go.google - go.yahoo

this is so-far the best resolution for fixing the hijack that i have stumbled across. thank you so much for the advice

Thanks, it worked for me when no other antispyware programs would!

heres what i found

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

Right click on it, and select “Disable”

Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.

Mike,

Thanks very much. I tried your suggestion of disabling the TDSSserv.sys and it worked. It stopped routing to the local computer.Then I downloaded Malwarebytes software after disabling the TDSSser.sys, which I could not download earlier before disabling it. The malwarebytes scanned all the trojans and virus infected files. I deleted all those. Then installed a new AntiVirus software that I bought.

Thanks very much. I appreciate it.

I found a suggestion which worked. If the virus isn’t letting you open or run any anti-virus/malware program, rename the setup file. I found when I did it with the Malwarebytes setup file it would actually install. I couldn’t install any anti-virus program because this thing recognized all of them until I tried the rename. I did manage to get rid of the Antivirus2008 malware popup with the free program Avira Antivirus which for some reason loaded while being infected. Malwarebytes did the rest and everything seems back to normal.

Mike,
Repeated scans and uploading different antivirus via removable drives, disabling sytem restore, starting in safe mode, no luck. Your TDSS disable suggestion saved the day, Dr. web program found the virus 30 seconds into the scan. Thanks,Man.

Mike,

Thanks very much - worked perfectly and easier than all the other solutions.

Mike - Nicely done. I’m running the scan now, but I’ve at least been able to access the webpages necessary to get to the scan software. I even tried doing things with a downloaded program onto a thumbdrive … couldn’t get that to work. Fingers crossed, but this seems to be doing the trick. Thankfully I had another computer to use in researching this.

Thanks guys! I was trying to get rid of this for days with no help from the guys at AVG. It initially detected the virus but did not stop it completely. Sometimes I wonder what we pay these anti-virus people for? If people on a forum can do it why cant they!!!!!

Thax Mike - u really made it simple - now I see that device with yellow exclaimation mark - what should I do with that?

GOOD LOOKiN OUT MiKE! BEEN TRYiNG 2 FiX THiS 4EVER!

I.m still working through this but your suggestion is the only thing that has allowed Malwarebytes to run….fingers crossed it’ll sort it out but I had to thank you for the progress ater days of pulling my hair out. Many thanks!!!

Had similar problem with almost every google or Yahoo search being directed to random spam or even adult pop-ups/sites. However followed Mike’s instructions above (slightly diff as I’m on Vista) but couldn’t find a file named TDSSserv.sys there.

Any other ideas?

Cheers

Many thanks Mike, your fix did the trick! Cheers

Thank you SOOOOOO MUCH Mike, I have been up for hours trying to fix my hubbies computer and your solution worked like a dream!!!! Thank you

you are awesome. That totally helped me to fix my computer.

I have a similar problem,
but, I can’t open Google, it re-directs me to “Microsoft security” an obvious fake site.
followed Mike’s instructions above (slightly different- I’m using Vista) but couldn’t find a file named TDSSserv.sys there.

Thanks.

You might want to go to your system 32 files, and click on date modified, scroll down to the latest date and see if the tdssserv. files or anything that is related to it is still there. I cut and pasted them to my desk-top then deleted them all.

yeah works great, unless your using Vista

i cant find tdss serv.sys ive opened non plug/play drivers and its no where to be seen im on windows xp ,could any one suggest any thing as im not very good on computers and this virus is driving me up the wall
thanks tony

Yup, the tips here saved me from jumping off a tall building…did the Dr. Web first and that got me through the nasty virus attack….thanks all!

Thank you Mike! That totally did the trick.

I have been trying to fix this problem for so long that I feel like pulling my hair out right now. I can’t seem to get google to stop re-directing me to other sites. Google has become slow and it seems like I just can’t go to any of the websites that I normally am able to go to. I tried Mike’s suggestion but when I get to control panel and click on “system”, it doesn’t even open. I tried and tried and it just doesn’t open. I really need to get this fixed. Please help!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

thax a lot man :)==*~

THANK YOU SO MUCH, MIKE!

Way to go Mike! Bing Bang Boom…done.

thanks mike, i fought that all weekend to no avail.your fix worked !

Mike.. Like a friggin charm. 1/2 day lost, but not I’m back. thanks again

Thanks Mike!!! 5 minutes to fix; some of the other sites would have taken hours to fix.

Thanks so much Mike. I wish I would have found your suggestion before wasting almost an entire day.

Hi folks - This frkin problem called page and search engine hijacking is the 2nd worst trojan I have ever encountered. There was ref to 302 exploit and redirects - I couldnt log into any spyware websites etc - my other computer worked thankfully. I think I got slammed of my frikin email site. What happens is that advertizers embed scripts in their ads; my registry get changed and files are added to my system without my permission. This crap really pisses me off and someday I am hacking all those responsible. I let yas know if my problem is solved.

Hi - I found TDSSserv.sys and also (!!) I never knew about hidden devices…

I do know about services running so I am gonna look it up now.

Somethin I noticed - I disable all my remote access stuff - well the drivers i that list are labled as ‘demand’ ; it is like they still can be used even though I shut them down; disabled they go too….I couldnt disable the TAPI one but I tried the other 2.

Here goes PC restart !!

Here is the registry entries - I do all mine manually.

hkey_local_mach, system, controlset001, enum, root, legacy_tdssserv.sys (delete
this one; its called an active service - I didnt locate it manually my house is
noisy again tonite.

Just search tdss in the registry an delete them all AFTER restarting. I am doing this now. Dont run IEXplorer. I have also saves the registry entries should I

decide to install it on my virus computer lol.

Now I found the main software entries !!! KMA look at the disallowed area - all those websites I couldnt load up! Hey wait (!!!); if these are the disallowed

spyware programs this list must have a good list of spyware programs for us to use
!! Muhaha !

Then I did a search in files fot tdss - deleted (after moving !) all of em (mostly system32 dlls).

I also see that tdss is in a list of browser addons (under manage addons:),
Mscorews.dll and msadco.dll. The last one is ligit but I just disabled it; also
wuweb.dll; search assistant addons. All this crap relates to these browser addons,
and tdss was not found in the addon list but it was still being used. I deleted
the search assistant entries in ACMru (Again these are manual registry deletions).

I also couldnt get rid of all the tdss registry entries; I did get the most
important one, the program entries with dissallowed sites; GONZO !

Oh, and I added this site to my favorites !

Now here are some other important things to check.

Delete all prefetch files and everything in Docs/set Temp, then check those

directories for odd files. I always look at the date and time when somethin goes awry with my computer and that helps.

Export the registry after running malaware etc. Good luck.

Can’t find file named TDSSserv.sys.

Can someone in simple terms explain to a rookie what is the next approach to removing this trojan?

Donny suggested:
You might want to go to your system 32 files, and click on date modified, scroll down to the latest date and see if the tdssserv. files or anything that is related to it is still there. I cut and pasted them to my desk-top then deleted them all.

where do you find system 32 files. Was anyone else succesful with this recommendation.

Help………………
I need play by play instructions…………

One more thing ! Thanks Mike !! Disabling TDSSserv did the trick - I have my search engines back, and go.google.com is gonna here from me.

That disallowed list I mentioned is a list of programs that prevent from running on your computer, or even installing !! Now I am trying MBam !

Thanks !

One more thing - in the windows registry if you cant delete any legacy tdss files, right click on permissions; hopefully you have admin rights, click full permission then delete the entry !

Rima, Folow Mike’s instructins above to ‘disable’ the non plug and play device called TDSSserv !

MrZ

Also - I couldnt get permissions on some of the files because the name of the user

was missing ! Just add the user you are logged into maybe - I accidently used my

other one I havnt used yet and I got the permissions boxes to open up! Good Luck!

LMBO TDSS is loading again into my system - I need to logoff

Mike, you’re a god. Thanks for the great suggestion to disable the TDSS file.

Mike your the man……. its working. If you have que you can ask me anything you want thx man

One more time - how should a computer novice find the
file named TDSSserv.sys. (it is not showing up on Non-plug and play drivers).

If possible - I need “play by play” instructions.

Thanks so much.

you have to go on Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices. then click it and disable

by the way after disable device called TDSSserv (mike´s ideea) you may still find some threat my Malwarebytes find 5 in C:\system Volume information\_restore{….. this files are probabily what was left in the restore volume however you have to scan fully to find them coz a quik scan wont do you any good. a.. mrzeta can you tell me how you delete all TDSSserv from regedit some of thm are still there and i cant delete them Jesus this is a hell of a spyware…

!!! mrzeta !!!!

by tha way again how did you get there??

…..Now I found the main software entries !!! KMA look at the disallowed area - all those websites I couldnt load up! Hey wait (!!!); if these are the disallowed ………..

I used CureIt and Malwarebytes to get rid of this problem. Thank you Bill for the tips. Found this page on Google.

As I indicated the other day - couldn’t find the TDSServ.sys files in Non-plug and Play Drivers.

My niece suggested that I download Malwarebytes: (see link below) This software found the Trojan virus and worked like a charm. Phew!!!!!!!!!

Btw, if you blocked from downloading Malwarebytes - You should use firefox, not IE.

http://www.precisesecurity.com/tools-resources/adware-tools/malwarebytes-anti-malware/

Thank you so much!! You saved me from a whole lot of pain!
I was ready to reinstall Windows.

Mike, you da man !!!! I was just minutes away from the “reformatting hard drive” fix when I came upon your solution. After several days and many hours of frustration your advice worked like a charm. Thanks a million. All systems go.

hey I am having all the same symptoms of this TDSSserv.sys problem. I have done a complete fresh windows XP install and I am still having all the symptoms. Any suggestions?

Thank you! Finally this thing is gone.

Thank you every much. The sick feeling I had the last few days has gone away. This site is a must for now on.

:thumbup:

I forgot to add that I was not able to defrag, start in safe mode or get to the windows update page until the fix.

Thanks again!

Thanks for all the good advice. The DR Web scanner has picked up viruses that none of the other AV programs I tried found. This fixed the go.google redirect problem immediately.

I did follow the additional advice of disabling the TDSSERV.SYS as well.

Thanks so much!!! I can put the razor blades away!!!!!!!

Do I need go back and enable the TDSSserve after I run my antivirus??

Thanks Mike, your advice really saved me!

Thx Mike!
Good question Mark. Enable the TDSSserve after the cleaning operation??.

IF YOU CAN’T FIND TDSSSERVE:

If you are looking through Non-Plug and Play, but don’t see TDSSserve, go to Action > Scan for Hardware Changes. This made it appear on the list for me.

Thanks so much to #4, Mike! <3

Thankyou so much mike, its funny that everytime something like this happens to me, i always find the answer on a message board. Its working so far now, and does anyone know a great virus protection program to insure that this does not happen again?

Mike, Thanks for the hint. I was planning to re-install XP and you save me many hours fixing my PC. I am curious. How did you find out about TDSSserv.sys?

Mike (msg #4) saves the day!
ran Ad-aware (full version) and caught it, but had to go into system 32 and delete recalcitrant TDSS files. i bought the Ad-Aware after the free Malwarebytes ran for 1/2 hour and caught nothing…. damn, this sucker stinks. all i can say is: go google and go yahoo can go google and yahoo themselves…

THANKS MIKE

msg #1 worked for me. Thanks.

Mike - Msg #4 saved my day and Christmas! I had spent 7-8 hrs trying to remove Spyware Guard 2008. I was ready to call it quits and reformat my hard drive when I realized my browser had been taken over by go-dot-google. Since I was not able to browse using google, I changed to AltaVista, was able to browse the internet, and found this post. I manually disabled the “TDSSserv.sys” file per your instructions, then was able to download and run the free Malwarebytes Anti-Malware program. This program kept hanging during the download prior to disabling the tdsserv.sys file. Malwarebytes found 93 files (trojans,malware, etc…) and removed them.

I now have my system back! THANK YOU!

Mike, I love you more than life itself.

Thanks! Been seeing this alot lately in repairs

Recommend virus scanners pick up on this little tip!!!!!!

Thanks very much Mike, your advice saved my life almost. ive been trying for days now to get rid of this nasty virus.
/Fredrik, Falun - Sweden

MIKE!!!!!!!! YOU ROCK!!!!!!!!!!

MIKE my hero!!!! THX A LOT!!!

Mike, you are a genius and a lifesaver!! Thank you!!!

Mike,

Your suggestion did the trick. Thanks… Mcafee killed it within seconds after I disabled the TDSSserv.sys. But how did I get it in the first place. I run mcafee and spybot and neither picked it up on its way in??? UK.

Ok Im all fired up at this POS trojan! I followed instructions but its not located in the non-plug and play drivers….I was able to run spyware doctor and at first had 17 threats and under the TDSS one there were 52 then after running once and rebooting there were still 9. I looked at the registry when I ran the doctor…and 5 were in C;/windows/system 32 and 3 were in the Hkey local machine system control set 003 and 004 etc. How do I find these now (I tried a search in safe mode and took forever so I stopped). Please Help!! Its friggen 2:30 am and Im pissed!!!

OK Ive taken the harddrive out and ran a scan in another computer treating the infected one as a slave. Found one trogan after 2.5 hours of scanning. There is no existance of TDSserve on this system. Is there another one in the ysstem that is called something else? Cannot even load any malware software even in safe mode

OK Here’s what had to be done to get my system back up.
I did not have the TDSSserve file (I’ll tell you how I found out)
I downloaded Malwarebytes to a flash drive and tried to run it on the infected comp. No luck…wouldn’t even start - even in safe mode which kind of scared me.In fact, I tried a bunch of different malware killers but no luck. So, I took the drive out of the computer and put it on an old back up computer and looked at the infected drive as a slave. I used the old computer with malwarebytes to hunt down any infections on the slave. It found 17 trojans that McAfee couldn’t or wouldn’t see When this was done, I reinstalled the drive back into the primary computer. (I unplugged the network cable) I then tried to run malwarebytes again and nothing. Next I went for the big guns… I went to bleepingcomputers.com and downloaded combofix.exe onto another flashdrive. I copied combo to my desktop and renamed it CB (you can call it what you want) I ran it and it found 37 chunks of garbage lurking in the system32 files. NOT ONE MALICIOUS FILE WAS TDSSERVE! After this went through its course I ran malwarebytes which started right up and the computer is clean. A bit of advice…it doesn’t help to scream cry swear etc. Keep your cool and you will figure it out.

MAN I still have the same problem I looked for the TDSserver it wasnt rather downloaded malwarebytes and XoftSpySe and still no luck can someone help me out?

I can’t find the
TDSS file I can’t download Malwarbytes and this went right through my McAfee. I need to do my taxes and don’t dare as long as this is here I have two harddrives one a slave one not. I am running XP with IE 8. I also have Safarie and FF loaded and it redirects in both of them. Please help I am not good at computers but I follow directions well. Mike I look for that file in Non Plug and play unless it is named something else it is not there. Somebody help. Why do I pay big money for antivirus programs if they aren’t going to help. This seem to let me load Malwarebyes but not run it.

I’ve been having this same prob w/ search redirecting it doesn’t matter which browser I use IE, firefox, safari, etc. Tried to find the TDSS under non plug and play but it wasn’t there however I noticed another entry called Serial, disabled that just for grins, tried google again and no more bs redirecting anymore, now I just need to figure out how to get the junk off my pc.

Same problem here. I’ve been trying to get rid of this for two days now. I looked for and could not find TDSServ.sys file as directed. Using my work pc and emailing to my home pc, I was able to download and run AVG and Malwarebytes. AVG found only 5 bad files where MW found 27. Cleaned all of them and it did something but didn’t get rid of it. Now I’m just redirected to a different search enging then before and still can’t get to any spyware/security sites. Any help would be greatly appreciated.

I seem to have an updated version of this hijack, I can’t even get into device manager, all attempts to find or install software are blocked along with any websites related to software fixes… any ideas? :P

I’ve tried everything to find the TDSSserv.sys including the scan for hardware changes and i still can’t find it. Is there any other hardware you can disable that will help?

Also i seem to have problems with serial and npkcrypt. Why have they stopped working?