Trouble:
We were reading some of blogs where we get know about the one of the most spreading malware these days via Internet called the
go.google.com redirects virus which redirects the user browser while browsing to some fake sites containing adsense ads.
Go.google.com mainly redirects the google search results to corrupt adsense web sites and also stops user from downloading files from the Internet. When user clicks on download links go.google.com displays the following fake errors
- Internet explorer cannot open web page
- filename.exe is not a valid win 32 application
- Setup files are corrupted. Please obtain new copy of program
Go.google.com is browser hijacker tool which infects firefox and Internet explorer and redirects the user to the following sites
- clearask.com
- web-analytics.google.com
- brittaniasearch.com
- go.google.com
Let’s see the symptoms of this virus and how can we remove go.google.com on Windows Vista and Windows XP.
Fix:
Go.google.com also disables the running firewalls and anti-virus softwares, records and send the urls visited to the hacker.
Most common symptoms of go.google.com browser hijacker
- It corrupt Registry files and “Blue Screen of Death”
- It changes the desktop background
- IE and Firefox slows down after getting infected by go.google.com virus
- Also infects e-mail attachments, messenger and other freeware programs
There are two tools available on the Internet which can remove go.google.com virus from Windows XP and Windows Vista
Note: Both of these tools are Shareware programs classified as spyware and antivirus tools which lets you remove the virus completely free of cost, so you can use them in their trail version time period.
[Download go.google.com virus removal tool for windows XP | Download go.google.com tool for Windows Vista]For Those who are not able to remove go.google.com virus by above mentioned tools can try Malwarebytes’ Anti-Malware (MBA-M)
We have received a comment on this post which will again help you remove go.google.com redirect virus given below
Last Method to Remove Go.google.com virus
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world
In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.
Thanks Bomp for this useful comment
See also our articles on Virus Removal
If still none of the above methods worked to remove the virus on your computer then you can try Trojan Remover which can finally delete this virus on your computer ( as suggested by some of the readers )
Updated on 12 Jan 2010:
Another Method To Fix Go.google.com redirect problem:
There is Malware Removal tool called Combofix which can fix this go.google.com virus if the above methods are not working for you. Beware that its a DOS based tool and do not interrupt the tool while it is running as it may cause problems with registry entries. Be sure that you are not running any softwares while running scan using Combofix.
[Download Combofix Malware Removal Tool]
Comments
MALWAREbytes anti-malware solved it 4 me
MALWAREbytes anti-malware solved it for me too, until I rebooted again…. then the shit came right back. Ugh. This is coupled with VUNDO which is *THE* worst malware EVER. I cannot get rid of this and think I’m going to have to resort to just formatting. I hope this program works.
I can’t Launch any anti virus softwares, I think the virus blocked it. Malwarebytes’ Anti-Malware and XoftSpySE doesn’t launch. please help
I can’t launch Malwarebytes either like Palmera said.
Any help? It says it’s running in Task Manager -> Processes, but it won’t show on screen.
Thanks.
XP Removal tool gets stuck during installation. Well, no help here.. 🙁
Google Spyware Doctor found some issues but not all.
Installation finely completed but the tool won’t run.
Malwarebytes’ Anti-Malware is recommended but it won’t start either. This virus is very smart. It blocks certain URLs, redirect Google results, and prevents certain programs from running.
@Peter, @Rob, @Palmera,
Hi, guys – The post has been updated with a link to another tool to remove the go.google.com virus
I have both on my computer and cant run either….help 🙁
Hey all, I have this same virus, stupid thing is sooooo tricky!!!! Won’t let me run the programs you listed, Malwarebytes program won’t install and the go.google removal program (XoftSpySE) will install but won’t run, I’ve tried everything!!!! Pleasssssseeeee help, this is getting to be sooo frusterating.
Also certain websites won’t even load, like trendmicro’s housecall, and bleepingcomputer.com (tried on my GFs computer and it works fine, not on mine though).
Also my programs won’t update, antivirus won’t, spyware won’t, its like this thing is one step ahead of me!!!
Please help!!!!!
Exactly the same as me so any help would be grately appreciated.
I have tried to copy to CD Malware bytes from my desktop to run on the laptop but it fails and wont copy so i cant even do that now!!
Im at the end of my tether 🙁
Has anyone come up with a solution? I can’t get MBA-M or Xoft to run…
I’ve searched the web up and down for the past 2 days with no avail. Tried everything imaginable just can’t figure it out.
Curse this wretched virus! Someone knew what they were doing when they made this sucker!
jclayart:
No joke!! Whatever you do, don’t download Cyber Defender. It ran a scan, but in order to go any further I would have to have subscribed ($20 or so), but it messed up my toolbars and search bars…It got ugly, but uninstalling it from my control panel fixed it. Have you tried the STOPZilla?
I’m in the same boat guys. I’ve tried running the following programs in safe mode and regular mode:
AVG – can’t update definitions, blocked by this virus
McAfee – same, can’t update DAT files
Ad-aware – nothing found
Spybot Search + Destroy – can’t update, download includes via other PC, applied them manually, no threats found
Hitman Pro 3 – found and fixed 1 threat, but did not solve problem
Hijack This! – exe won’t run
Super Anti Spyware – exe crashes when run
I’ve spent hours on this – freakin spammers and hackers deserve to burn in the fires of hell.
Anyone else have luck purging this thing??
Eric
Same problem happening to me. Can’t search bleepingcomputer or techguy forums as go.google redirects. Can’t access support.microsoft.com either.
I’ve run SmitFraudFix & Combofix both in Safe Mode and rebooted with no luck. Seems like it went away but a day later here I am again and Malwarebytes won’t run for me either.
Best of luck to everyone
Chuck
I spent a good 10 hours on this over the course of a week. Trojan Remover finally worked. It found a backdoor file with TDSS in the name. It stopped the file upon restart and it solved the problem. That is one tough virus.
After manually updating and running SpyBot S&D, it found it (i think..) It referred to “Microsoft.Windows.RedirectedHosts” which sounds exactly like what we’re after. It found 2 entries then my screen suddenly went black. Are the files smart? Did they know they were found and triggered this? I don’t know, but i force shut down in case something bad was happening. Now trying SpyBot in safe mode. still scanning…
It found them again, 4 entries this time. Screen went black again even though I’m in safe mode. Grr. I’m gonna just wait and see what happens. This sucks.
Oh man, I’m such an idiot, hahaha. I’m so paranoid about this bug that I freaked out over the SCREEN SAVER starting, haha.. Yeah, the files don’t turn the screen black, i’m just a retard.
To get the programs to run, just rename the exe file…the virus is preventing them to run. Just rename Malwarebytes and it will run.
Browser redirects to go.google/go.yahoo/go.msn
Symptoms: Slow internet search, text fonts in Google are bigger than normal, redirected to go.google/go.yahoo/go.msn and then on to advertisements after clicking on links on Google page, unable to download any anti-spyware downloads, unable to download Microsoft’s malware program (says page is unavailable), unable to go to many trouble-shooting help forums and download pages (says pages are unavailable or that there is no internet connection), Malwarebytes and other malware programs will not run (they freeze up during the install)
After fighting with this for 2 days, I finally found the following solution posted (worked on 11/16/08):
Go to http://www.freedrweb.com/cureit/ for free (you will have to do this on another computer, because the malware will not let you do it on the infected computer), download the program on a jump drive, and then run on the infected computer.
It worked for me, my computer is back to normal (after cureit deleted a tdssxxom file in Windows/System32/drivers)!!!
To whomever posted the solution originally, thank you!!!!
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world
In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.
awesome from BOMP!
i think i will get it corrected now
mike
Keith’s right. I just renamed the .exe file, and it was no longer blocked.
By far the easiest and simplest option.
Thank you Bomb…you saved me there. I did everything except your instructions and after everything just clicked. Awesome…..
Bomp – Thanks so much
Dear Mr. Bomp:
You are awesome!!!! Thank you! Thank you! Thank you! Many hours and attempts with many virus or rootkit fixes did nothing. But you, you did it, man. Did I say thanks? Thanks!!!!
WOW, THANK YOU!! Keith’s suggestion did the trick for me in renaming the Malwarebytes setup file so that it would actually install. I couldn’t install any anti-virus program because this thing recognized all of them until I tried the rename. I did manage to get rid of the Antivirus2008 malware popup with the free program Avira Antivirus which for some reason loaded while being infected. Malwarebytes did the rest and everything seems back to normal.
You are a God !!!
I spent some 2 hours to try to clean the computer of a friend. Malwarebytes that i use to remove spywares on all computers can’t open. Same thing for other popular anti spywares.
I tried the last solution (disable TDSSserv.sys) and it worked. I was able to update again Malwarebytes and run it. It found the virus and removed them.
Many many thanks
Thanks bro, you just made my day – this worked perfectly. After losing a hard drive on my laptop and getting my gf’s laptop infected with this virus in the last 3 days, I was about to lose my mind and spend $300 to take the machine to Geek Squad. The system had to recover from a serious error and it scared the crap out of me. I even had to dig out my 5 year old Compaq PC just to get internet access.
Thank you, thank you, thank you, thank you.
Everyone should kiss this mofo’s feet.
Bomp i realy want to thank you for your post, also I want to thank Rohit for making this thread, without you guys I still would have had this virus on my laptop.
Thank so much =D
I made a post, just to thank you. 😀
What a pain!!! After seeing that someone else had success with Trojan Remover, I gave it a try and VOILA it was gone. Thank you so much for the help!
Thankyou Bomp.
Thanks for the comments, I’m glad that I could help others to solve it, as I know what a pain it was. It took me 2 days to figure it out, as I was monitoring my HOSTS file mostly, and I thought there was a Trojan editing my HOSTS file on the fly, or some kind of Stay Resident In Ram application being linked to and bypassing the HOSTS file altogether. Got there in the end though.
Cheers.
Bomp.
Bomp, you saved my arse. Much appreciated.
after dealing with several malware infections before, this one is proving to be quite a problem. Typically MBAM run through SafeMode catches everything, but this particular one seems to be more troublesome. I can remove everything MBAM finds, which is usually just 2 registry entries of the form tdss* but then when i reboot it comes back.I already figured out to just rename the mbam.exe file to get it to run, but that didn’t seem to solve everything…
found the device manager -> hidden devices suggestion , and that allowed me to skip the rename step. but when i reboot and scan again then try to go back into normal windows mode, it comes back. at what point can i delete the tdssserv.sys hidden device?
do i actually need to run a combofix or sdfix. i have no other spyware/malware infections other than this go.google redirect thing…which i may be incorrectly assuming is linked to the tdss trojan?
in summary, i can make everything work fine in safe mode, but somehow it gets reinstalled when i get back to normal windows mode…
thanks.
Thanks Bomp you’re a legend. Saved me hours of headache and head scratching. Much appreciated.
Thank you very much, been struggling all day..
It wouldnt open this page either, but over “google translate” or “Cached” link i was able to open it.
Saved me! Nice one Bomp and this is the only page that helped me.
Thanks a million Bomp!
I got rid of it, now struggling with karna.dat…:(
a wanna thank you for this information – yes ave been stuck with this issue as well for a couple days – my mind has been twisted over this
MANY THANX AGAIN
THANK-YOU soooo much was the device manager solution…disabled the hidden plug and play device TDSSserv.sys and rebooted. you saved me from a reinstall this worm frustrated me for atleast 8hours. damn clever what they did…. after the reboot guess what Mcafee jumps on it and deletes the files when they try to run again, why didnt it catch it in the first place “it musta been sleeping” lol
thanks again for the help!!!
B O M P – – T H A N K Y O U ! ! ! !
Thank you a million times over, sir. I nearly lost my mind with this violation of my laptop! I followed your instructions to disable the TDSSserve.sys in Device Manager, renamed the Malwarebytes exe and ran the program.
I would like to follow up on Heath’s request –
“at what point can i delete the tdssserv.sys hidden device?”
oh, yeah….
and how?
Again, THANK YOU BOMP!!!
I used comboFix.exe to get rid of TDSSserve.sys, before I even updated my AVG Anti-Virus so I don’t know if AVG will catch it. ComboFix.exe also found av.dat.
But after I updated AVG, it found:
TDSSrigp.dll – c:\windows\system32\
TDSScfum.dll – c:\windows\system32\
TDSSnrsr.dll – c:\windows\system32\
TDSSofxh.dll – c:\windows\system32\
TDSSpaxt.sys – c:\windows\system32\Drivers\
After clearing those files out, I used CCleaner to get rid of all IE7 & Firefox temp files, then RegCure to clean up the registry.
You may be able to just delete TDSSserve.sys, once it has been disabled.
Another program I use is “Process Viewer” which I find handy for killing hidden processes, so if any of the above dll’s are active then prcview.exe can kill them.
Get Process Viewer here http://www.teamcti.com/pview/prcview.htm
Dude, you rock. A million thanks. For two days I’ve been fighting this stupid thing on a friend’s computer. With all the worthless slime out there thinking up ways to screw up people’s computers, thank God there’s people like you figuring out ways to fix ’em.
Thanks again.
Oh yeah, you’re a lot smarter than I am. 🙂
Thank you so much Bomp!! I’m sure that you get tired of hearing this, but you are an absolute genius!! Rock On
I disabled the TDSServ.sys and it worked like a charm! I was able to update my AVG where before I couldn’t even load the site.
A million thanks!
Had the same problem after letting a friend “check his email” on my computer. I’m guessing the got this from opening an attachment in gmail and/or clicking on/going to an adult website. Said friend is now banished from “checking his email” on my computer. I’m not even sure I’m going to let him back into my apartment.
Ran Dr. Web’s Cure It as referenced above, found a file named “BackDoor.Tdss.29” in C:\windows\system32\drivers, deleted it, problem solved.
This was also flat-out killing Google’s “chrome” browser’s ability to connect to any websites.
Thanks all for the helpful hints.
Thanks! Bomp’s trick worked. I updated and was able to download another malware checker, and took care of the problem. Just as you said. TDSS is the problem file. It gets into registery and replicates and … well it’s nasty. Thank you for helping me get rid of it, and it was easy too!
Bomp – As many before have stated – thanks!
I deal with this crap at work all the time and I was stumped beyond belief as to why it wouldn’t allow Smitfraud.exe and the rest to run.
Disabling that hidden device worked and I am now kickin it.
Thanks a million and I am filing this fix away for future needs.
Now all we need is for someone to track these a$$holes down who make this crap.
Did you ever know that you’re my hero????
Thank you so much!!!!!
~k
You are a legend Bomp.
Thanks for your time.
After disabling the file in device manager, i was able to find the file in the folder listed below and remove it.
this seems to take the file out of the computer completely out of device manager instead of leaving it there disabled.
c:windows/system32/drivers/TDSSpqlt
Props to the guy that made this thing, one of the best hidden virus’s yet. and thanks to the person that found it and told us here 🙂
Good luck all.
-CollegeGeeks
BOMP, you da man!!!
your thing worked like a charm for me.
Many Thanks!
My hat’s off to everyone on this forum. Thanks for sharing solutions, this list helped me rid myself of this bug in only a few hours. Thanks again.
Thank you all you guys for help – especial to “Bomp rules” who provided the solution for me, at least. Many, many thanks
Hey guys, I got this virus however there is no TDSS or hidden devices starting with T that I can disable. Maybe the virus has changed now?
Thanks a million for the tips given. Did as advised and got rid of this nasty virus. Happy to note that there are still good souls in this world.
I am just amazed at the devious mind of the person who wrote the code . .
I am also not finding any TDSS files.. Please Help.. google redirects to pages full of ads, can’t update my windows, ect..
This thread worked for me. Thanks to BOMP and the rest. I disabled the “hidden device”, rebooted, ran malwarebytes (updating its detection first) which detected a BUNCH of infected files, rebooted, and am now running a full scan.
How come we never hear about the bad guys getting caught?!
Thanks for all your help.
David
Hey Dave, I had the same problem as you, I could not find the TDSS file, but I was able to download the MALWAREbytes anti-malware and it found like 11 trojans on my computer after I did a full scan and it removed them all. The full scan took about 3 hours for me because I have alot of files on my computer, but it was so worth it and my google works now. Hope that helped ya out there buddy 🙂
Thanks BOMP and to my Wii`s Internet browser for letting me find this, since my PC wouldn`t.
dave, i also couldn’t find the TDSS device at first. but i restarted my computer (because of windows updates) and got a blue screen of death, so i rebooted into safe mode, and there it was. i’m running XoftSpySE right now, and it seems to be finding the trojan.
Thank you for the help!
I went straight to the device manager and Disabled the device you list above. After a restart, the computer works fine, I am currently scanning with Anti-Malware. Thanks again!
Please do not forget to check the HOST file in C:\WINDOWS\system32\drivers\etc\hosts
The virus adds all the redirects in that file, simply remove them all and add the normal entry:
localhost 127.0.0.1
For me, after cleaning everything the stuff was still there until a collegue asked to check the hosts file and BINGO!!
Thanks Bomp! Just got infected and your solution worked perfectly. ALL HAIL BOMP!
Bomp, you rock.
Having I’ve run malwarebyte, I see that the tdss server is still present in the system window, although it is now marked with a yellow “!”.
Should I uninstall it?
If you’re having trouble running Malwarebytes, browse to the install directory (C:\Program Files\Malwarebytes’ Anti-Malware) and rename the mbam.exe file to something like mbam1.exe or mbam_.exe, this will allow it to run. It still won’t update. Be sure to change the filename back to mbam.exe before rebooting to fix any problems or the program will not be able to find itself again on startup.
wondering if u have to pay for any of the virus protectors/removers or is there a simple way that i could use?
“…Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers…..” Worked for me; After rebooting AVG came right up with an update and worked great;
Thanks
Hey guys you have to read through everything in order for your programs to run to remove this malware you will need to disable that rootkit in the Device Manager!
You the man Bomp!!!
Thanks a Million… It did worked for me. I was strugged with this for two days…
Keep up your good work.
Thanks.
Thanks for the help, Bomp!
Thank you – tried absolute everything and nothing worked. Your solution (disable TD….) fixed it in 5 seconds!!
Thank you soooooooooooooooooooo much for this solution. My internet is working great now. I had the most difficult time fixing this, and now, all gone. Again, thank you.
Thanks for this website. I have spent days agonising about ow to fix the problem. I couldn’t download patches from Microsoft, couldn’t download the Google Chrome couldn’t download the malware program.
Must disable that TDSSserv.sys thing.
Thanks to this website, thread, and especially BOMP for posting this solution online. I’ve spent the past week trying everything to fix this issue.
If only people like Bomp could find a way to reverse track all the people who write the malicious codes, viruses, and spyware and give them a taste of their own medicine.
I don’t know how I got this ‘redirect’ code in my computer, but it seemed to happen right after I downloaded AVAST from CNET. I’m not saying that it was the reason, but it suspiciously happened around the same time.
Again, THANK YOU BOMP!
stupid question…but where is the disable option???? I right click on TDSSserv.sys and it says uninstall, scan for hardware changes, and properties? Where’s disable?
Hey this sounds like the same problem but there is no TDSSserv.sys option in the device manager. The actual problem is that whenever i open firefox (my homepage is the default google homepage) it comes up as corrupted text with links to a microsoft site which doesnt look very legitimate. This happens in IE as well and it seems like only certain sites are ‘infected’, so far i have found google,yahoo,youtube,facebook which come up with the same problem. Other sites work but it is always the same thing with those specific ones. Does anyone have any idea what this could be or any solution? thanks, Tom
i am having the this problem with google and yahoo search, but there is no TDSSserv.sys there. Is there another way?
Bomp you rock, this one kicked my tail all day (felt sorry for those that have fought it longer). Disabled the tdss and loaded Malwarebytes – found them all…all is well now.
Thank you so much for your insight!
Hi All,
And thanks for the soultion , will try this one later and let you know if it worked , but it looks promising!
So i need to understand something here….
The file in question is TDSSserv.sys , correct?
Has anyone actually looked at this file , does it yield anything in there , or does anyone have an idea what languages this virus is written in?
Maybe examining the file , in some sort of dev studio , or notepad (yeah right!!) might give us some clues…..
Any ideas anyone?
Matt
Thanks.
Do I need to do anything with that file (TDSS) now that I have removed the virus?
Hey Bomp – how did you figure out that it was TDDS? I was pulling my hair out, thinking it was the hosts file. Had I not found your post, I would still be going nuts. How did you diagnose the problem?
Finally I came across a solution! THANKS SO MUCH. Disabling the TDSSserve.sys fixed it. I would never in a million years thought of checking there. Man those hackers!!!!!! I can’t believe they thought of redirecting the virus update like that.
I had tried increasing security and privacy and blocking all cookies, and removing all the crap I found in the IE Temp folder but it just kept coming back and then messed up my desktop.
UNLIKE ALL OF U OUT THERE, I discovered that I could read all the searched websites by clicking on the CACHED pages. Those didn’t ever get redirected.
I CANT BELIEVE GOOGLE is sitting back on this one!
I had this virus in my computer and it was driving me crazy trying to remove it. Your information helped me so much. Thank you very much for sharing this information.
thanks Bomp
was struggling with my computer going to go.google.com did the procedure as you stated update malwarebytes and fixed the problem
thanks again
Thanks for your help. Your lesson are good, you should apply for a job at a Anti-Virus/Malware/Spyware company. I would recommend you.lol
I could kiss you!
Thanks to Bomp! I was able to get a work-around so I could download malwarebytes, but then I couldn’t install it nor could I run spybot to just reset to a previous reg save; once I disabled TDSSserv.sys it was no longer a problem. So long go.google.com redirect! 🙂
Bomp… You’re a God…. hehe…. My boyfriend has been sat at his laptop for hours trying to fix this…. he’s trawled the net… well that was before the net went awol on him…. he’s tried every suggestion going… to no avail…. Then I stumbled onto this site by sheer luck… and thanks to you I was able to suggest ‘your cure’…. Its not often I get to out geek by boyfriend so I’m totally basking in the glory…. Yay!… Go me… and *erm* you of course… The milkybars are on me!!!
I can’t thank you enough for posting this fix, I’ve tried for days to fix this and this was the ONLY thing that finally worked. As soon as I followed the disable portion:
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this….!
Thanks once again for your help, you are now in my favorites!!!
Thanks for this forum! I was getting frustrated with this virus. I used Spybot and that didn’t locate it, I have Norton Securities and anti Virus and that didn’t locate it. I didn’t have the TDSSserv.sys. in the Non plug and play. I tried other software Malwareremoval.Bot (I thought it was Malawarebytes Anti-malware but it was something different that found a few virus’s that Spybot didn’t find. Finally I came across this post and saw Bomps message and then downloaded the correct malawarbytes AND IT WORKED LIKE A CHARM!! My system is back to normal now! I was on this computer for several hours trying to figure this virus out!
Thanks again!
Hey, I’ve been trying to figure out where this virus came from or what the hell we can do to get out a fix for it… I only use firefox and have no clue how I got it. Also, the most recent version for me gave me the blue screen of death at one point, refused to let my computer boot (froze it), and wouldn’t let me run combofix or HJT off the desktop. Anyone have a clue how this gets downloaded onto your system? I don’t think I’ve had any recent downloads except from safe (trusted) sites…
Oh, as a sidebar, I got the virus this last weekend somehow (like the 10th/11th, not sure) and recently fixed it using the “disable TDSS” method from the device tab, then running combofix, HJT, and spybot S&D
FINALLY!!!! go.google.com / jump virus GONE!!!
Thanks to all on this thread; I tried a number of things…
Found that I could NOT disable “TDSSserv.sys” as that option just was not there…
Tried ParetoLogic – 4hrs to scan and then says I had to spend 40 bucks to clean up – waste ‘o time!!
…then….
I downloaded (off another PC, and placed on a net-drive accessable by the duff one)…
It installed OK, but would not run…so RENAMED it “CF.exe” and ran that like a charm…all gone…took 30mins in total…
Here’s a detailed link of how it all works…
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Happy fixing fellow N3rds!!
THANK YOU!!!!!!!!!!!!!!
hey bomp
ur post helped me to diable and temporarily stop tdssserv.sys i have installed malwarebytes and hijackthis softwares and done the scan but i m not able to kill tdssserv.sys forever it still remains in the same place with an exclamation mark in yellow circle ,what does this mean , i m not able to figure out wat to do now ??
Bomp – you saved me. I wrestled with this for hours and thne I found this post. I followed the disable tdsserv.sys instructions and then ran malware and bye bye virus. I have the same question, however, as many others on this thread: when is it safe to enable TDSSserv.sys again?
many thanks.
There is no TDSSserv file in the device manager- even when i click “show hidden files” any suggestion?
Thankyou I am working on a machine that had this issue plus antivirus2009 and antispyware2008. Nothing I installed would work becuse it stops any kind of update. This has been one of the worse infections I have seen, as it seems this hijack also redirects the machine to further attacks.I was almost at my wits end. As they say you learn something everyday.
Thankyou again.
Excellent article. Solved my problem.
What sort of sick people write this stuff.
Thanks!
For those wanting to know what to do with TDSSserv.sys once it has been disabled, I can only suggest that you delete it, (Don’t re-enable it) it’s a trojan.
Go to > start > Search, and type TDSS, and press the
“Search Now” button, to find all the files with the TDSS name. Windows will then give you a list of where the files reside, so it’s just a simple matter of going to the address of those files with Windows Explorer and deleting them. (Empty it out of your recycle bin too) Be aware that the TDSSserv.sys trojan agent now has a multitude of names, so it could be anything TDSS****.***
For those that have the greyed out “Disable” selection on Device Manager, I can only suggest that you enable the viewing of hidden files and such.
Go to > Start > My Computer > Tools > Folder Options.
Select the “View” tab, then:
Click on the “Show hidden files and folders” button.
Uncheck the “Hide extensions for known file types” box.
Uncheck the “Hide protected operating system files (Recommended)” box, and select
“Yes” at the warning prompt, then “Apply” then “OK”
You might also need to click the icons
“Show/Hide Console Tree” and “Show/Hide Action Pane”
twice on each one just to get windows to refresh things, then select;
Action > Scan for hardware changes, or select the icon of the PC with the magnifying glass.
For those with Vista, I can’t help at all, I installed Vista and put up with it for a few months, hated it, then put XP back on my PC, sorry. But if anyone with Vista has disabled the TDDS trojan, update this thread for other people too. Hope that helps.
Bomp.
Oh yea, good man Rohit, for starting this thread.
THANK YOU! I am so appreciative of your posts, Bomp. I gave my daughter a laptop for Christmas and this is the second security issue she has had since then. I don’t mind being her teck support, but geez… the hackers are waaayyy smarter than I am.
Want a discount on a t-shirt quilt as a thank you, Bomp? It’s yours for the asking as a thank you!
Finally!!!!
You would not beleive how long it took to find someplace that knew how to fix this problem. I found so many web sites that said to run this program or that program. I am sure the programs work good to fix the virus, but I could never run the prograj. I feel silly not thinking of changing the name of the program. Koodos to Bomp who explained how this virus works. You guys are AWESOME!!!!
BOMP!! I love you!! Thank you!!!!!!
windows update redirects to google
avg wont update
cant find tdss
what to do?
hi,
i followed the advice given at the end of the fix, the manula advice, but when i finally got to the unplug section i was unable to find the tdssserv.sys file. it does not seem to exist on my computer.
any advice ?
tegards,
/M
Bomp … great tip … worked fine … you’re a good man.
On behalf of UK users I am pleased to confirm you are now Sir Bomp..
d
DOOD ** RENAME THE MBAM SETUP **
PROBLEM SLOVED !!
I can’t thank Rohit and Bomp enough for their help with this! I had the same “redirect problems” and could not find a solution. After an hour on the phone with DELL tech support (and being asked “do you really use a search engine that often?”) I was told to call Dell software support and pay for help. Luckily I was able to find this solution via a search engine on a San Francisco newspaper web site and the last method was the solution. THANK YOU!
Thank you very much for this post. After nearly 30 straight hours of frustration trying everything I could find, and weeding through dozens of “try downloading this…” suggestions (hello, I can’t download!!), I thought my head would explode. This allowed me to update all my new AV sofware and run to finish cleaning up. (BTW, dumped Kaspersky and got my money back since it won’t play nice with Spybot S&D – I’m convinced I wouldn’t have been in this mess if I’d been able to run Spybot the last three weeks.) THANKS AGAIN!!
aye thanks keith like renaming the prog exe worked like cheers!
Thanks to ROHIT for first publishing the solution and thanks to BOMP for Ctrl-C – Shift – Ins the solution from ROHIT in your post….
Give credit where its do…
-S
I have had a similar problem, IE redirects to google when trying to go to windows update, none of my spy or malware programs will update, they will run but not update. Nothing found with MBAM or superantispyware. Mcafee AOL version will not update, on the advice of AOL I uninstalled Mcafee and tried to reinstall to no avail either it locks up and says to try and reinstall if using AOL browser or webpage not found using IE.
No TDSSserv.sys found anywhere
Here is my fix for this.
Download and run Combofix.exe
Now you can update MBAB and run it
Download MCPR.exe the Mcafee consumer products removal tool
run this to remove all traces of Mcafee products.
Now everything works fine all updates can be done Mcafee reinstalled and no more google redirects.
I have no idea why this worked for me but it did!!!!
Eureka! It worked. No more redirect! I love it. Sign me up.
you guys that can’t find TDSS while trying manual removal, make sure you show hidden devices.
Rohit gives credit for the comment, it’s in bold text, below the fix. And I’d use Ctrl+v to paste, it’s quicker as it’s the next key over from c.
Many thanks! I had no luck with this for weeks until finding this page. I did so by Googling “go.google.com”. I scoured my machine but never thought to check in “non-plug and play drivers”.
HELP ME !!!!
I fount this: TDSSserv.sys manualy and I set it on deactivate… I was able to run Malwarebytes and the virus was gone.. I only had a small virus in google with an IP adres
Now The Virus is BACK !!! with 2 spyware scanners instead of 1.. ANTI SPYWARE 2009 and a fake Windows virus scanner..
I can not run or install anything… Google does not work.. Internet falls out after 5 minutes… System Recovery doesnt work anymore.
And I am not experienced enough to use a Hijach or Combofix.
When the Virus came back it still was deactivated so I deleted it in the hope it would come back and I hoped to do the same trick.. No way.. It still is gone.. and I have no idea what to do..
Please help …
I did exactly what Bomp said, and there is no file in the list called “TDSS”.
I’m not sure what to do 🙁
I’m guessing over time, the virus mutated and got more difficult to get rid of?
Can someone please help me?
malwarebytes anti-malware solves the problem for sure but the scan takes a long-long time so u have to be patient
cannot find tdss in non plug and play I did click show hidden devices tried search for tdss nothing comes up
I Know its there somewhere but cant find it? maybe under different name now? Any ideas
I ran malwarebytes anti-malware and it took care of it!
THANKS
I tried it and I can’t find the TDSS thing and malbytes won’t update :<
Ditto. Not under that name anymore. Any new suggestions?
Same here — no TDSS file found (show hidden files WAS checked) and I can’t get ComboFix to run no matter what I do. I’ve tried 5 different anti-spyware programs and they find nothing. Does anyone have a solution?? This virus has obviously evolved something wicked …
I don’t know if I have the same virus or not. I get redirected to various advertising sites when I click on a Google search result. The name in the seach result seems right, but upon clicking I get sent somewhere else. Malware anti-malware finds the system is clean, as does Spybot S&D, Spyware Doctor and Registry Mechanic. Any thoughts on how to remove this???
I have also tried CCCleaner as someone else had suggested in the past. Still no luck with that.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
No such driver as ” TDSSserv.sys ” !!! Any other way to fix this ??? Thanks … Anil A. Desai
Same issue. I clicked to view hidden devices, checked everything and it isn’t there. I also tried renaming the setup files for MBAM and Spybot and niether of them will actually run. I get the prompt asking if I want to run, but it just stops after that…
Also, after a full search, no files were found with TDSS in the name.
It must have evolved, because everything else is exactly as it has been described. Any ideas anyone?
Same issue . I too could not find TDSS anywhere .There was netsik and port135sik in DeviceManager->Hidden Devices.
Diabled them. Restarted the laptop. Ran the MalwareBytes but no help . Still my firfox and IE are getting redirected .
I have run almost e’thing available on web like registry cleaner.Uninstalled the firefox and tried but no help.
I am stuck from two days. Please help ….
Hi,
I also cant find the TDSS, anyone help
Hi,
Ran the MalwareBytes and it worked:)
Thanks everyone.
Frank
Hi all of u guys who can’t find the TDSS file even though u are clearly clicking show hidden devices.
Follow this step by step and your computer will be back to normal.
1. Download malwarebyte (latest version with all the updates) on a good computer.
2. Put it on a flash drive
3. Transfer it to the infected computer
4. Rename the file to setup.exe
5. Run the setup.exe file
6. Rename the directory it’s installing to as Malware and rename the folder as Malware too in the installation setup screen
7. When it gets to the final step of the installation it will seem like it froze….it hasn’t but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.
8. Go into the Malware folder in through Program Files
9. Rename the mamb.exe or what not file to mab.exe and run it.
10. Do a full computer scan
11. It should bring up 10-20 viruses most of which are the source of this problem the TDSS trojan virus.
12. Check all and remove/fix/delete them.
13. Restart your computer and you should be back to normal.
Hope that helps,
Robzy
Just went through Robzy suggestions. Was able to load spydoctor from the malware sight on a flash drive and get it to run on the computer. Found 28 infections but then had to pay $30 dollars for a license to remove the found infections. After paying and removing the infections google worked once. The second time the redirection started all over again. What’s up with that?
This is one of the most malicious and dumbfounding viruses ever, but the solution actually isn’t that complicated. Bomp’s solution didn’t work for me because I had a mutated form of the virus and my laptop runs on Vista. I couldn’t launch any anti-spyware programs because as some users have mentioned, the virus prevents them from running. System restore was down, windows kept shutting down, got redirects during online surfing, etc. I had pretty much every problem mentioned above and then some.
All I had to do was start in ‘safe mode with networking’. Then I downloaded Trojan Remover. If your internet pages are being redirected just keep hitting the back button and clicking on the link until you get to the right site—it may take several attempts, but eventually you’ll get there.
Download, install, and launch Trojan Remover. It will do a scan that takes only a minute or two, compared to other utilities that take hours.
It found the problems right away and gave me the option of resetting my drivers. Do that and then TR will automatically tell you it needs to restart your computer. Once it reboots, shut it down and reboot your computer, allowing Windows to start normally. You shouldn’t have any problems after that.
I didnt bother with the malware downloads but the Last method worked! After restarting pc, a box popped up saying the virus had been deleted! Thank you so much….
After MANY hours, the above suggestion worked like a charm (ie. download Trojan Remover in Safe Mode with Networking and run). THANK YOU THANK YOU THANK YOU
THANK YOU for this last post from Scholar,
I too had no TDDSS as I had a mutation of the original virus
THANK YOU all who helped me remove this virus after so long
I fought this redirection for 14 hours. Tried every suggestion and removal software I could find. Finally landed on this site and saw the Trojan Remover entries. Trojan Remover worked so quickly I found it hard to believe at first. Thank you…!!!
THANK YOU ALL! Particularly scholar – you are a gent, and a scholar! This took me days until I found this page. I had tried everything. Installed Norton – this thing stopped it working… two online scans (wouldn’t run), updates, patches, ZoneAlarm (couldn’t start), TrendMicro, SpywareDoctor…none worked. Then found here.
Malwarebytes did a pretty good job, as Robzy said, but didn’t seem to fully fix it. Then followed Scholars ’safe mode with networking’ approach and downloaded Trojan Remover (www.simplysup.com), followed the instructions and between TR and Norton, it’s fixed! Google and Norton working properly for the first time in 4 days! Fingers crossed!
Thanks All – I owe you a pint, and I’ll give the cretin that wrote this virus the empty glass…
Cheers!
Anti-malware did the trick for me. Thanks so much!!!!!!!!!!
You are an lifesaver <3
Trojan remover did the job for me….many thanks.
only problem i had was that even in safe mode this bloody virus wouldnt let me download the prog. luckily for me there is more than 1 computer in the house, so i downloaded on another laptop, stuck it on a memory card and transfered…worked a treat…
Rob
where does this virus come from, specifically?
can some or any of you pinpoint the moment of infection?
if they are via email attachment, then what kind of attachment?
what type of scrip is the virus done with? java? activeX? how did it do what it did?
thanks for the input. shoot me an email if you have details…
jameschaynes1 at hotmail
One thing. THANK YOU SO MUCH! I used trojan remover and now its gone!! yay!
Thanks!! Trojan Remover success with safe mode and networking!!!!
Here is the easy way to remove go google
Most common symptoms of go.google.com browser hijacker
• It corrupt Registry files and “Blue Screen of Death”
• It changes the desktop background
• IE and Firefox slows down after getting infected by go.google.com virus
• Also infects e-mail attachments, messenger and other freeware programs
Method to Remove Go.google.com virus
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world
In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update
Thanks, many, many thanks. I finally resolved this Trojan issue with Trojan Remover. After restarting induced by T-R,
there was one more TDSSmqlt.sys.vir backed up in system32/drivers, I have deleted it and the problems ended.
About year ago similar virus penetrated thru up to date Kaspersky antivirus program thus preventing updates and internet link to any anti-virus sites. When I’ve send an e-mail to Kaspersky team, they tell me to perform tracing, and provided link with explanation-which is of no use if you cant get to it. After my second e-mail, they respond in the same way. And that time I reinstalled OS. Also, this particular Trojan came when I was browsing sites which have .it as ending.
trojan remover does remove this virus, i am begining to think this thing was developed by them.
This completely sucks! I picked up this virus yesterday and have been working feverishly to get rid of it since. I’m no pro, but I’m no moron either, and I’ve done EVERYTHING this posting recommends, and I still have this thing. Running Vista on a new laptop; had Norton 360 running 24/7 and this virus dodged it somehow. I’ve been able to run MalwareBytes after renaming its EXE file (otherwise the virus prevented it from running) and got some files, which I removed, but it didn’t work. I’ve also run TrojanRemover, SpywareDoctor, and HijackThis, all without unusual results and no conclusion. I’ve looked in the non-PnP drivers (yes, I made sure that everything was visible!) and I have no trace of anything with the tag “TDSSS” in my system, anywhere. Nothing I’ve tried has worked, and I’m getting really annoyed. Anyone got any ideas?!?
I was a fool and forgot to start in safe mode with networking like scholar said. Instead i just downloaded Trojan Remover into normal mode. TR detected it and asked to reboot, but after rebooting virus “Trojan.Agent” appears again and again.
I’ve scanned and rebooted about 5 times now and it won’t go away. I’ve also tried going to safe mode with networking but windows will not let me!!!!
Help is much needed and appreciated!! SOS!!!
This was a particular nasty one.
i fell into the ‘mutated’ category where it doesn’t show up as TDSSS, mbam and spybot will show up on the task manager, but not run.
I downloaded Trojan Remover from a laptop,
restarted in safe mode + networking, installed and ran TR.
Shut downed, restarted, then ran spybot S&D.
After which I restarted again and ran MBAM for a final clean.
Now it seems to be working fine. Fingers crossed.
So my google gets redirected, i get random music or ads playing in my background, I get this virus called PC security, Trojan horse and some homesecurity 2010. Everything is so slow. I cant even go to most websites.
I took my computer to tech shop and his antivirus would not even run. The tech shop guy siggested he delete everything from my computer just to save it.
My computer is pretty new a lenovo t61 and I have my cpa exam cd installed which is very expensive and I dont have the source cd for the program i cant get that erazed.
Can someone please help! I need my computer for my work and school!
I got this trojan from watching movies online. I don’t have the money to take it to be repaired so my friend let me borrow her laptop so I could find this site. Thank you so much Scholar! The Trojan Remover found it in a few minutes and after two reboots I was able to access my computer out of safe mode and was able to run malwarebytes and mcafee. You have no idea how excited I am!!! TDSSS had renamed itself. I ran every online virus scanner I could and nothing found it. Trojan Remover found it so fast. Thanks again!
thanks for sharing some of the good information about cyberdefender.
Thank you Scholar. Trojan Remover does what it says on the tin.
First scan in Safe networking found the nasty drivers, the second found a few other bits and the third was clean. Vista, Avira, Defender and Spyware Doctor were then able to update and I now have a clean uptodate machine. Perfect. Thanks again.
Have the same problem as everyone here..except I have not been successful in getting any of the solutions to work !
I do not have the TDSS file anywhere….
Tried Safe Mode and then Downloading Trojan Remover. The program starts running, and then simply vanishes about 10 seconds after it starts…pretty much like the other 10 Anti Virus programs I’ve tried…
How can this Virus disable all of these programs ?
I’ve tried clean copies from another PC…tried renaming them… tried Avast which works before the PC boots into Windows…
My brain is fried…
I tried all methods but the only one that worked for me was Scholar comment. Downloaded Trojen Remover from http://www.simplysup.com/. Thanks again Scholar
i tried the manual removal but got stuck at the Non-plug and play drivers list.
there is no TDSSserv.sys on the list, so how can I disable it?
and yes, im sure that i have the same probably that is being described.
I’m glad that my solution was helpful to many of you.
A bit of further information~
Not all google redirect viruses are tdds viruses. The solution I outlined here did not work when I encountered the same problem on my laptop, since I had encountered a different mutation.
I’m working on some alternative solutions for such instances~ I actually repaired my laptop by going a completely different route. If you are fortunate enough to only get this once and you have the same virus I did initially, the Trojan Remover solution will likely work and be the simplest route to repairing your PC’s functionality. However, my suggestion is to uninstall Trojan Remover AS SOON AS IT CLEANS YOUR PC~ don’t wait for the trial period to expire.
Not to be a conspiracy theorist, but I left Trojan Remover on one of the PCs I work on just as a test, and that machine mysteriously had the google redirect virus again shortly after the free trial expired. I can’t say they invented it, but the company definitely wants your money! I still swear by it for a quick and very effective fix, but to be safe, follow my advice and get rid of it once it cleans your machine. It’s quite easily uninstalled and not worth the risk of it causing problems down the line. I’ve used it only once and uninstalled it on several other PCs and haven’t had any problems afterwards, so no need to be fearful of using it for a one-time clean.
I have the most updated version of Malwarebytes, and while it’s one of the best freeware programs online IMO, it doesn’t seem to catch this virus even when it’s able to run. If you download an anti-malware program and can’t install it, the best way to trick this virus (or any other that disables your system) is to simply change the .exe extension to .com. That generally allows you to install/launch the anti-viral/anti-malware program of your choice.
If you find the solutions I’ve outlined don’t work, please be as specific as possible about the problems you are experiencing. I’ll try to help you out as best I can.
Same issue as zedjay. Nothing seems to work. Can’t locate TDSS file. I tried starting in “safe mode w/networking” but I can’t open explorer even in safe mode (says “windows cannot access the specified device, path or file”). I then downloaded Trojan Remover and Malwarebytes to a flash drive via another computer and tried running them in safe mode on the infected computer. Both started to scan and then simply vanished.
Any other ideas? Anyone have any luck with a system restore?
Thanks!
Thanks everyone for all solutions. Dowloading the free program from http://www.freedrweb.com/cureit/ did it for me.
Thanks again.
I have a computer infected with the latest goggle redirect virus. There is no TDSS file to remove. I downloaded Trojan Remover to a non-infected computer and changed program names and ran it on the infected computer. The first time it found two potential problems and fixed them. I thought the virus would be gone, but it was still there. I can still run Trojan Remover, but it finds no problems. The virus disables all other anti virus software by either not allowing it to start, or allowing it to start and then hanging it up. I don’t know what else to try.
IT’S FIXED !!!!!!!
Thanks to Simply Super Software. Their tech support is really super. They make Trojan Remover. I was at a point where none of the malware removers would work. The virus would disable all the many removers I tried. I emailed Simply Super Software and they led me through a solution.
Here is the sequence of events:
I emailed them telling them my problem.
Here is their return email:
Please send us your Trojan Remover logfile so that we can see what is
loading on the infected machine.
Trojan Remover’s logfile is called TRLOG.TXT and is located in:
For 2000/XP:
“My Documents”\Simply Super Software\Trojan Remover Logfiles
For Vista and above:
“Documents”\Simply Super Software\Trojan Remover Logfiles
I sent them my logfile.
Here is their return email:
Your system is infected with a rootkit (Trojan.Crot), which prevents
many anti-malware programs from working correctly
Please look for the following files:
c:\windows\system32\logevent.dll
c:\windows\system32\ntelogon.dll
c:\windows\system32\sceclt.dll
I expect only one of them to be present. When you determine which file
is on your system let me know and I should be able to provide removal
instructions.
Here is my reply:
I located a c:\windows\system32\logevent.dll file. There was no c:\windows\system32\ntelogon.dll file. I also did not find a c:\windows\system32\sceclt.dll file; however, there was a c:\windows\system32\scecli.dll. I don’t know if that is an okay file.
Here is their reply:
Proceed as follows:
1. Open a Command Prompt (START | Run – type in CMD and press Enter).
2. At the prompt, type in the following exactly as it is shown:
SC CONFIG EVENTLOG START= DISABLED
and press the Enter key.
NOTE: there is no space before the = sign, but there is one after it.
If you have typed the command correctly, you should see the message
ChangeServiceConfig SUCCESS.
3. Close the Command Prompt screen and restart the PC.
4. FInd the following file:
C:\Windows\System32\EVENTLOG.DLL
Right-click on it and select the option to delete it.
The file should be automatically replaced (within 1 minute) by Windows
File Protection. Look for the file again and check that it is back
(you may see it re-appear at the bottom of the directory, unless you
close Windows Explorer and then re-open it).
If you were successful in deleting EVENTLOG.DLL, and the new file
returns, you can then delete the LOGEVENT.DLL file (this is a backup
of the original eventlog.dll file, created by the malware – if we
don’t need it, we won’t use it).
Problem Solved !!!!
ONE MORE THING
I received another email from http://www.Simplyup.com:
There’s one more step you need to take, to restore the now fixed eventlog.service.
Open a command prompt, and issue the following command:
SC CONFIG EVENTLOG START= AUTO
Sorry,
Their web site is http://www.Simplysup.com
Ronel:
Removing all the redirects (and there were many …) in the HOST file in C:\WINDOWS\system32\drivers\etc\hosts, while leaving the normal entry (localhost 127.0.0.1) in place, took care of everything.
I had almost given up hope, but thanks to your advice I was back on track in no time!
Thanks again,
Ewald
Thanks for sharing some great reviews about Cyber Defender, this is really a great announcement for all cyber users.
Hey thanks all for the good info. I could not get the redirect virus off my computer (TDSS). Malwarebytes would find it and always said it would be deleted on restart but it doesn’t ever work.
So I download trojan remover and it finds it, deletes it, and when it restarts, it works perfectly. It diagnosed the problem and told me the virus was going under a different file name to hide from virus programs. This is why I could never find a “TDSS” file anywhere in my device (unhidden) manager or windows explorer search. Download trojan remover and malwarebytes and you should be good to go! Thanks Again.
I had major problems with this virus, but i downloaded a trojan remover and it worked perfectly!!!
Thanks everyone for the help!
^_^
PLEASE HELP! Nothing is working for me, I’ve tried everything and I’m going crazy. I have been trying to fix this problem for more than 9 hours. I tried to fix the host file but it is a read only file does anyone know how I change it so I can save it with just the local host line.
HOW DO I START MY COMPUTER IN SAFE MODE WITH NETWORKING??
SORRY BUT I’M NOT GOOD ON COMPUTER AND I DON’T KNOW HOW
TO TAKE THIS FIRST STEP TOWARDS THE FIX SUGGESTED BECUZ
I TOO HAVE NO TDSS EVEN WHEN I’VE CLICKED TO SHOW HIDDENS
I think this thing is back in full force. I have downloaded and run nearly every virus scanner I can find. Updated all security on IE and XP. I have searched for TDSS. It has been 5 days with this virus which started as the some false Virus Scanner downloading on to my system, basically a variant of sysgaurd.exe, I had “bahwsysguard.ese”.
Thoughts?? Anyone???
Last option is to rebuild PC and wipe memmory clean..
J
How to remove the Google Hijack virus?
That is a question without a solution for me, after struggling for about a week to rid the Google Hijack virus from my laptop!
I stumbled on to this website this moring and was hoping that I could take advantage of the suggestions on here after reading several successful posts, but it was not to be for me.
1. Did not find “TDSSserv.sys” file.
2. Can’t start up computer on “safe mode” or “Safe mode with networking.”
3. Trojan Remover, downloaded from simplysup.com did not work for me.
4. Malwarbytes, McAfee, and Spybot Search and Destroy did not do the trick either.
This virus is one tough cookie!
I NEED HELP!
AAARRRGGGHHH – I have the same problem. It’s driving me crazy. Not sure what to do now. I have tried EVRYTHING. Hours spent on this issue now. I am going to have to rebuild the laptop.
John
none of the suggestions here have helped.
I have too attempted with spybot, avast!, several others and i think I have it fixed and when I open IE up and go to google and click on a result link, I am redirected to a different site or a another window pops up for an advertisement. I have followed several suggestions from several differnt sites and still same results. Does anyone have the answer for this thing?
I am having the same issue as Karri…I believe this must be a new version of the Redirect malware as the steps above have not helped. I have used AVG, Norton, SpyBot and all of the tools on Microsoft’s site. The disk is clean as far as they can tell, but the problem persists.
For God’s sake…help!
hey, i have a question, i went to device manager and i couldent find TDSSserv.sys and i tried malwarebytes and it didnt find anything, please help me
I have also been trying to get rid of this nasty problem. nothing is working for me
pls help
i cant do anything because i get a message saying application cannot be executed. the file rundl32.exe is infected. do you want to activate your antivirus software now?
then it redirects me to a site to buy this
I don’t have it in my device manager either. UGH!
Okay i use trojan remover, but then the virus comes back on reboot. So i need help, do i rename the files or delete them with trojan remover? What do i do after trojan remover? be specific plz. And i can’t find the TDSS file in my drivers from control panel! I have 2 hard drives. C: and D: and a back up J:. I hope this helps some people other than me.
ive got it also trojan remover found alot of things the others didnt thought it was gone but merry christmas
Trust me run combofix and it will work!!!
i really dont know why everyone is talking about “TDSSserv.sys”
i am having massive problems with redirection from go.google.com and it has nothing to do with TDSSserv.sys. i dont even HAVE TDSSserv.sys on my system, i’ve checked and double checked the hidden drivers and the registry, and every other place i could think of but it isnt on my system. and the advice to get pareto just seems like a scam because i finally got pareto installed and it did nothing except prompt me to spend more money on registering the product and do a lot of upgrades.
i’m still looking for a fix, but everyone is hung up on TDSSserv.sys. superantispyware doesnt help. malwarebyte doesnt help. i used iobit360 but it only removed spyware. ive tried just about everything else (including new firewalls and scanners to trace what’s going on) but nothing has helped me get a handle on it, google searches still get redirected unless you type it directly into the address window.
Atm, i too am attempting to remove this virus, but the reason why tdssserv.sys might not be showing is because what i’ve bene reading from other websites and what someone even mentioned here is that this type of virus switches its file name, and certain ones do it everytime you reboot. So if you do remove it make sure to use your other antiviral progs to make sure its gone and hopefully this will work for me after i use trojane remover O.o
Most current search engine (Google) redirections are currently caused by an infected atapi.sys file (TDL3 rootkit). You can try Hitman Pro 3.5 which is capable of finding and removing the infection in just a few minutes.
If Hitman Pro asks for a Product Key just click on the ‘Activate free license’ to get rid of the infection for free.
Thanks, Lance. Free at last, I’m free at last!!!!
Been obsessing over this bug for days. It slipped right by all
my spyware. Malwarebytes couldnt help, I didnt have that TDSS
thingy, and Pareto did nothing.
The Hitman Pro 3.5 was the only spyware to even see the infection! I think I all clear.
Thanks again, Lance.
I have been trying to get rid of go.google redirect for five days now and nothing has worked. I just tried Hitman Pro 3.5 and it’s finally gone. I feel like I have just waged battle and won. I too didn’t have TDSS in my drivers and malewarebytes and combofix would not run because the virus was blocking both of them.
Thank you Lance!!
Lance,
Thank you so much! I have been fighting with this thing for 2 days. The first time I used Hitman Pro it didn’t find it. I had to rename my regedt32 file and then run Hitman Pro.
I just want to thank Lance for the information about hitman pro!!! I was getting weary with my search engines after trying several different program, but one touch of hitman pro solved my issue!!! I may have to invest in hitman pro!!! Thanks a million!!!
Lance…..THANK YOU!!
After a week of going crazy Hitman pro has fixed it!!
I to had no TDSS,Malware wasnt finding anything wrong nothing was.
Again Thanx!!!
Hi, Hitman Pro 3.5 removes this virus in just a few minutes. Does a cloud scan so the virus cannot block it. I had a couple of problems which it identified as Unsafe DNS Server Address, and atapi.sys rootkit, and which it resolved. After reboot everything was fine. As a temporary work-around if this doesn’t work you can use dogpile for searches as even though this uses Google, Yahooo, Bing for searches it doesn’t trigger the redirect.
Hope this helps
(got rid of the redirecting!!!! ) (here’s the solution) 🙂
hai guys –
i HAD the EXACT problem and it was driving me mad! seriously i was ready to kill somebody. and the redirecting was only happening to my work/website and the site to log into for me to update it – how f*cking convenient….
this is how i got that crap off my laptop (vista 32 bit w/firefox)
1.get the latest version of malwarebytes – perform a quick scan in regular operating settings
2. re-run malwarebytes in SAFEMODE – it will find the redirecting bastard trojans
3. download and install HITMAN PRO 3.5
4. turn off any anti virus programs and make sure youre not online
5. run HITMAN PRO 3.5
within 5 minutes it discovered another error on my system (a file called magic “something”) it said there was something funny about the license authenticity –
i deleted that issue – rebooted made sure norton 360 was back on. got back online, went straight for my website – loaded without a hitch!!!! now my computer is back to normal!!!
no more of that redirecting crap! and now im clear to view and update my website.
i stand by this procedure – i was ready to throw my computer against the wall if i saw another blank page trying to redirect me to nowhere.
im not a computer guy by any stretch – i just needed this thing fixed and as i said – i stand by this procedure 100% – it worked for me (friday march 15, 2010 1:19am)
i hope it works for you! 🙂
let me know
johnny alonso
I just used Hitman Pro and it took care of the problem. I had been pulling my hair out for three days!
Guys,
Hitman does the job because it runs from the cloud and detects the crapy dns entries that mess with your system.
I have tried several malware and antivirus software (MalwareBytes, Trojan Remover, Norton, Windows Defender, etc…) and the only one that worked is Hitman.
Hope this helps
Jonny A,
Thank you for the information on the redirect virus. I followed your instructions and Hit man pro 3.5. 4 found the scum sucker atapi.sys and removed it. However I did have to connect to the internet for it to run. I rebooted and so far my system it working correctly. No redirect and MS update site works. I battled this piece of mallware for over two months. I have read hundreds of posts on forums and help sites.
I contacted my virus protection program support for help. I also contacted Microsoft Support.
I informed them that I believed my system was infected with a virus that prevents me from accessing Microsoft Update site. It also redirects me to random sites when I do a specific Google search, along with subjecting me to pop up and fake virus removal tool sites and programs that mimic a Microsoft Site. I ran their suggested fixes and scans. I followed their directions and fixes. My anti virus program scan was supposed to automatically upload a file for their review. This never worked and at they suggested I copy and sent them the report via e mail. I did this several times asking for a acknowledgement that they received the file. I would get an automatic response with a new ticket number each time. I then received several notices that they would consider the mater closed if I did not respond. I did, but either they did not receive my response or they choose to ignore them. Needless to say I am disappointed with the support.
Over the next several weeks MS support suggested I clear this and change this and scan my system with their scanning programs. Nothing worked. They too decided that my case was closed and I have yet to hear back from them.
In my research I have noticed that a variant of this scum ware has been around for a year or two. It affects all MS operating systems, from XP to 7 along with Internet Explored, Firefox, Google, and Bing. One would think that with all of the resources the soft ware developers and costly virus programs have, they would identify and fix this problem.
Why is there an add on this site claiming I am the 100,000 visitor. Is this a scam? This is the kind of pop ups I was getting with the infection.
Ran Hitman and malwarebytes. The redirect virus comes right back at next reboot.
I about went crazy trying to fix this. Every recommendation I found did not help until I found this one. Thank you to whoever posted this. Everyone needs to repost this elsewhere on the web to get the message out.
Look in (windows)\system32\drivers\etc\hosts. There should be only some lines starting with # and “127.0.0.1 localhost”. Anything else in there might be redirecting you to a fake Google or other fake site.
OH my gosh, thank God.
Downloaded the Hitman 3.5. I actually could NOT download it from cnet.com/downloads because the stupid virus was blocking it. So I went to http://www.surfright.nl/en/downloads and downloaded it from there. I turned off my anti-virus stuff (Norton included – thank you, Norton, by the way, for STOPPING this virus for me). Ran the Hitman. 5 minutes later there were 4 files there and I had to reboot. Did it, worked! I restarted the computer again because someone above said that it did it again after restart. And this is again and it still worked.
Holding my breath it stays away!
What a horrible little thing.
What I question now is WHY does Malware, AdAware, Norton, Panda – all those NOT stop or NOT find this except for Hitman? It makes me maybe want to pay for Hitman for my home computer and have that be my virus protection for $25…
I have this google redirect problem.
Can someone instruct me in basic step by step terms how to remove it. I am a complete amatuer.
Download Microsot Security essential and have a full scan. It removed the virus. It was rootkit alureon virus.
I had problem w. google redirect virus and tried to fix it for many days. Could not do any search cause I got redirected, got music and commercial playing while surfing, pc was so slow and it was very frustating.
I tried avast, Hitman 3.5, malwarebytes and avg but none of them worked. Avast kept blocking the trojan virus, but it didnt not remove it. I couldnt find tdds file either on my laptop as what Bomp suggested.
Now I use MS security essential as my antivirus. I used to like avast but not anymore.
I have had all the symptoms in this thread and nothing seemed to work or remove the virus until I tried the advice above on scanning with the Microsoft Security Essential. It found the win32/alureoun virus which all other virus scanners failed to find (and ive pretty much tried them all) and removed it. Even Hitman Pro failed to find anything. Thankfully the problem has now gone, so i definitely recommend downloading the free Microsoft Security Essential virus protection and run the full scan. Cheers for the advice and post aida.
Same problem here. Kept getting redirected. No TDSS anywhere. Disabled “Google Toolbar” and no more problem, so far.
It sounds like I have the same redirect virus as discussed in this thread and I sent the link to my husband who has been working for days to fix it. But I have a question.
In addition to the redirect, my computer keeps getting a pop-up windon for Just-In Time Debugging with “New instance of Microsoft Script Editor” in its text window. We’re trying to figure out if this is related to the redirect virus. I didn’t see that symptom mentioned in the thread and wondered if anyone else experienced that problem.
I got as far as “non-plug and play drivers”. I have nothing that even vaguely resembles that and I clicked on everything is the Hidden Devices window. I have Vista Home Basic. What do I do now?
I have the Malwarebytes and I’ve already used it and it removed about 30 something files that were infected, but I still get redirect to other sites and random sites still pop up even after I ran the Malwarebytes and I also have an antivirus program running at the same time that is not picking up the program.
looked in the hidden devices and i couldnt find it under non plug and play drivers but i know i still have the virus
I highly recommend using
Spyware Blaster
and
Spybot Search & Destroy
as well. MB didn’t pick up the Virtumonde.prx
Then give ‘Superantispyware Portable’ a shot, it found a few more things on my computer.
i am Search This site(grapesmobile.in)may harm your computer. fix it for many days.
how to remove a virus
please help me
This is a nasty, nast virus!!
I got this same virus and was not able to download Malware bytes or open anything.
I was able to reboot into safe mode then do a restore. This then allowed me to download malware bytes and run it. It seems to clear it up everywhere but in explorer. I still had the problem with search links re-directing me all over, major pain!!
I found this thread and ran Combofix. You can get it at: http://www.combofix.org
This found it, and cleared it out. AWESOME software!!!
I would donate to these guys if I knew how!
It might have fixed everything if I ran it first and only, but don’t know since I found this thread later.
Hey guy’s I’ve had this one before and I think how I caught it was by running the computer in safe mode and then running malware bytes I have vista and that fixed it, don’t know if it’ll help but thats how I caught the stupid little head ache of a thing.
I tried the method of starting my computer in safe mode with networking and than was able to download combofix. It worked after weeks of trying other things. I was ready to give up.
I’ve used Malwarebytes on a million peoples computers and it takes care of everything completely pretty much 100% of the time. Haven’t experienced this one though.
Well, was in the same boat here.
This thread was of great help, using combofix did the trick for me though. Malwarebytes could not find this bug.
Combofix is a great piece of software for this particular infection. Kudos to the developers.
Followed Alicia above and downloaded Hitman 3.5 from the NL website. Worked first time, although I paid for the one year version rtather than the free one. Have not got the one year codes yet, so used the free version, which has fixed it.
Paul
Why the hell is everyone so excited over Bomp’s post? He just copy pasted directly from this guide…
Anyways, mbam fixed it mostly, then trendmicro did the rest.
I want to know if I was ripped off. I had the google-analytic virus and was charged $132 to take it off. He said he had to take everything off my computer, and he didn’t even load the AVG 2011 anti-virus software I had bought, which I requested that he do since I was having trouble downloading it with the virus. When I loaded it myself and ran the analytic after I got my computer back, there were 200 problems, which AVG fixed. My regular computer guy would probably have done it for $40 or less and would have run scans to get everything fixed…that’s what he usually, but he was unavailable. Is the google-analytic virus that hard to get rid of? I feel ripped off. I had to spend hours putting settings back and reloading everything, too.
hello there people
I would just like to quote ronel cause he is right
you just have to delete/Remove all redirects in
C:\WINDOWS\system32\drivers\etc\hosts, leaving the normal entry (localhost 127.0.0.1)
at first i thought it was a virus but at some point i realized that every windows xp sp3 that came from torrents has it so it’ll activate once you fresh installed xp to fix it just follow the steps above
note : if you experienced the blue screen of death then definitely its a malware
Jewl the thread starter edited the thread and put in what bomp said so bomp figured this out
i found another way to disable it you see in your network connection you got another connection do this Go to Start > Control Panel > System > Hardware > Device Manager > View > devices by connection then disable microsoft loop back adapter and a unknown device do not uninstall them they will come bak again so just disable them thats all i hope it helps 🙂 be sure usemalwarebytes too scan it first then delete virus and if its still there follow my instruction
I managed to get both this and antivirus.net at the same time.
Nasty stuff, but if you’re fast you can regain control of the task manager by CTRLALTDEL immediately upon booting up.
(in this case bloatware actually helped! They ‘turn on’ late in the system processes, so having to wait for skype, UAC, realplayer and others to load gave me enough time to get rid of the processes that cease .exes from working. FYI if you get antivirus.net it is called something like svershld.exe or similar, it’s the fake AV systray shield icon.)
I tried to remove this virus but i couldnt. I tried looking for this TDSSserv.sys but i couldnt find anythin, if anyone can email me with som help please do so thanks
Trojan Remover got rid of it for me!… Thank God… 3 weeks of it on my laptop
I need help! I cannot get rid of this. I’m in no way a computer person. I need a step by step…(for dummies) HELP!
People who make viruses should be slowly burned alive. Normal people have lives and things to do. Virus creators should be executed and made examples of by mideval torture! scumbags!
Thx dude now i am going to download google redirect viruses all the time to remove them 😀 for fun xD
Thanks for this sharing related to Virus Removal Tool for Windows this is awesome i use this.
best solution thanks for the help