooting help forums and download pages (says pages are unavailable or that there is no internet connection), Malwarebytes and other malware programs will not run (they freeze up during the install)

After fighting with this for 2 days, I finally found the following solution posted (worked on 11/16/08):

Go to http://www.freedrweb.com/cureit/ for free (you will have to do this on another computer, because the malware will not let you do it on the infected computer), download the program on a jump drive, and then run on the infected computer.

It worked for me, my computer is back to normal (after cureit deleted a tdssxxom file in Windows/System32/drivers)!!!

To whomever posted the solution originally, thank you!!!!

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

Right click on it, and select “Disable”

Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.

To get the programs to run, just rename the exe file…the virus is preventing them to run. Just rename Malwarebytes and it will run.

Keith’s right. I just renamed the .exe file, and it was no longer blocked.

By far the easiest and simplest option.

awesome from BOMP!
i think i will get it corrected now
mike

Thank you Bomb…you saved me there. I did everything except your instructions and after everything just clicked. Awesome…..

Bomp – Thanks so much

Dear Mr. Bomp:

You are awesome!!!! Thank you! Thank you! Thank you! Many hours and attempts with many virus or rootkit fixes did nothing. But you, you did it, man. Did I say thanks? Thanks!!!!

WOW, THANK YOU!! Keith’s suggestion did the trick for me in renaming the Malwarebytes setup file so that it would actually install. I couldn’t install any anti-virus program because this thing recognized all of them until I tried the rename. I did manage to get rid of the Antivirus2008 malware popup with the free program Avira Antivirus which for some reason loaded while being infected. Malwarebytes did the rest and everything seems back to normal.

You are a God !!!

I spent some 2 hours to try to clean the computer of a friend. Malwarebytes that i use to remove spywares on all computers can’t open. Same thing for other popular anti spywares.

I tried the last solution (disable TDSSserv.sys) and it worked. I was able to update again Malwarebytes and run it. It found the virus and removed them.

Many many thanks

Thanks bro, you just made my day – this worked perfectly. After losing a hard drive on my laptop and getting my gf’s laptop infected with this virus in the last 3 days, I was about to lose my mind and spend $300 to take the machine to Geek Squad. The system had to recover from a serious error and it scared the crap out of me. I even had to dig out my 5 year old Compaq PC just to get internet access.

Thank you, thank you, thank you, thank you.

Everyone should kiss this mofo’s feet.

Bomp i realy want to thank you for your post, also I want to thank Rohit for making this thread, without you guys I still would have had this virus on my laptop.
Thank so much =D

What a pain!!! After seeing that someone else had success with Trojan Remover, I gave it a try and VOILA it was gone. Thank you so much for the help!

I made a post, just to thank you.

Thankyou Bomp.

Thanks for the comments, I’m glad that I could help others to solve it, as I know what a pain it was. It took me 2 days to figure it out, as I was monitoring my HOSTS file mostly, and I thought there was a Trojan editing my HOSTS file on the fly, or some kind of Stay Resident In Ram application being linked to and bypassing the HOSTS file altogether. Got there in the end though.

Cheers.

Bomp.

Bomp, you saved my arse. Much appreciated.

after dealing with several malware infections before, this one is proving to be quite a problem. Typically MBAM run through SafeMode catches everything, but this particular one seems to be more troublesome. I can remove everything MBAM finds, which is usually just 2 registry entries of the form tdss* but then when i reboot it comes back.I already figured out to just rename the mbam.exe file to get it to run, but that didn’t seem to solve everything…
found the device manager -> hidden devices suggestion , and that allowed me to skip the rename step. but when i reboot and scan again then try to go back into normal windows mode, it comes back. at what point can i delete the tdssserv.sys hidden device?
do i actually need to run a combofix or sdfix. i have no other spyware/malware infections other than this go.google redirect thing…which i may be incorrectly assuming is linked to the tdss trojan?
in summary, i can make everything work fine in safe mode, but somehow it gets reinstalled when i get back to normal windows mode…
thanks.

Thanks Bomp you’re a legend. Saved me hours of headache and head scratching. Much appreciated.

Thank you very much, been struggling all day..
It wouldnt open this page either, but over “google translate” or “Cached” link i was able to open it.
Saved me! Nice one Bomp and this is the only page that helped me.

Thanks a million Bomp!
I got rid of it, now struggling with karna.dat…:(

a wanna thank you for this information – yes ave been stuck with this issue as well for a couple days – my mind has been twisted over this
MANY THANX AGAIN

THANK-YOU soooo much was the device manager solution…disabled the hidden plug and play device TDSSserv.sys and rebooted. you saved me from a reinstall this worm frustrated me for atleast 8hours. damn clever what they did…. after the reboot guess what Mcafee jumps on it and deletes the files when they try to run again, why didnt it catch it in the first place “it musta been sleeping” lol

thanks again for the help!!!

B O M P – - T H A N K Y O U ! ! ! !

Thank you a million times over, sir. I nearly lost my mind with this violation of my laptop! I followed your instructions to disable the TDSSserve.sys in Device Manager, renamed the Malwarebytes exe and ran the program.

I would like to follow up on Heath’s request –

“at what point can i delete the tdssserv.sys hidden device?”

oh, yeah….

and how?

Again, THANK YOU BOMP!!!

I used comboFix.exe to get rid of TDSSserve.sys, before I even updated my AVG Anti-Virus so I don’t know if AVG will catch it. ComboFix.exe also found av.dat.

But after I updated AVG, it found:

TDSSrigp.dll – c:\windows\system32\
TDSScfum.dll – c:\windows\system32\
TDSSnrsr.dll – c:\windows\system32\
TDSSofxh.dll – c:\windows\system32\
TDSSpaxt.sys – c:\windows\system32\Drivers\

After clearing those files out, I used CCleaner to get rid of all IE7 & Firefox temp files, then RegCure to clean up the registry.

You may be able to just delete TDSSserve.sys, once it has been disabled.

Another program I use is “Process Viewer” which I find handy for killing hidden processes, so if any of the above dll’s are active then prcview.exe can kill them.

Get Process Viewer here http://www.teamcti.com/pview/prcview.htm

Dude, you rock. A million thanks. For two days I’ve been fighting this stupid thing on a friend’s computer. With all the worthless slime out there thinking up ways to screw up people’s computers, thank God there’s people like you figuring out ways to fix ‘em.

Thanks again.

Oh yeah, you’re a lot smarter than I am.

Thank you so much Bomp!! I’m sure that you get tired of hearing this, but you are an absolute genius!! Rock On

I disabled the TDSServ.sys and it worked like a charm! I was able to update my AVG where before I couldn’t even load the site.

A million thanks!

Had the same problem after letting a friend “check his email” on my computer. I’m guessing the got this from opening an attachment in gmail and/or clicking on/going to an adult website. Said friend is now banished from “checking his email” on my computer. I’m not even sure I’m going to let him back into my apartment.

Ran Dr. Web’s Cure It as referenced above, found a file named “BackDoor.Tdss.29″ in C:\windows\system32\drivers, deleted it, problem solved.

This was also flat-out killing Google’s “chrome” browser’s ability to connect to any websites.

Thanks all for the helpful hints.

Thanks! Bomp’s trick worked. I updated and was able to download another malware checker, and took care of the problem. Just as you said. TDSS is the problem file. It gets into registery and replicates and … well it’s nasty. Thank you for helping me get rid of it, and it was easy too!

Bomp – As many before have stated – thanks!
I deal with this crap at work all the time and I was stumped beyond belief as to why it wouldn’t allow Smitfraud.exe and the rest to run.

Disabling that hidden device worked and I am now kickin it.
Thanks a million and I am filing this fix away for future needs.

Now all we need is for someone to track these a$$holes down who make this crap.

Did you ever know that you’re my hero????

Thank you so much!!!!!
~k

You are a legend Bomp.

Thanks for your time.

BOMP, you da man!!!
your thing worked like a charm for me.
Many Thanks!

After disabling the file in device manager, i was able to find the file in the folder listed below and remove it.
this seems to take the file out of the computer completely out of device manager instead of leaving it there disabled.

c:\windows/system32/drivers/TDSSpqlt

Props to the guy that made this thing, one of the best hidden virus’s yet. and thanks to the person that found it and told us here

Good luck all.

-CollegeGeeks

My hat’s off to everyone on this forum. Thanks for sharing solutions, this list helped me rid myself of this bug in only a few hours. Thanks again.

Thank you all you guys for help – especial to “Bomp rules” who provided the solution for me, at least. Many, many thanks

Hey guys, I got this virus however there is no TDSS or hidden devices starting with T that I can disable. Maybe the virus has changed now?

Thanks a million for the tips given. Did as advised and got rid of this nasty virus. Happy to note that there are still good souls in this world.

I am just amazed at the devious mind of the person who wrote the code . .

I am also not finding any TDSS files.. Please Help.. google redirects to pages full of ads, can’t update my windows, ect..

This thread worked for me. Thanks to BOMP and the rest. I disabled the “hidden device”, rebooted, ran malwarebytes (updating its detection first) which detected a BUNCH of infected files, rebooted, and am now running a full scan.

How come we never hear about the bad guys getting caught?!

Thanks for all your help.

David

Hey Dave, I had the same problem as you, I could not find the TDSS file, but I was able to download the MALWAREbytes anti-malware and it found like 11 trojans on my computer after I did a full scan and it removed them all. The full scan took about 3 hours for me because I have alot of files on my computer, but it was so worth it and my google works now. Hope that helped ya out there buddy

Thanks BOMP and to my Wii`s Internet browser for letting me find this, since my PC wouldn`t.

dave, i also couldn’t find the TDSS device at first. but i restarted my computer (because of windows updates) and got a blue screen of death, so i rebooted into safe mode, and there it was. i’m running XoftSpySE right now, and it seems to be finding the trojan.

Thank you for the help!

I went straight to the device manager and Disabled the device you list above. After a restart, the computer works fine, I am currently scanning with Anti-Malware. Thanks again!

Please do not forget to check the HOST file in C:\WINDOWS\system32\drivers\etc\hosts

The virus adds all the redirects in that file, simply remove them all and add the normal entry:
localhost 127.0.0.1

For me, after cleaning everything the stuff was still there until a collegue asked to check the hosts file and BINGO!!

Thanks Bomp! Just got infected and your solution worked perfectly. ALL HAIL BOMP!

Bomp, you rock.

Having I’ve run malwarebyte, I see that the tdss server is still present in the system window, although it is now marked with a yellow “!”.

Should I uninstall it?

If you’re having trouble running Malwarebytes, browse to the install directory (C:\Program Files\Malwarebytes’ Anti-Malware) and rename the mbam.exe file to something like mbam1.exe or mbam_.exe, this will allow it to run. It still won’t update. Be sure to change the filename back to mbam.exe before rebooting to fix any problems or the program will not be able to find itself again on startup.

wondering if u have to pay for any of the virus protectors/removers or is there a simple way that i could use?

Hey guys you have to read through everything in order for your programs to run to remove this malware you will need to disable that rootkit in the Device Manager!

“…Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers…..” Worked for me; After rebooting AVG came right up with an update and worked great;

Thanks

You the man Bomp!!!

Thanks a Million… It did worked for me. I was strugged with this for two days…

Keep up your good work.

Thanks.

Thanks for the help, Bomp!

Thank you – tried absolute everything and nothing worked. Your solution (disable TD….) fixed it in 5 seconds!!

Thank you soooooooooooooooooooo much for this solution. My internet is working great now. I had the most difficult time fixing this, and now, all gone. Again, thank you.

Thanks for this website. I have spent days agonising about ow to fix the problem. I couldn’t download patches from Microsoft, couldn’t download the Google Chrome couldn’t download the malware program.

Must disable that TDSSserv.sys thing.

Thanks to this website, thread, and especially BOMP for posting this solution online. I’ve spent the past week trying everything to fix this issue.

If only people like Bomp could find a way to reverse track all the people who write the malicious codes, viruses, and spyware and give them a taste of their own medicine.

I don’t know how I got this ‘redirect’ code in my computer, but it seemed to happen right after I downloaded AVAST from CNET. I’m not saying that it was the reason, but it suspiciously happened around the same time.

Again, THANK YOU BOMP!

stupid question…but where is the disable option???? I right click on TDSSserv.sys and it says uninstall, scan for hardware changes, and properties? Where’s disable?

Hey this sounds like the same problem but there is no TDSSserv.sys option in the device manager. The actual problem is that whenever i open firefox (my homepage is the default google homepage) it comes up as corrupted text with links to a microsoft site which doesnt look very legitimate. This happens in IE as well and it seems like only certain sites are ‘infected’, so far i have found google,yahoo,youtube,facebook which come up with the same problem. Other sites work but it is always the same thing with those specific ones. Does anyone have any idea what this could be or any solution? thanks, Tom

i am having the this problem with google and yahoo search, but there is no TDSSserv.sys there. Is there another way?

Bomp you rock, this one kicked my tail all day (felt sorry for those that have fought it longer). Disabled the tdss and loaded Malwarebytes – found them all…all is well now.
Thank you so much for your insight!

Hi All,
And thanks for the soultion , will try this one later and let you know if it worked , but it looks promising!
So i need to understand something here….
The file in question is TDSSserv.sys , correct?

Has anyone actually looked at this file , does it yield anything in there , or does anyone have an idea what languages this virus is written in?

Maybe examining the file , in some sort of dev studio , or notepad (yeah right!!) might give us some clues…..

Any ideas anyone?

Matt

Thanks.

Do I need to do anything with that file (TDSS) now that I have removed the virus?

Hey Bomp – how did you figure out that it was TDDS? I was pulling my hair out, thinking it was the hosts file. Had I not found your post, I would still be going nuts. How did you diagnose the problem?

Finally I came across a solution! THANKS SO MUCH. Disabling the TDSSserve.sys fixed it. I would never in a million years thought of checking there. Man those hackers!!!!!! I can’t believe they thought of redirecting the virus update like that.

I had tried increasing security and privacy and blocking all cookies, and removing all the crap I found in the IE Temp folder but it just kept coming back and then messed up my desktop.

UNLIKE ALL OF U OUT THERE, I discovered that I could read all the searched websites by clicking on the CACHED pages. Those didn’t ever get redirected.

I CANT BELIEVE GOOGLE is sitting back on this one!

I had this virus in my computer and it was driving me crazy trying to remove it. Your information helped me so much. Thank you very much for sharing this information.

thanks Bomp

was struggling with my computer going to go.google.com did the procedure as you stated update malwarebytes and fixed the problem

thanks again

Thanks for your help. Your lesson are good, you should apply for a job at a Anti-Virus/Malware/Spyware company. I would recommend you.lol

I could kiss you!

Thanks to Bomp! I was able to get a work-around so I could download malwarebytes, but then I couldn’t install it nor could I run spybot to just reset to a previous reg save; once I disabled TDSSserv.sys it was no longer a problem. So long go.google.com redirect!

Bomp… You’re a God…. hehe…. My boyfriend has been sat at his laptop for hours trying to fix this…. he’s trawled the net… well that was before the net went awol on him…. he’s tried every suggestion going… to no avail…. Then I stumbled onto this site by sheer luck… and thanks to you I was able to suggest ‘your cure’…. Its not often I get to out geek by boyfriend so I’m totally basking in the glory…. Yay!… Go me… and *erm* you of course… The milkybars are on me!!!

I can’t thank you enough for posting this fix, I’ve tried for days to fix this and this was the ONLY thing that finally worked. As soon as I followed the disable portion:

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

Right click on it, and select “Disable”

Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this….!

Thanks once again for your help, you are now in my favorites!!!

Thanks for this forum! I was getting frustrated with this virus. I used Spybot and that didn’t locate it, I have Norton Securities and anti Virus and that didn’t locate it. I didn’t have the TDSSserv.sys. in the Non plug and play. I tried other software Malwareremoval.Bot (I thought it was Malawarebytes Anti-malware but it was something different that found a few virus’s that Spybot didn’t find. Finally I came across this post and saw Bomps message and then downloaded the correct malawarbytes AND IT WORKED LIKE A CHARM!! My system is back to normal now! I was on this computer for several hours trying to figure this virus out!

Thanks again!

Hey, I’ve been trying to figure out where this virus came from or what the hell we can do to get out a fix for it… I only use firefox and have no clue how I got it. Also, the most recent version for me gave me the blue screen of death at one point, refused to let my computer boot (froze it), and wouldn’t let me run combofix or HJT off the desktop. Anyone have a clue how this gets downloaded onto your system? I don’t think I’ve had any recent downloads except from safe (trusted) sites…

Oh, as a sidebar, I got the virus this last weekend somehow (like the 10th/11th, not sure) and recently fixed it using the “disable TDSS” method from the device tab, then running combofix, HJT, and spybot S&D

FINALLY!!!! go.google.com / jump virus GONE!!!

Thanks to all on this thread; I tried a number of things…
Found that I could NOT disable “TDSSserv.sys” as that option just was not there…
Tried ParetoLogic – 4hrs to scan and then says I had to spend 40 bucks to clean up – waste ‘o time!!
…then….

I downloaded (off another PC, and placed on a net-drive accessable by the duff one)…

It installed OK, but would not run…so RENAMED it “CF.exe” and ran that like a charm…all gone…took 30mins in total…

Here’s a detailed link of how it all works…

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Happy fixing fellow N3rds!!

THANK YOU!!!!!!!!!!!!!!

hey bomp

ur post helped me to diable and temporarily stop tdssserv.sys i have installed malwarebytes and hijackthis softwares and done the scan but i m not able to kill tdssserv.sys forever it still remains in the same place with an exclamation mark in yellow circle ,what does this mean , i m not able to figure out wat to do now ??

There is no TDSSserv file in the device manager- even when i click “show hidden files” any suggestion?

Bomp – you saved me. I wrestled with this for hours and thne I found this post. I followed the disable tdsserv.sys instructions and then ran malware and bye bye virus. I have the same question, however, as many others on this thread: when is it safe to enable TDSSserv.sys again?

many thanks.

Thankyou I am working on a machine that had this issue plus antivirus2009 and antispyware2008. Nothing I installed would work becuse it stops any kind of update. This has been one of the worse infections I have seen, as it seems this hijack also redirects the machine to further attacks.I was almost at my wits end. As they say you learn something everyday.

Thankyou again.

Excellent article. Solved my problem.
What sort of sick people write this stuff.

Thanks!

For those wanting to know what to do with TDSSserv.sys once it has been disabled, I can only suggest that you delete it, (Don’t re-enable it) it’s a trojan.

Go to > start > Search, and type TDSS, and press the
“Search Now” button, to find all the files with the TDSS name. Windows will then give you a list of where the files reside, so it’s just a simple matter of going to the address of those files with Windows Explorer and deleting them. (Empty it out of your recycle bin too) Be aware that the TDSSserv.sys trojan agent now has a multitude of names, so it could be anything TDSS****.***

For those that have the greyed out “Disable” selection on Device Manager, I can only suggest that you enable the viewing of hidden files and such.

Go to > Start > My Computer > Tools > Folder Options.
Select the “View” tab, then:
Click on the “Show hidden files and folders” button.
Uncheck the “Hide extensions for known file types” box.
Uncheck the “Hide protected operating system files (Recommended)” box, and select
“Yes” at the warning prompt, then “Apply” then “OK”

You might also need to click the icons
“Show/Hide Console Tree” and “Show/Hide Action Pane”
twice on each one just to get windows to refresh things, then select;
Action > Scan for hardware changes, or select the icon of the PC with the magnifying glass.

For those with Vista, I can’t help at all, I installed Vista and put up with it for a few months, hated it, then put XP back on my PC, sorry. But if anyone with Vista has disabled the TDDS trojan, update this thread for other people too. Hope that helps.

Bomp.

Oh yea, good man Rohit, for starting this thread.

Finally!!!!
You would not beleive how long it took to find someplace that knew how to fix this problem. I found so many web sites that said to run this program or that program. I am sure the programs work good to fix the virus, but I could never run the prograj. I feel silly not thinking of changing the name of the program. Koodos to Bomp who explained how this virus works. You guys are AWESOME!!!!

THANK YOU! I am so appreciative of your posts, Bomp. I gave my daughter a laptop for Christmas and this is the second security issue she has had since then. I don’t mind being her teck support, but geez… the hackers are waaayyy smarter than I am.

Want a discount on a t-shirt quilt as a thank you, Bomp? It’s yours for the asking as a thank you!

[...] found by an enterprising member of the tech community, who was so kind as to outline his procedure here (condensed version) and here (original source of fix).  The instructions are stellar, but they direct you to try to [...]

BOMP!! I love you!! Thank you!!!!!!

windows update redirects to google
avg wont update
cant find tdss
what to do?

hi,
i followed the advice given at the end of the fix, the manula advice, but when i finally got to the unplug section i was unable to find the tdssserv.sys file. it does not seem to exist on my computer.
any advice ?

tegards,
/M

Bomp … great tip … worked fine … you’re a good man.

On behalf of UK users I am pleased to confirm you are now Sir Bomp..

d

DOOD ** RENAME THE MBAM SETUP **

PROBLEM SLOVED !!

I can’t thank Rohit and Bomp enough for their help with this! I had the same “redirect problems” and could not find a solution. After an hour on the phone with DELL tech support (and being asked “do you really use a search engine that often?”) I was told to call Dell software support and pay for help. Luckily I was able to find this solution via a search engine on a San Francisco newspaper web site and the last method was the solution. THANK YOU!

Thank you very much for this post. After nearly 30 straight hours of frustration trying everything I could find, and weeding through dozens of “try downloading this…” suggestions (hello, I can’t download!!), I thought my head would explode. This allowed me to update all my new AV sofware and run to finish cleaning up. (BTW, dumped Kaspersky and got my money back since it won’t play nice with Spybot S&D – I’m convinced I wouldn’t have been in this mess if I’d been able to run Spybot the last three weeks.) THANKS AGAIN!!

aye thanks keith like renaming the prog exe worked like cheers!

Thanks to ROHIT for first publishing the solution and thanks to BOMP for Ctrl-C – Shift – Ins the solution from ROHIT in your post….

Give credit where its do…

-S

I have had a similar problem, IE redirects to google when trying to go to windows update, none of my spy or malware programs will update, they will run but not update. Nothing found with MBAM or superantispyware. Mcafee AOL version will not update, on the advice of AOL I uninstalled Mcafee and tried to reinstall to no avail either it locks up and says to try and reinstall if using AOL browser or webpage not found using IE.

No TDSSserv.sys found anywhere

Here is my fix for this.

Download and run Combofix.exe
Now you can update MBAB and run it
Download MCPR.exe the Mcafee consumer products removal tool
run this to remove all traces of Mcafee products.
Now everything works fine all updates can be done Mcafee reinstalled and no more google redirects.

I have no idea why this worked for me but it did!!!!

Eureka! It worked. No more redirect! I love it. Sign me up.

you guys that can’t find TDSS while trying manual removal, make sure you show hidden devices.

Rohit gives credit for the comment, it’s in bold text, below the fix. And I’d use Ctrl+v to paste, it’s quicker as it’s the next key over from c.

Many thanks! I had no luck with this for weeks until finding this page. I did so by Googling “go.google.com”. I scoured my machine but never thought to check in “non-plug and play drivers”.

I did exactly what Bomp said, and there is no file in the list called “TDSS”.

I’m not sure what to do

I’m guessing over time, the virus mutated and got more difficult to get rid of?

Can someone please help me?

HELP ME !!!!

I fount this: TDSSserv.sys manualy and I set it on deactivate… I was able to run Malwarebytes and the virus was gone.. I only had a small virus in google with an IP adres

Now The Virus is BACK !!! with 2 spyware scanners instead of 1.. ANTI SPYWARE 2009 and a fake Windows virus scanner..

I can not run or install anything… Google does not work.. Internet falls out after 5 minutes… System Recovery doesnt work anymore.

And I am not experienced enough to use a Hijach or Combofix.

When the Virus came back it still was deactivated so I deleted it in the hope it would come back and I hoped to do the same trick.. No way.. It still is gone.. and I have no idea what to do..

Please help …

malwarebytes anti-malware solves the problem for sure but the scan takes a long-long time so u have to be patient

cannot find tdss in non plug and play I did click show hidden devices tried search for tdss nothing comes up
I Know its there somewhere but cant find it? maybe under different name now? Any ideas

I ran malwarebytes anti-malware and it took care of it!
THANKS

I tried it and I can’t find the TDSS thing and malbytes won’t update :<

Ditto. Not under that name anymore. Any new suggestions?

Same here — no TDSS file found (show hidden files WAS checked) and I can’t get ComboFix to run no matter what I do. I’ve tried 5 different anti-spyware programs and they find nothing. Does anyone have a solution?? This virus has obviously evolved something wicked …

I don’t know if I have the same virus or not. I get redirected to various advertising sites when I click on a Google search result. The name in the seach result seems right, but upon clicking I get sent somewhere else. Malware anti-malware finds the system is clean, as does Spybot S&D, Spyware Doctor and Registry Mechanic. Any thoughts on how to remove this???

I have also tried CCCleaner as someone else had suggested in the past. Still no luck with that.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

No such driver as ” TDSSserv.sys ” !!! Any other way to fix this ??? Thanks … Anil A. Desai

Same issue. I clicked to view hidden devices, checked everything and it isn’t there. I also tried renaming the setup files for MBAM and Spybot and niether of them will actually run. I get the prompt asking if I want to run, but it just stops after that…

Also, after a full search, no files were found with TDSS in the name.

It must have evolved, because everything else is exactly as it has been described. Any ideas anyone?

Same issue . I too could not find TDSS anywhere .There was netsik and port135sik in DeviceManager->Hidden Devices.

Diabled them. Restarted the laptop. Ran the MalwareBytes but no help . Still my firfox and IE are getting redirected .

I have run almost e’thing available on web like registry cleaner.Uninstalled the firefox and tried but no help.

I am stuck from two days. Please help ….

Hi,
I also cant find the TDSS, anyone help

Hi,
Ran the MalwareBytes and it worked:)
Thanks everyone.
Frank

Hi all of u guys who can’t find the TDSS file even though u are clearly clicking show hidden devices.

Follow this step by step and your computer will be back to normal.

1. Download malwarebyte (latest version with all the updates) on a good computer.
2. Put it on a flash drive
3. Transfer it to the infected computer
4. Rename the file to setup.exe
5. Run the setup.exe file
6. Rename the directory it’s installing to as Malware and rename the folder as Malware too in the installation setup screen
7. When it gets to the final step of the installation it will seem like it froze….it hasn’t but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.
8. Go into the Malware folder in through Program Files
9. Rename the mamb.exe or what not file to mab.exe and run it.
10. Do a full computer scan
11. It should bring up 10-20 viruses most of which are the source of this problem the TDSS trojan virus.
12. Check all and remove/fix/delete them.
13. Restart your computer and you should be back to normal.

Hope that helps,

Robzy

Just went through Robzy suggestions. Was able to load spydoctor from the malware sight on a flash drive and get it to run on the computer. Found 28 infections but then had to pay $30 dollars for a license to remove the found infections. After paying and removing the infections google worked once. The second time the redirection started all over again. What’s up with that?

This is one of the most malicious and dumbfounding viruses ever, but the solution actually isn’t that complicated. Bomp’s solution didn’t work for me because I had a mutated form of the virus and my laptop runs on Vista. I couldn’t launch any anti-spyware programs because as some users have mentioned, the virus prevents them from running. System restore was down, windows kept shutting down, got redirects during online surfing, etc. I had pretty much every problem mentioned above and then some.

All I had to do was start in ’safe mode with networking’. Then I downloaded Trojan Remover. If your internet pages are being redirected just keep hitting the back button and clicking on the link until you get to the right site—it may take several attempts, but eventually you’ll get there.

Download, install, and launch Trojan Remover. It will do a scan that takes only a minute or two, compared to other utilities that take hours.

It found the problems right away and gave me the option of resetting my drivers. Do that and then TR will automatically tell you it needs to restart your computer. Once it reboots, shut it down and reboot your computer, allowing Windows to start normally. You shouldn’t have any problems after that.

I didnt bother with the malware downloads but the Last method worked! After restarting pc, a box popped up saying the virus had been deleted! Thank you so much….

After MANY hours, the above suggestion worked like a charm (ie. download Trojan Remover in Safe Mode with Networking and run). THANK YOU THANK YOU THANK YOU

THANK YOU for this last post from Scholar,
I too had no TDDSS as I had a mutation of the original virus
THANK YOU all who helped me remove this virus after so long

I fought this redirection for 14 hours. Tried every suggestion and removal software I could find. Finally landed on this site and saw the Trojan Remover entries. Trojan Remover worked so quickly I found it hard to believe at first. Thank you…!!!

THANK YOU ALL! Particularly scholar – you are a gent, and a scholar! This took me days until I found this page. I had tried everything. Installed Norton – this thing stopped it working… two online scans (wouldn’t run), updates, patches, ZoneAlarm (couldn’t start), TrendMicro, SpywareDoctor…none worked. Then found here.

Malwarebytes did a pretty good job, as Robzy said, but didn’t seem to fully fix it. Then followed Scholars ’safe mode with networking’ approach and downloaded Trojan Remover (www.simplysup.com), followed the instructions and between TR and Norton, it’s fixed! Google and Norton working properly for the first time in 4 days! Fingers crossed!

Thanks All – I owe you a pint, and I’ll give the cretin that wrote this virus the empty glass…

Cheers!

Anti-malware did the trick for me. Thanks so much!!!!!!!!!!

You are an lifesaver <3

Trojan remover did the job for me….many thanks.

only problem i had was that even in safe mode this bloody virus wouldnt let me download the prog. luckily for me there is more than 1 computer in the house, so i downloaded on another laptop, stuck it on a memory card and transfered…worked a treat…

Rob

where does this virus come from, specifically?
can some or any of you pinpoint the moment of infection?
if they are via email attachment, then what kind of attachment?
what type of scrip is the virus done with? java? activeX? how did it do what it did?

thanks for the input. shoot me an email if you have details…
jameschaynes1 at hotmail

One thing. THANK YOU SO MUCH! I used trojan remover and now its gone!! yay!

Thanks!! Trojan Remover success with safe mode and networking!!!!

Here is the easy way to remove go google

Most common symptoms of go.google.com browser hijacker

• It corrupt Registry files and “Blue Screen of Death”
• It changes the desktop background
• IE and Firefox slows down after getting infected by go.google.com virus

• Also infects e-mail attachments, messenger and other freeware programs

Method to Remove Go.google.com virus
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update

Thanks, many, many thanks. I finally resolved this Trojan issue with Trojan Remover. After restarting induced by T-R,
there was one more TDSSmqlt.sys.vir backed up in system32/drivers, I have deleted it and the problems ended.
About year ago similar virus penetrated thru up to date Kaspersky antivirus program thus preventing updates and internet link to any anti-virus sites. When I’ve send an e-mail to Kaspersky team, they tell me to perform tracing, and provided link with explanation-which is of no use if you cant get to it. After my second e-mail, they respond in the same way. And that time I reinstalled OS. Also, this particular Trojan came when I was browsing sites which have .it as ending.

trojan remover does remove this virus, i am begining to think this thing was developed by them.

This completely sucks! I picked up this virus yesterday and have been working feverishly to get rid of it since. I’m no pro, but I’m no moron either, and I’ve done EVERYTHING this posting recommends, and I still have this thing. Running Vista on a new laptop; had Norton 360 running 24/7 and this virus dodged it somehow. I’ve been able to run MalwareBytes after renaming its EXE file (otherwise the virus prevented it from running) and got some files, which I removed, but it didn’t work. I’ve also run TrojanRemover, SpywareDoctor, and HijackThis, all without unusual results and no conclusion. I’ve looked in the non-PnP drivers (yes, I made sure that everything was visible!) and I have no trace of anything with the tag “TDSSS” in my system, anywhere. Nothing I’ve tried has worked, and I’m getting really annoyed. Anyone got any ideas?!?

I was a fool and forgot to start in safe mode with networking like scholar said. Instead i just downloaded Trojan Remover into normal mode. TR detected it and asked to reboot, but after rebooting virus “Trojan.Agent” appears again and again.

I’ve scanned and rebooted about 5 times now and it won’t go away. I’ve also tried going to safe mode with networking but windows will not let me!!!!

Help is much needed and appreciated!! SOS!!!

This was a particular nasty one.
i fell into the ‘mutated’ category where it doesn’t show up as TDSSS, mbam and spybot will show up on the task manager, but not run.

I downloaded Trojan Remover from a laptop,
restarted in safe mode + networking, installed and ran TR.
Shut downed, restarted, then ran spybot S&D.
After which I restarted again and ran MBAM for a final clean.

Now it seems to be working fine. Fingers crossed.

So my google gets redirected, i get random music or ads playing in my background, I get this virus called PC security, Trojan horse and some homesecurity 2010. Everything is so slow. I cant even go to most websites.
I took my computer to tech shop and his antivirus would not even run. The tech shop guy siggested he delete everything from my computer just to save it.

My computer is pretty new a lenovo t61 and I have my cpa exam cd installed which is very expensive and I dont have the source cd for the program i cant get that erazed.

Can someone please help! I need my computer for my work and school!

I got this trojan from watching movies online. I don’t have the money to take it to be repaired so my friend let me borrow her laptop so I could find this site. Thank you so much Scholar! The Trojan Remover found it in a few minutes and after two reboots I was able to access my computer out of safe mode and was able to run malwarebytes and mcafee. You have no idea how excited I am!!! TDSSS had renamed itself. I ran every online virus scanner I could and nothing found it. Trojan Remover found it so fast. Thanks again!

thanks for sharing some of the good information about cyberdefender.

Thank you Scholar. Trojan Remover does what it says on the tin.
First scan in Safe networking found the nasty drivers, the second found a few other bits and the third was clean. Vista, Avira, Defender and Spyware Doctor were then able to update and I now have a clean uptodate machine. Perfect. Thanks again.

Have the same problem as everyone here..except I have not been successful in getting any of the solutions to work !

I do not have the TDSS file anywhere….

Tried Safe Mode and then Downloading Trojan Remover. The program starts running, and then simply vanishes about 10 seconds after it starts…pretty much like the other 10 Anti Virus programs I’ve tried…

How can this Virus disable all of these programs ?

I’ve tried clean copies from another PC…tried renaming them… tried Avast which works before the PC boots into Windows…

My brain is fried…

i tried the manual removal but got stuck at the Non-plug and play drivers list.

there is no TDSSserv.sys on the list, so how can I disable it?

and yes, im sure that i have the same probably that is being described.

I tried all methods but the only one that worked for me was Scholar comment. Downloaded Trojen Remover from http://www.simplysup.com/. Thanks again Scholar

I’m glad that my solution was helpful to many of you.

A bit of further information~

Not all google redirect viruses are tdds viruses. The solution I outlined here did not work when I encountered the same problem on my laptop, since I had encountered a different mutation.

I’m working on some alternative solutions for such instances~ I actually repaired my laptop by going a completely different route. If you are fortunate enough to only get this once and you have the same virus I did initially, the Trojan Remover solution will likely work and be the simplest route to repairing your PC’s functionality. However, my suggestion is to uninstall Trojan Remover AS SOON AS IT CLEANS YOUR PC~ don’t wait for the trial period to expire.

Not to be a conspiracy theorist, but I left Trojan Remover on one of the PCs I work on just as a test, and that machine mysteriously had the google redirect virus again shortly after the free trial expired. I can’t say they invented it, but the company definitely wants your money! I still swear by it for a quick and very effective fix, but to be safe, follow my advice and get rid of it once it cleans your machine. It’s quite easily uninstalled and not worth the risk of it causing problems down the line. I’ve used it only once and uninstalled it on several other PCs and haven’t had any problems afterwards, so no need to be fearful of using it for a one-time clean.

I have the most updated version of Malwarebytes, and while it’s one of the best freeware programs online IMO, it doesn’t seem to catch this virus even when it’s able to run. If you download an anti-malware program and can’t install it, the best way to trick this virus (or any other that disables your system) is to simply change the .exe extension to .com. That generally allows you to install/launch the anti-viral/anti-malware program of your choice.

If you find the solutions I’ve outlined don’t work, please be as specific as possible about the problems you are experiencing. I’ll try to help you out as best I can.

Same issue as zedjay. Nothing seems to work. Can’t locate TDSS file. I tried starting in “safe mode w/networking” but I can’t open explorer even in safe mode (says “windows cannot access the specified device, path or file”). I then downloaded Trojan Remover and Malwarebytes to a flash drive via another computer and tried running them in safe mode on the infected computer. Both started to scan and then simply vanished.

Any other ideas? Anyone have any luck with a system restore?

Thanks!

Thanks everyone for all solutions. Dowloading the free program from http://www.freedrweb.com/cureit/ did it for me.

Thanks again.

I have a computer infected with the latest goggle redirect virus. There is no TDSS file to remove. I downloaded Trojan Remover to a non-infected computer and changed program names and ran it on the infected computer. The first time it found two potential problems and fixed them. I thought the virus would be gone, but it was still there. I can still run Trojan Remover, but it finds no problems. The virus disables all other anti virus software by either not allowing it to start, or allowing it to start and then hanging it up. I don’t know what else to try.

IT’S FIXED !!!!!!!

Thanks to Simply Super Software. Their tech support is really super. They make Trojan Remover. I was at a point where none of the malware removers would work. The virus would disable all the many removers I tried. I emailed Simply Super Software and they led me through a solution.

Here is the sequence of events:

I emailed them telling them my problem.

Here is their return email:
Please send us your Trojan Remover logfile so that we can see what is
loading on the infected machine.

Trojan Remover’s logfile is called TRLOG.TXT and is located in:

For 2000/XP:
“My Documents”\Simply Super Software\Trojan Remover Logfiles

For Vista and above:
“Documents”\Simply Super Software\Trojan Remover Logfiles

I sent them my logfile.

Here is their return email:
Your system is infected with a rootkit (Trojan.Crot), which prevents
many anti-malware programs from working correctly

Please look for the following files:
c:\windows\system32\logevent.dll
c:\windows\system32\ntelogon.dll
c:\windows\system32\sceclt.dll

I expect only one of them to be present. When you determine which file
is on your system let me know and I should be able to provide removal
instructions.

Here is my reply:
I located a c:\windows\system32\logevent.dll file. There was no c:\windows\system32\ntelogon.dll file. I also did not find a c:\windows\system32\sceclt.dll file; however, there was a c:\windows\system32\scecli.dll. I don’t know if that is an okay file.

Here is their reply:
Proceed as follows:
1. Open a Command Prompt (START | Run – type in CMD and press Enter).
2. At the prompt, type in the following exactly as it is shown:

SC CONFIG EVENTLOG START= DISABLED

and press the Enter key.
NOTE: there is no space before the = sign, but there is one after it.
If you have typed the command correctly, you should see the message
ChangeServiceConfig SUCCESS.
3. Close the Command Prompt screen and restart the PC.
4. FInd the following file:
C:\Windows\System32\EVENTLOG.DLL
Right-click on it and select the option to delete it.

The file should be automatically replaced (within 1 minute) by Windows
File Protection. Look for the file again and check that it is back
(you may see it re-appear at the bottom of the directory, unless you
close Windows Explorer and then re-open it).

If you were successful in deleting EVENTLOG.DLL, and the new file
returns, you can then delete the LOGEVENT.DLL file (this is a backup
of the original eventlog.dll file, created by the malware – if we
don’t need it, we won’t use it).

Problem Solved !!!!

ONE MORE THING

I received another email from http://www.Simplyup.com:
There’s one more step you need to take, to restore the now fixed eventlog.service.

Open a command prompt, and issue the following command:

SC CONFIG EVENTLOG START= AUTO

Sorry,

Their web site is http://www.Simplysup.com

Ronel:

Removing all the redirects (and there were many …) in the HOST file in C:\WINDOWS\system32\drivers\etc\hosts, while leaving the normal entry (localhost 127.0.0.1) in place, took care of everything.

I had almost given up hope, but thanks to your advice I was back on track in no time!

Thanks again,
Ewald

Thanks for sharing some great reviews about Cyber Defender, this is really a great announcement for all cyber users.

Hey thanks all for the good info. I could not get the redirect virus off my computer (TDSS). Malwarebytes would find it and always said it would be deleted on restart but it doesn’t ever work.

So I download trojan remover and it finds it, deletes it, and when it restarts, it works perfectly. It diagnosed the problem and told me the virus was going under a different file name to hide from virus programs. This is why I could never find a “TDSS” file anywhere in my device (unhidden) manager or windows explorer search. Download trojan remover and malwarebytes and you should be good to go! Thanks Again.

I had major problems with this virus, but i downloaded a trojan remover and it worked perfectly!!!

Thanks everyone for the help!

^_^

PLEASE HELP! Nothing is working for me, I’ve tried everything and I’m going crazy. I have been trying to fix this problem for more than 9 hours. I tried to fix the host file but it is a read only file does anyone know how I change it so I can save it with just the local host line.

HOW DO I START MY COMPUTER IN SAFE MODE WITH NETWORKING??

SORRY BUT I’M NOT GOOD ON COMPUTER AND I DON’T KNOW HOW
TO TAKE THIS FIRST STEP TOWARDS THE FIX SUGGESTED BECUZ
I TOO HAVE NO TDSS EVEN WHEN I’VE CLICKED TO SHOW HIDDENS

I think this thing is back in full force. I have downloaded and run nearly every virus scanner I can find. Updated all security on IE and XP. I have searched for TDSS. It has been 5 days with this virus which started as the some false Virus Scanner downloading on to my system, basically a variant of sysgaurd.exe, I had “bahwsysguard.ese”.

Thoughts?? Anyone???

Last option is to rebuild PC and wipe memmory clean..

J

How to remove the Google Hijack virus?

That is a question without a solution for me, after struggling for about a week to rid the Google Hijack virus from my laptop!

I stumbled on to this website this moring and was hoping that I could take advantage of the suggestions on here after reading several successful posts, but it was not to be for me.

1. Did not find “TDSSserv.sys” file.
2. Can’t start up computer on “safe mode” or “Safe mode with networking.”
3. Trojan Remover, downloaded from simplysup.com did not work for me.
4. Malwarbytes, McAfee, and Spybot Search and Destroy did not do the trick either.

This virus is one tough cookie!

I NEED HELP!

AAARRRGGGHHH – I have the same problem. It’s driving me crazy. Not sure what to do now. I have tried EVRYTHING. Hours spent on this issue now. I am going to have to rebuild the laptop.

John

none of the suggestions here have helped.

I have too attempted with spybot, avast!, several others and i think I have it fixed and when I open IE up and go to google and click on a result link, I am redirected to a different site or a another window pops up for an advertisement. I have followed several suggestions from several differnt sites and still same results. Does anyone have the answer for this thing?

I am having the same issue as Karri…I believe this must be a new version of the Redirect malware as the steps above have not helped. I have used AVG, Norton, SpyBot and all of the tools on Microsoft’s site. The disk is clean as far as they can tell, but the problem persists.

For God’s sake…help!

hey, i have a question, i went to device manager and i couldent find TDSSserv.sys and i tried malwarebytes and it didnt find anything, please help me

I have also been trying to get rid of this nasty problem. nothing is working for me
pls help

i cant do anything because i get a message saying application cannot be executed. the file rundl32.exe is infected. do you want to activate your antivirus software now?
then it redirects me to a site to buy this

I don’t have it in my device manager either. UGH!

Okay i use trojan remover, but then the virus comes back on reboot. So i need help, do i rename the files or delete them with trojan remover? What do i do after trojan remover? be specific plz. And i can’t find the TDSS file in my drivers from control panel! I have 2 hard drives. C: and D: and a back up J:. I hope this helps some people other than me.

ive got it also trojan remover found alot of things the others didnt thought it was gone but merry christmas

Trust me run combofix and it will work!!!

i really dont know why everyone is talking about “TDSSserv.sys”
i am having massive problems with redirection from go.google.com and it has nothing to do with TDSSserv.sys. i dont even HAVE TDSSserv.sys on my system, i’ve checked and double checked the hidden drivers and the registry, and every other place i could think of but it isnt on my system. and the advice to get pareto just seems like a scam because i finally got pareto installed and it did nothing except prompt me to spend more money on registering the product and do a lot of upgrades.

i’m still looking for a fix, but everyone is hung up on TDSSserv.sys. superantispyware doesnt help. malwarebyte doesnt help. i used iobit360 but it only removed spyware. ive tried just about everything else (including new firewalls and scanners to trace what’s going on) but nothing has helped me get a handle on it, google searches still get redirected unless you type it directly into the address window.

Atm, i too am attempting to remove this virus, but the reason why tdssserv.sys might not be showing is because what i’ve bene reading from other websites and what someone even mentioned here is that this type of virus switches its file name, and certain ones do it everytime you reboot. So if you do remove it make sure to use your other antiviral progs to make sure its gone and hopefully this will work for me after i use trojane remover O.o

Most current search engine (Google) redirections are currently caused by an infected atapi.sys file (TDL3 rootkit). You can try Hitman Pro 3.5 which is capable of finding and removing the infection in just a few minutes.
If Hitman Pro asks for a Product Key just click on the ‘Activate free license’ to get rid of the infection for free.

Thanks, Lance. Free at last, I’m free at last!!!!

Been obsessing over this bug for days. It slipped right by all
my spyware. Malwarebytes couldnt help, I didnt have that TDSS
thingy, and Pareto did nothing.

The Hitman Pro 3.5 was the only spyware to even see the infection! I think I all clear.

Thanks again, Lance.

I have been trying to get rid of go.google redirect for five days now and nothing has worked. I just tried Hitman Pro 3.5 and it’s finally gone. I feel like I have just waged battle and won. I too didn’t have TDSS in my drivers and malewarebytes and combofix would not run because the virus was blocking both of them.

Thank you Lance!!

Lance,
Thank you so much! I have been fighting with this thing for 2 days. The first time I used Hitman Pro it didn’t find it. I had to rename my regedt32 file and then run Hitman Pro.

I just want to thank Lance for the information about hitman pro!!! I was getting weary with my search engines after trying several different program, but one touch of hitman pro solved my issue!!! I may have to invest in hitman pro!!! Thanks a million!!!

Lance…..THANK YOU!!

After a week of going crazy Hitman pro has fixed it!!
I to had no TDSS,Malware wasnt finding anything wrong nothing was.

Again Thanx!!!

Hi, Hitman Pro 3.5 removes this virus in just a few minutes. Does a cloud scan so the virus cannot block it. I had a couple of problems which it identified as Unsafe DNS Server Address, and atapi.sys rootkit, and which it resolved. After reboot everything was fine. As a temporary work-around if this doesn’t work you can use dogpile for searches as even though this uses Google, Yahooo, Bing for searches it doesn’t trigger the redirect.
Hope this helps

(got rid of the redirecting!!!! ) (here’s the solution)
hai guys -
i HAD the EXACT problem and it was driving me mad! seriously i was ready to kill somebody. and the redirecting was only happening to my work/website and the site to log into for me to update it – how f*cking convenient….
this is how i got that crap off my laptop (vista 32 bit w/firefox)

1.get the latest version of malwarebytes – perform a quick scan in regular operating settings

2. re-run malwarebytes in SAFEMODE – it will find the redirecting bastard trojans

3. download and install HITMAN PRO 3.5

4. turn off any anti virus programs and make sure youre not online

5. run HITMAN PRO 3.5

within 5 minutes it discovered another error on my system (a file called magic “something”) it said there was something funny about the license authenticity –

i deleted that issue – rebooted made sure norton 360 was back on. got back online, went straight for my website – loaded without a hitch!!!! now my computer is back to normal!!!

no more of that redirecting crap! and now im clear to view and update my website.

i stand by this procedure – i was ready to throw my computer against the wall if i saw another blank page trying to redirect me to nowhere.

im not a computer guy by any stretch – i just needed this thing fixed and as i said – i stand by this procedure 100% – it worked for me (friday march 15, 2010 1:19am)

i hope it works for you!

let me know

johnny alonso