My searches and url’s are being rerouted by a jumper
trojan and it is destroying my operating system (Vista).
I am missing important system files from trying to remove
this trojan/virus off my system.
I have done several scans with McAfee and it got some,
but I know there are still more undetected, due to the way
all my searches are being redirected.
Please help!!
Related posts:
47 responses so far ↓
1 qwaszx //
I had the same trojan. The program Malwarebytes Anti-Malware removed it perfectly.
2 cheik //
Thanks!!!
Malwarebytes Anti-Malware definitely works
3 Dave G //
Does anyone know where the go.google (’trojan’, malware or whatever it is), came from? It got onto my server (home server) and like everyone else says; the only way to rid yourself of it is to use Malwarebytes Anti-Malware. I have to say that I would be impressed if I had some indication of what it actually did to remove it and where the darned thing came from in the first place! Anyone have any ideas on this?
4 Max //
Awnser to the problem guys…. worked for me….
1.Go to http://www.download.com in the search bar.
2.Search for Malwarebytes.
3.Download the version there (try using firefox because the download manager on IE7 gets infected)
4.When downloaded, install and check for updates.
5.Run the scan which will last approx 30 mins.
6.When you finish this, remove it all and you might be asked to restart your computer.
It worked for me and i had this virus for about a month! Let me know it it helps, thanks guys.
Feel free to ask any quesions.
5 Shannon Lilly //
Wow so glad I found this site through google, the program does work! Thanks much guys!
6 lee //
See, I did the malware bytes’ thing and it does remove it upon the restart. Then within a day its back.
I need some more help. Email me at john.doe185@gmail.com please if you know what to do.
7 enimeil@gmail.com //
I have tried Malwarebytes Anti-Malware but my ie and firefox search pages links are continuosly infected and are all redirectet to go.google.com/something.
Help
8 dnice //
i installed Malwarebytes Anti-Malware but i cant get it to run. i tried double clicking on the icon and nothing happens. help
9 Domenic //
i installed Malwarebytes Anti-Malware but i cant get it to run. i tried double clicking on the icon and nothing happens. help
Same for me guys…….Somebody help us Please!!!!
10 Domba //
I installed Malwarebytes, it took a very long time…when finally was installed…nothing happens.
The program doesnt run!!!
11 DK //
I’m having the same problem. Malawarebytes won’t run - nothing is working.
12 Mo T //
Malware doesn’t run nor does any of the other virus protection files because whoever created go google took the time to test it out on every virus program out there.
They were very thorough.
13 Bomp //
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world
In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.
14 Charles //
If you can’t get MBAM to run, open up ProgramFiles/malware…/ in explorer rename the MBAM exe file to something goofy, then execute the program (dbl click). No guarantees it will fix it yet, but it will run and start scanning…. I just did that and the scan is in progress now… I’ll update in a bit.
15 Charles //
MBAM isnt finding anything… but XoftSpySE is. Again you have to rename the programs .exe file to get it to launch (it will crash on installation, but that’s okay - kill process after it hangs). It found a TON of stuff. I cannot post it at this time, but I will. Still scanning.
16 DFMoore //
Bomp,
Thanks for you comment. It solved the problem completely.
17 tim //
Bomp you saved my PC!!!! the instructions on the tdssserve.sys thing worked awesome. as soon as i disabled it i updated my AVG and the redirections went away. thanks for the help!
18 Paul //
Bomp, instant cure and so easy - thank you.
Symantec scan after your tip found several infcted dll’s with TDSS in their name in c:\windows\system32 subfolders. Before it didn’t find a thing.
19 Bomp //
Thanks for the comments, I’m glad that I could help others to solve it, as I know what a pain it was. It took me 2 days to figure it out, as I was monitoring my HOSTS file mostly, and I thought there was a Trojan editing my HOSTS file on the fly, or some kind of Stay Resident In Ram application being linked to and bypassing the HOSTS file altogether. Got there in the end though.
Cheers.
Bomp.
20 SAF //
OMG, thanx BOMP, after 3 weeks of pain, boredom coz of no internet ure solution worked!!, thanx man, u have made my day!!! i tried malwarebytes, but the trojan/bug kept coming back agen, i tried spybot, ad-aware, zone alarm, windows live one care, trend micro online scan, vundofixit?, fixwareout, sdfix, super anti spyware, spywareblaser,and loads more.. none of them worked… THANKS
21 Artemick //
Bomp, you’re an fn ANGEL. None of that other stuff was working (including a trip to GeekSquad at BestBuy). An angel-Batman hybrid. Thanks so much for posting.
22 Ben //
Thanks Heapssss BOMP.
I have the exact problem as many others, the notorious “GO.GOOGLE” problem. I installed Malwarebytes but can’t get it started. I was almost going to reinstall the whole Win XP but your advice saved me. Wish those who created this Go.Google virus/spyware be burnts in hell!!!
23 Ben //
Thanks again Bomp.
Has anybody here bought the Full Version of Malwarebyte’ ? The unlocked features are realtime protection, scheduled scanning, and scheduled updating. Any thoughts?
24 Mike //
Bomp, thanks for your excellent detective work. This saved us hours/days worth of work, had we been forced to reinstall.
25 thanks //
thanks very much
26 Luis //
Tanks you save me
27 rs //
Bomp’s fix works great!
1. Disable TDSSserv.sys from Device Manager.
2. Download Malwarebytes from Download.com and run a scan.
Doing these two things will get rid of this problem.
28 Coolman3 //
I’ve tried Bomp’s method, but I cant find “TDSSserv.sys” in the device manager….. :((
29 Sammo the Great //
BOMP. You are a savior to so many people who have viewed this post. I’ve saved your post to a notepad, and I am going to spread the word (giving full credit to you). It took me a full week of searching nothing but a bunch of unhelpful “Help” forums to find I would more than likely be better off just completely reformatting. I don’t remember how I stumbled upon this page, now, but you saved my ass and many others’ from the look of it. THANK YOU SO MUCH.
Now if only I could figure out how to get rid of TDSSserv.sys completely.
30 Bomp //
I used comboFix.exe to get rid of TDSSserve.sys, before I even updated my AVG Anti-Virus so I don’t know if AVG will catch it. ComboFix.exe also found av.dat.
But after I updated AVG, it found:
TDSSrigp.dll - c:\windows\system32\
TDSScfum.dll - c:\windows\system32\
TDSSnrsr.dll - c:\windows\system32\
TDSSofxh.dll - c:\windows\system32\
TDSSpaxt.sys - c:\windows\system32\Drivers\
After clearing those files out, I used CCleaner to get rid of all IE7 & Firefox temp files, then RegCure to clean up the registry.
You may be able to just delete TDSSserve.sys, once it has been disabled.
Another program I use is “Process Viewer” which I find handy for killing hidden processes, so if any of the above dll’s are active then prcview.exe can kill them. It’s basicly a better version of Windows Task Manager, so you can view any suspicious exe’s then view its Modules or dependancies, find their path then delete them, or add them to your firewall rules or antivirus program.
Get Process Viewer here http://www.teamcti.com/pview/prcview.htm
31 Sara //
Thank you so much for your help! I used Malwarebytes Anti-Malware and it actually worked. :o)
32 telis //
Bomp you are GOD!!! Without disabling the driver you mention, spybot wouldn’t load amd malwarebytes wouldn’t even install. After trying your method everything is clean again!!! You saved me 2 days of complete reinstalling windows and all installed applications. Thank you so much and merry Christmass
33 ZeroTheHero //
I’ve got all these symptoms, but can’t disable TDSSServe.sys.
I can find it and I can right-click on it, but none of the “non plug-and play services” offer the option of being disabled.
Is there something obvious I’m missing.
34 Deakus //
Bomp, you are a complete legend.
Thank you
35 Nick //
Kudos to Bomp!!!
I been wreckin my brains trying to work this one out.
Cheers man. Now lets hope MBAM can remove the rest of it.
36 Chris //
Question: I’m operating on Vista, when I find tdssserv.sys under plug and play in the device manager I only have the option to uninstall, what do I do then? Last night I was able to run Malwarebytes after I renamed the .exe but it was unable to get rid of the tdssserv.sys files. Tonight I’m going to see if I can run combofix and various other programs to eliminate them.
37 RPg //
Disabling the TDSServ from device manager helped me big time. It just did not save my time (I had taken almost 2 days trying to fix my live update issue with Norton 360), but saved me from a lot of frustration too! Thanks Bomp!!
38 Bidz //
Bomp’s fix works but he’s a fraud…I’ve read his solution word for word on two other websites! Stop blowing smoke up his *ss!
39 BobbyC //
Currently tried Bomp’s / about 30 other peoples same solution.
1) On XP PRO 32 and 64 in order to apply this you will have to reboot your sys. This then causes the system to not be able to function properly. As in you go to click on something and it will not open or do anything. Still migh thelp to kill it before running the tool in (2) So I give you a better solution.
2) I highly sugjest getting a copy of Avira’s rescue CD and making a copy of it and having it on hand. You could even put the iso on a usb drive and boot off it if your system lets you. The reason for this is the tool is linux based and runs off a cd or thumb drive so you actually get to scan the system while Windows is not. Keep this guy updated at least once every 2 months I would say. You may get that the files could not be deleted but they will be renamed which will kill the infection from taking hold. This in turn will let you delete said files or take it to shop where the files may be removed by a professional.
Yeah all those great windows tools are great but when you use a linux based tool you do not have to worry about shutting this or that down, they already are. This is a nasty piece of malware the latest edition installs several back doors and other services on your system. which allow others to control your system.
40 NovaStorm //
THANKS a million. Disabling the TDSServ from device manager finally allowed me to do my antivirus updates and start fixing a very-infected PC.
41 HH //
same here, fixed! thanks Bomp
42 ADITYA //
I AM STILL NOT ABLE TO GET RID OF GO GOOGLE VIRUS CAN SOMEBODY PLEASE HELP OUT I HAVE TRIED ALMOST ALL ANTI VIRUS BUT NOTHING IS ABLE TO REMOVE IT. THANKS. ANY HELP WOULD BE APPRECIATED.
43 chintan //
guys as aditya said..i am still facing this problem..specifically i did not find Tdssserv.sys in the tree as found for most of you..does anybody know the latest status of this virus…??:-(
44 wilsonjhenry //
I cannot locate TDSServ in my hardware devices. I have traveled past rage, to sadness, back to rage, to fear then to complete indifference back to rage. please help us!
45 IOP //
I have full scanned with Malwarebyte Anti-Malware numerous times but the virus keeps coming back. Alike chintan I was not able to find “tdssserv.sys” . Please help.
46 Graham //
Somebody please give full instructions for MANUAL removal.
47 newbie-one //
Following the instructions on this page apparently reset my network connection, allowing me to access the MalwareBytes and SpyBot Search & Destroy sites. Before resetting the network connection I would receive a “Server not found” notice when trying to access either of these sites.
http://support.microsoft.com/kb/299357
I ran Malwarebytes and found this nasty little critter that stole about eight hours of my life.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes’ Anti-Malware 1.45
http://www.malwarebytes.org
Database version: 3932
3/30/2010 5:25:30 AM
mbam-log-2010-03-30 (05-25-30).txt
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This thread explains what the critter was up to while embedded in my box.
http://forums.cnet.com/5208-6132_102-0.html?threadID=383334
Hope this helps someone.