So I had the same issue and used this forum among many others to try and solve the problem and it turned out to be easier than any of the steps provided for in any forum.
Follow this step by step and your computer will be back to normal.
1. Download malwarebyte (latest version with all the updates) on a good computer. 2. Put it on a flash drive 3. Transfer it to the infected computer 4. Rename the file to setup.exe 5. Run the setup.exe file 6. Rename the directory it's installing to as Malware and rename the folder as Malware too in the installation setup screen 7. When it gets to the final step of the installation it will seem like it froze....it hasn't but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing. 8. Go into the Malware folder in through Program Files 9. Rename the mamb.exe or what not file to mab.exe and run it. 10. Do a full computer scan 11. It should bring up 10-20 viruses most of which are the source of this problem the TDSS trojan virus. 12. Check all and remove/fix/delete them. 13. Restart your computer and you should be back to normal.
I would also update your virus protection, clean house in your computer and get rid of all unused software and run a disk defragment.
Morgan has the TDSS Trojon been completly removed with the posted formula from your computer?? I myself was infected lastnight, is this a new virus? I have not tried anything yet, did not want to make any hasty decisions to only end up completly crapping out the entire laptop. Any info would surely be appreciated by anyone who can help me erradicate this from my computer. Do the people out there have anything better to do with there time other than being a bunch of menaces on society!!!!!!!!!!!!!!
It turns out that when I went into safe mode, I didn't notice I had Administrator as an account. I logged onto that, did what virusbuster posted, and Malwarebytes launched.
The scan took almost 2 hours, and it only found 3 main viruses/trojans, all of them were related to TDSS.
I'm thinking of doing a scan in my regular mode (not safe mode) right now. I'm running Opera, since my Firefox didn't seem to work with the virus being on my computer. So far, everything's working like the way it should be.
Edit: I'm running a scan right now on Malwarebytes in regular mode (not safe mode), and here's what happening so far:
There's still the virus because when I re-installed Firefox, it still had the go.google link for every search result. Hopefully, these 10 objects infected are the ones that virusbuster was talking about.
Maybe it'll work for you, solana:
1.) Go in safe mode on your computer (keep pressing F8 before the main Windows screen pops up) 2.) If you see an Administrator account, log onto that 3.) Follow virusbuster's rules step-by-step 4.) Run Malwarebytes (now with the exe name of -> mab.exe) 5.) Wait for it to finish scanning; quarantine and then delete the infected objects 6.) Log back onto your regular mode (not safe), and you should be able to launch Malwarebytes normally now 7.) Do a full/quick scan once again, and you'll see that there are still more viruses/trojans to be deleted
I'll post up what happens after a couple of scans (see if go.google is gone).
1. Download malwarebytes on a clean computer and put on a flash drive. 2. Rename it to setup.exe 3. Drag it onto your infected computer 4. Install it - change the names of both directories to another name - I used "Malwar" - be patient - it gets hung up for a full 10 minutes. 5. After installation - rename the mbam.exe file to mab.exe 6. Reboot into safe mode using F8 7. Log on as administrator 8. Run mab.exe from its directory and wait 2-3 hours for it to finish - remove the infected files - about 4 9. Reboot 10. Run mab.exe from your normal mode 11. Allow it to run 2-3 hours until it finishes - remove about 9 infected files - and it requires a reboot to get rid of some of them. 12. Log back in again - and get your life back.
I went into my C:drive and I saw a new folder named Avenger, and inside were the TDSS dll files. I instantly deleted the folder because it was totally suspicious what with the TDSS name and such. I suggest you do the same. Maybe it's a waste product of the TDSS trojans you got rid of. Still, my computer is working perfectly now, before TDSS attacked it.
And I suggest keeping Malwarebytes for your computer. It's probably the best anti-malware/spyware program now. I also have Spybot on my computer. I've never used Avast, so I can't say much, but my uncle gave me a copy of his ESET NOD32 Business Edition (anti-virus/spyware) and it uses very little resources.
So overall, I have:
ESET NOD32 Business Edition Spybot Malwarebytes
I suggest you update all 3 programs daily or at least every 2 days. They're constantly getting updates that'll help to guard/defend your computer from new viruses and attacks. This Google redirect virus seems to be the newest, most malicious one out there right now. I don't think I've ever gotten this bad of a virus so much that it disabled my computer, and slowed it down too.
I've heard AVG is also good, though the free version is not up to par to the other heavyweights such as NOD32 and Avast. Still, all these aforementioned programs beat out the likes of McAfee and Norton. Those are low-grade programs that uninformed people actually think are good.
Thanks everyone for this post/forum, ive spent the last 7 hours removing this virus. Its one of the craftiest viruses ive ever seen.
Also while i was writing this sentance a saw a command prompt window open and close in front of my eyes so maybe its not over yet....
ALSO i will be getting NOD 32 antivirus after this, iv thought i was too smart to get stung, but now im here and i guess im not!. nod 32 comes highly recommended from various people in the tech industry ive spoken too.
Post Edited (chillicane) : 23-11-2008 06:21:11 GMT
Remember folks. Any time you're running any Anti-Spyware programs & they come up with anything close to being serious be sure to Re-run them until they come up clean. Edit: This was a interesting log to follow including the log that sent me to this one: http://www.bullguard.com/forum/5/I-got-hit-hard-Dont-know-if-th_68112_2.html FIGHT THE POWER
"To be nobody but myself-in a world which is doing its best, night and day, to make you everybody else-means to fight the hardest battle which any human being can fight, and never stop fighting".
Thank you so much. I finally got the software to launch. I could not launch my husband computer in safe-mode so I went to the command prompt and cd to Malware. The program is currentl y running and has found 26 infected objects.
I was having the same problem, but it still isn't fixed. In Safe mode, I changed the Malwarebytes folders/program names which allowed me to execute the malware scan. A bunch of crap came up and i hit the fix button. I rebooted, again in safe mode and scanned again. Now only 2 items keep coming up regarding "userinit.exe". I deleted those, but they came up again upon another reboot in safe mode.
Now, when I start up normally, all I see is my background and my cursor with no Taskbar or desktop icons . I am able to hit Ctrl+Alt+Del to bring up the task manager but I am unable to do anything else. Any Ideas on how to fix this at this problem?
Please connect all your external hard drive/flash drive before running Combofix
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.