go.google - go.yahoo

69 Responses for "go.google - go.yahoo"

1. Bill November 16th, 2008 at 7:30 pm 1

   Browser redirects to go.google.com/go.yahoo.com/go.msn.com

   Symptoms: Slow internet search, text fonts in Google are bigger than normal, redirected to go.google/go.yahoo/go.msn and then on to advertisements after clicking on links on Google page, unable to download any anti-spyware downloads, unable to download Microsoft’s malware program (says page is unavailable), unable to go to many trouble-shooting help forums and download pages (says pages are unavailable or that there is no internet connection), Malwarebytes and other malware programs will not run (they freeze up during the install)

   After fighting with this for 2 days, I finally found the following solution posted (worked on 11/16/08):

   Go to http://www.freedrweb.com/cureit/ for free (you will have to do this on another computer, because the malware will not let you do it on the infected computer), download the program on a jump drive, and then run on the infected computer.

   Then, after running cureit, you should be able to download and run Malwarebytes to get rid of the remaining residue.

   It worked for me, my computer is back to normal (after cureit deleted a tdssxxom file in Windows/System32/drivers)!!!

   To whomever posted the solution originally, thank you!!!!

2. james November 16th, 2008 at 11:25 pm 2

   this is so-far the best resolution for fixing the hijack that i have stumbled across. thank you so much for the advice

3. Noah November 17th, 2008 at 12:48 am 3

   Thanks, it worked for me when no other antispyware programs would!

4. mike November 17th, 2008 at 11:18 pm 4

   heres what i found

   Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

   Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

   Then search for “TDSSserv.sys”

   Right click on it, and select “Disable”

   Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

   Restart your pc.

   You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.

   Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

   In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.

5. RM November 19th, 2008 at 4:26 am 5

   Mike,

   Thanks very much. I tried your suggestion of disabling the TDSSserv.sys and it worked. It stopped routing to the local computer.Then I downloaded Malwarebytes software after disabling the TDSSser.sys, which I could not download earlier before disabling it. The malwarebytes scanned all the trojans and virus infected files. I deleted all those. Then installed a new AntiVirus software that I bought.

   Thanks very much. I appreciate it.

6. eg November 19th, 2008 at 6:16 pm 6

   I found a suggestion which worked. If the virus isn’t letting you open or run any anti-virus/malware program, rename the setup file. I found when I did it with the Malwarebytes setup file it would actually install. I couldn’t install any anti-virus program because this thing recognized all of them until I tried the rename. I did manage to get rid of the Antivirus2008 malware popup with the free program Avira Antivirus which for some reason loaded while being infected. Malwarebytes did the rest and everything seems back to normal.

7. codie November 20th, 2008 at 4:43 am 7

   Mike,
   Repeated scans and uploading different antivirus via removable drives, disabling sytem restore, starting in safe mode, no luck. Your TDSS disable suggestion saved the day, Dr. web program found the virus 30 seconds into the scan. Thanks,Man.

8. Tina November 20th, 2008 at 2:36 pm 8

   Mike,

   Thanks very much - worked perfectly and easier than all the other solutions.

9. Dave November 20th, 2008 at 10:45 pm 9

   Mike - Nicely done. I’m running the scan now, but I’ve at least been able to access the webpages necessary to get to the scan software. I even tried doing things with a downloaded program onto a thumbdrive … couldn’t get that to work. Fingers crossed, but this seems to be doing the trick. Thankfully I had another computer to use in researching this.

10. Mark November 21st, 2008 at 12:35 pm 10

    Thanks guys! I was trying to get rid of this for days with no help from the guys at AVG. It initially detected the virus but did not stop it completely. Sometimes I wonder what we pay these anti-virus people for? If people on a forum can do it why cant they!!!!!

11. Joe November 23rd, 2008 at 8:33 am 11

    Thax Mike - u really made it simple - now I see that device with yellow exclaimation mark - what should I do with that?

12. CA$H November 23rd, 2008 at 7:28 pm 12

    GOOD LOOKiN OUT MiKE! BEEN TRYiNG 2 FiX THiS 4EVER!

13. mike b November 24th, 2008 at 6:51 pm 13

    I.m still working through this but your suggestion is the only thing that has allowed Malwarebytes to run….fingers crossed it’ll sort it out but I had to thank you for the progress ater days of pulling my hair out. Many thanks!!!

14. J Moz November 24th, 2008 at 9:00 pm 14

    Had similar problem with almost every google or Yahoo search being directed to random spam or even adult pop-ups/sites. However followed Mike’s instructions above (slightly diff as I’m on Vista) but couldn’t find a file named TDSSserv.sys there.

    Any other ideas?

    Cheers

15. Dylan November 25th, 2008 at 4:08 am 15

    Many thanks Mike, your fix did the trick! Cheers

16. Lisa November 25th, 2008 at 4:30 am 16

    Thank you SOOOOOO MUCH Mike, I have been up for hours trying to fix my hubbies computer and your solution worked like a dream!!!! Thank you

17. Rejesh November 25th, 2008 at 8:49 pm 17

    you are awesome. That totally helped me to fix my computer.

18. Kitch November 26th, 2008 at 12:24 am 18

    I have a similar problem,
    but, I can’t open Google, it re-directs me to “Microsoft security” an obvious fake site.
    followed Mike’s instructions above (slightly different- I’m using Vista) but couldn’t find a file named TDSSserv.sys there.

    Thanks.

19. Donny November 27th, 2008 at 12:13 am 19

    You might want to go to your system 32 files, and click on date modified, scroll down to the latest date and see if the tdssserv. files or anything that is related to it is still there. I cut and pasted them to my desk-top then deleted them all.

20. Kam November 27th, 2008 at 1:19 pm 20

    yeah works great, unless your using Vista

21. tony November 28th, 2008 at 1:09 am 21

    i cant find tdss serv.sys ive opened non plug/play drivers and its no where to be seen im on windows xp ,could any one suggest any thing as im not very good on computers and this virus is driving me up the wall
    thanks tony

22. Tom November 28th, 2008 at 8:22 pm 22

    Yup, the tips here saved me from jumping off a tall building…did the Dr. Web first and that got me through the nasty virus attack….thanks all!

23. Seth November 28th, 2008 at 11:40 pm 23

    Thank you Mike! That totally did the trick.

24. Sahil November 29th, 2008 at 8:11 am 24

    I have been trying to fix this problem for so long that I feel like pulling my hair out right now. I can’t seem to get google to stop re-directing me to other sites. Google has become slow and it seems like I just can’t go to any of the websites that I normally am able to go to. I tried Mike’s suggestion but when I get to control panel and click on “system”, it doesn’t even open. I tried and tried and it just doesn’t open. I really need to get this fixed. Please help!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

25. cybersnak November 29th, 2008 at 5:03 pm 25

    thax a lot man :)==*~

26. Jen December 1st, 2008 at 6:47 am 26

    THANK YOU SO MUCH, MIKE!

27. Grayghost December 2nd, 2008 at 12:38 am 27

    Way to go Mike! Bing Bang Boom…done.

28. tito December 2nd, 2008 at 1:38 am 28

    thanks mike, i fought that all weekend to no avail.your fix worked !

29. Mike number 2 December 2nd, 2008 at 1:50 am 29

    Mike.. Like a friggin charm. 1/2 day lost, but not I’m back. thanks again

30. Fortysix&2 December 2nd, 2008 at 3:12 am 30

    Thanks Mike!!! 5 minutes to fix; some of the other sites would have taken hours to fix.

31. robert December 2nd, 2008 at 8:40 pm 31

    Thanks so much Mike. I wish I would have found your suggestion before wasting almost an entire day.

32. mrzeta December 3rd, 2008 at 1:24 am 32

    Hi folks - This frkin problem called page and search engine hijacking is the 2nd worst trojan I have ever encountered. There was ref to 302 exploit and redirects - I couldnt log into any spyware websites etc - my other computer worked thankfully. I think I got slammed of my frikin email site. What happens is that advertizers embed scripts in their ads; my registry get changed and files are added to my system without my permission. This crap really pisses me off and someday I am hacking all those responsible. I let yas know if my problem is solved.

33. mrzeta December 3rd, 2008 at 1:37 am 33

    Hi - I found TDSSserv.sys and also (!!) I never knew about hidden devices…

    I do know about services running so I am gonna look it up now.

    Somethin I noticed - I disable all my remote access stuff - well the drivers i that list are labled as ‘demand’ ; it is like they still can be used even though I shut them down; disabled they go too….I couldnt disable the TAPI one but I tried the other 2.

    Here goes PC restart !!

34. mrzeta December 3rd, 2008 at 2:18 am 34

    Here is the registry entries - I do all mine manually.

    hkey_local_mach, system, controlset001, enum, root, legacy_tdssserv.sys (delete
    this one; its called an active service - I didnt locate it manually my house is
    noisy again tonite.

    Just search tdss in the registry an delete them all AFTER restarting. I am doing this now. Dont run IEXplorer. I have also saves the registry entries should I

    decide to install it on my virus computer lol.

    Now I found the main software entries !!! KMA look at the disallowed area - all those websites I couldnt load up! Hey wait (!!!); if these are the disallowed

    spyware programs this list must have a good list of spyware programs for us to use
    !! Muhaha !

    Then I did a search in files fot tdss - deleted (after moving !) all of em (mostly system32 dlls).

    I also see that tdss is in a list of browser addons (under manage addons:),
    Mscorews.dll and msadco.dll. The last one is ligit but I just disabled it; also
    wuweb.dll; search assistant addons. All this crap relates to these browser addons,
    and tdss was not found in the addon list but it was still being used. I deleted
    the search assistant entries in ACMru (Again these are manual registry deletions).

    I also couldnt get rid of all the tdss registry entries; I did get the most
    important one, the program entries with dissallowed sites; GONZO !

    Oh, and I added this site to my favorites !

    Now here are some other important things to check.

    Delete all prefetch files and everything in Docs/set Temp, then check those

    directories for odd files. I always look at the date and time when somethin goes awry with my computer and that helps.

    Export the registry after running malaware etc. Good luck.

35. Rima Nomolas December 3rd, 2008 at 2:20 am 35

    Can’t find file named TDSSserv.sys.

    Can someone in simple terms explain to a rookie what is the next approach to removing this trojan?

    Donny suggested:
    You might want to go to your system 32 files, and click on date modified, scroll down to the latest date and see if the tdssserv. files or anything that is related to it is still there. I cut and pasted them to my desk-top then deleted them all.

    where do you find system 32 files. Was anyone else succesful with this recommendation.

    Help………………
    I need play by play instructions…………

36. mrzeta December 3rd, 2008 at 2:23 am 36

    One more thing ! Thanks Mike !! Disabling TDSSserv did the trick - I have my search engines back, and go.google.com is gonna here from me.

    That disallowed list I mentioned is a list of programs that prevent from running on your computer, or even installing !! Now I am trying MBam !

    Thanks !

37. mrzeta December 3rd, 2008 at 2:36 am 37

    One more thing - in the windows registry if you cant delete any legacy tdss files, right click on permissions; hopefully you have admin rights, click full permission then delete the entry !

    Rima, Folow Mike’s instructins above to ‘disable’ the non plug and play device called TDSSserv !

    MrZ

38. mrzeta December 3rd, 2008 at 2:43 am 38

    Also - I couldnt get permissions on some of the files because the name of the user

    was missing ! Just add the user you are logged into maybe - I accidently used my

    other one I havnt used yet and I got the permissions boxes to open up! Good Luck!

39. mrzeta December 3rd, 2008 at 2:47 am 39

    LMBO TDSS is loading again into my system - I need to logoff

40. Rick December 3rd, 2008 at 7:34 am 40

    Mike, you’re a god. Thanks for the great suggestion to disable the TDSS file.

41. George December 3rd, 2008 at 11:01 am 41

    Mike your the man……. its working. If you have que you can ask me anything you want thx man

42. Rima Nomolas December 3rd, 2008 at 11:36 am 42

    One more time - how should a computer novice find the
    file named TDSSserv.sys. (it is not showing up on Non-plug and play drivers).

    If possible - I need “play by play” instructions.

    Thanks so much.

43. George December 3rd, 2008 at 11:40 am 43

    you have to go on Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices. then click it and disable

44. George December 3rd, 2008 at 11:55 am 44

    by the way after disable device called TDSSserv (mike´s ideea) you may still find some threat my Malwarebytes find 5 in C:\system Volume information\_restore{….. this files are probabily what was left in the restore volume however you have to scan fully to find them coz a quik scan wont do you any good. a.. mrzeta can you tell me how you delete all TDSSserv from regedit some of thm are still there and i cant delete them Jesus this is a hell of a spyware…

45. George December 3rd, 2008 at 12:12 pm 45

    !!! mrzeta !!!!

    by tha way again how did you get there??

    …..Now I found the main software entries !!! KMA look at the disallowed area - all those websites I couldnt load up! Hey wait (!!!); if these are the disallowed ………..

46. Jason December 3rd, 2008 at 9:15 pm 46

    I used CureIt and Malwarebytes to get rid of this problem. Thank you Bill for the tips. Found this page on Google.

47. Rima Nomolas December 4th, 2008 at 1:45 pm 47

    As I indicated the other day - couldn’t find the TDSServ.sys files in Non-plug and Play Drivers.

    My niece suggested that I download Malwarebytes: (see link below) This software found the Trojan virus and worked like a charm. Phew!!!!!!!!!

    Btw, if you blocked from downloading Malwarebytes - You should use firefox, not IE.

    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

48. Alice December 5th, 2008 at 5:03 pm 48

    Thank you so much!! You saved me from a whole lot of pain!
    I was ready to reinstall Windows.

49. Tom December 6th, 2008 at 1:45 pm 49

    Mike, you da man !!!! I was just minutes away from the “reformatting hard drive” fix when I came upon your solution. After several days and many hours of frustration your advice worked like a charm. Thanks a million. All systems go.

50. Casey J December 6th, 2008 at 11:28 pm 50

    hey I am having all the same symptoms of this TDSSserv.sys problem. I have done a complete fresh windows XP install and I am still having all the symptoms. Any suggestions?

51. Anton December 6th, 2008 at 11:31 pm 51

    Thank you! Finally this thing is gone.

52. Z December 7th, 2008 at 12:48 am 52

    Thank you every much. The sick feeling I had the last few days has gone away. This site is a must for now on.

    :thumbup:

53. Z December 7th, 2008 at 12:56 am 53

    I forgot to add that I was not able to defrag, start in safe mode or get to the windows update page until the fix.

    Thanks again!

54. chuck December 13th, 2008 at 7:56 pm 54

    Thanks for all the good advice. The DR Web scanner has picked up viruses that none of the other AV programs I tried found. This fixed the go.google redirect problem immediately.

    I did follow the additional advice of disabling the TDSSERV.SYS as well.

55. Mark December 14th, 2008 at 6:11 am 55

    Thanks so much!!! I can put the razor blades away!!!!!!!

56. Mark December 14th, 2008 at 6:15 am 56

    Do I need go back and enable the TDSSserve after I run my antivirus??

57. Gordeaux December 14th, 2008 at 1:45 pm 57

    Thanks Mike, your advice really saved me!

58. Anketaros December 15th, 2008 at 12:25 pm 58

    Thx Mike!
    Good question Mark. Enable the TDSSserve after the cleaning operation??.

59. Zelly December 16th, 2008 at 12:34 am 59

    IF YOU CAN’T FIND TDSSSERVE:

    If you are looking through Non-Plug and Play, but don’t see TDSSserve, go to Action > Scan for Hardware Changes. This made it appear on the list for me.

    Thanks so much to #4, Mike! <3

60. Justthegreatone December 18th, 2008 at 5:26 am 60

    Thankyou so much mike, its funny that everytime something like this happens to me, i always find the answer on a message board. Its working so far now, and does anyone know a great virus protection program to insure that this does not happen again?

61. AlainStoon December 19th, 2008 at 1:09 am 61

    Mike, Thanks for the hint. I was planning to re-install XP and you save me many hours fixing my PC. I am curious. How did you find out about TDSSserv.sys?

62. madfluter December 21st, 2008 at 9:02 am 62

    Mike (msg #4) saves the day!
    ran Ad-aware (full version) and caught it, but had to go into system 32 and delete recalcitrant TDSS files. i bought the Ad-Aware after the free Malwarebytes ran for 1/2 hour and caught nothing…. damn, this sucker stinks. all i can say is: go google and go yahoo can go google and yahoo themselves…

    THANKS MIKE

63. terenaam December 24th, 2008 at 1:18 am 63

    msg #1 worked for me. Thanks.

64. Lenmo December 24th, 2008 at 8:38 am 64

    Mike - Msg #4 saved my day and Christmas! I had spent 7-8 hrs trying to remove Spyware Guard 2008. I was ready to call it quits and reformat my hard drive when I realized my browser had been taken over by go-dot-google. Since I was not able to browse using google, I changed to AltaVista, was able to browse the internet, and found this post. I manually disabled the “TDSSserv.sys” file per your instructions, then was able to download and run the free Malwarebytes Anti-Malware program. This program kept hanging during the download prior to disabling the tdsserv.sys file. Malwarebytes found 93 files (trojans,malware, etc…) and removed them.

    I now have my system back! THANK YOU!

65. Mayor McCheese December 28th, 2008 at 4:47 am 65

    Mike, I love you more than life itself.

66. F*** AntiVirus2009 December 28th, 2008 at 4:56 am 66

    Thanks! Been seeing this alot lately in repairs

    Recommend virus scanners pick up on this little tip!!!!!!

67. Fredrik January 2nd, 2009 at 3:33 pm 67

    Thanks very much Mike, your advice saved my life almost. ive been trying for days now to get rid of this nasty virus.
    /Fredrik, Falun - Sweden

68. Cooney January 4th, 2009 at 6:29 am 68

    MIKE!!!!!!!! YOU ROCK!!!!!!!!!!

69. Phil January 6th, 2009 at 3:32 am 69

    MIKE my hero!!!! THX A LOT!!!