It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

PROBLEM SOLVED - Google Redirect/Antivurs blocked TDSS Virus Solution

Posted 11/13/2008 2:40 PM
#68208
User avatar

virusbuster08 Member

Date Joined Nov 2016
Total Posts: 3
So I had the same issue and used this forum among many others to try and solve the problem and it turned out to be easier than any of the steps provided for in any forum. <br/> <br/>Follow this step by step and your computer will be back to normal. <br/> <br/>1. Download malwarebyte (latest version with all the updates) on a good computer. <br/>2. Put it on a flash drive <br/>3. Transfer it to the infected computer <br/>4. Rename the file to setup.exe <br/>5. Run the setup.exe file <br/>6. Rename the directory it's installing to as Malware and rename the folder as Malware too in the installation setup screen <br/>7. When it gets to the final step of the installation it will seem like it froze....it hasn't but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing. <br/>8. Go into the Malware folder in through Program Files <br/>9. Rename the mamb.exe or what not file to mab.exe and run it. <br/>10. Do a full computer scan <br/>11. It should bring up 10-20 viruses most of which are the source of this problem the TDSS trojan virus. <br/>12. Check all and remove/fix/delete them. <br/>13. Restart your computer and you should be back to normal. <br/> <br/>I would also update your virus protection, clean house in your computer and get rid of all unused software and run a disk defragment.
Posted 11/13/2008 5:28 PM
#68216
User avatar

Ecstasy Valued member

Date Joined Nov 2016
Total Posts: 13
So the main point is to make it run as a different name other than Malwarebytes? <br/> <br/>Is it because the virus can detect Malwarebytes and stops it from launching? <br/> <br/> <br/>That's the problem I'm having. I'll try this when I get home.
Posted 11/13/2008 5:42 PM
#68218
User avatar

virusbuster08 Member

Date Joined Nov 2016
Total Posts: 3
Yea. It seems like the virus only has the programs listed by name. So rename everything i listed above...the install file, the folders and the exe file and it should run. <br/> <br/>Malwarebyte is the only thing that will remove it.
Posted 11/13/2008 9:09 PM
#68221
User avatar

Ecstasy Valued member

Date Joined Nov 2016
Total Posts: 13
Thank you very much. <br/> <br/>I'll try this once I get home. <br/> <br/>It's strange going home from school and actually doing homework rather than procrastinating with your computer, huh? lol <br/> <br/>Seems like I get more work done without my computer interrupting me.
Posted 11/13/2008 11:23 PM
#68224
User avatar

marybethg2312 Member

Date Joined Nov 2016
Total Posts: 3
Worked like a charm..Thank you for posting!!!
Posted 11/14/2008 10:18 AM
#68232
User avatar

solana Valued member

Date Joined Nov 2016
Total Posts: 25
Virusbuster - <br/> <br/>This is simply the best idea I've read (and I've spent probably 12 hours working on this problem over the past few days). I'll let you know how it goes.
Posted 11/14/2008 12:38 PM
#68237
User avatar

Ecstasy Valued member

Date Joined Nov 2016
Total Posts: 13
solana, could you also post in here how it went? <br/> <br/>I've yet to come home and try this method out. <br/> <br/> <br/>If it works for you, it'll most likely work for me, considering how we have almost identical problems.
Posted 11/14/2008 2:03 PM
#68243
User avatar

morgan1 Member

Date Joined Nov 2016
Total Posts: 2
hey i have the exact same problem and i tried your method <br/>the installation worked but when i renamed the file to mab.exe and opened it, it still wouldnt open... <br/> <br/>am i doing something wrong or?...
Posted 11/14/2008 2:06 PM
#68244
User avatar

morgan1 Member

Date Joined Nov 2016
Total Posts: 2
scratch that.. it just opened :)
Posted 11/14/2008 5:43 PM
#68250
User avatar

usmc1868 Member

Date Joined Nov 2016
Total Posts: 1
Morgan has the TDSS Trojon been completly removed with the posted formula from your computer?? I myself was infected lastnight, is this a new virus? I have not tried anything yet, did not want to make any hasty decisions to only end up completly crapping out the entire laptop. Any info would surely be appreciated by anyone who can help me erradicate this from my computer. Do the people out there have anything better to do with there time other than being a bunch of menaces on society!!!!!!!!!!!!!!
Posted 11/14/2008 11:43 PM
#68259
User avatar

Ecstasy Valued member

Date Joined Nov 2016
Total Posts: 13
virusbuster, I did everything that you wrote out. <br/> <br/>When I finished installing Malwarebytes, it asked if I want to Update/Launch. Do I leave those checked? <br/> <br/>I left them checked, and Malwarebytes still didn't launch. <br/> <br/>And also, I renamed mbam.exe to mab.exe, but it still didn't launch, but it's in Processes (task manager). <br/> <br/>User image <br/>User image <br/>User image <br/> <br/>Links to screenshots: <br/>http://i35.tinypic.com/r0r311.jpg <br/>http://i33.tinypic.com/68ey6x.jpg <br/>http://i38.tinypic.com/nleb20.jpg <br/> <br/>It still wouldn't launch. Any help?
Posted 11/15/2008 12:45 AM
#68261
User avatar

solana Valued member

Date Joined Nov 2016
Total Posts: 25
Ecstasy - <br/> <br/>Exact same outcome here. And I was hopeful! I'm letting it run in hopes that it will eventually open up and do its thing (the installation took a solid 10 minutes before it was done) <br/> <br/>I'm really ready to wipe my harddrive and be done with this. I backed up all the family photos last night. This weekend - one way or another - I'm going to be rid of this thing. <br/> <br/>I'll post back if it runs.
Posted 11/15/2008 3:17 AM
#68262
User avatar

Ecstasy Valued member

Date Joined Nov 2016
Total Posts: 13
Well, solana, hopefully, it works out for you. <br/> <br/>It turns out that when I went into safe mode, I didn't notice I had Administrator as an account. I logged onto that, did what virusbuster posted, and Malwarebytes launched. <br/> <br/>The scan took almost 2 hours, and it only found 3 main viruses/trojans, all of them were related to TDSS. <br/> <br/>I'm thinking of doing a scan in my regular mode (not safe mode) right now. I'm running Opera, since my Firefox didn't seem to work with the virus being on my computer. So far, everything's working like the way it should be. <br/> <br/> <br/>Edit: Spybot is not launching. Hmm, strange.
Posted 11/15/2008 3:31 AM
#68263
User avatar

Ecstasy Valued member

Date Joined Nov 2016
Total Posts: 13
Edit: I'm running a scan right now on Malwarebytes in regular mode (not safe mode), and here's what happening so far: <br/> <br/>User image <br/> <br/>Link: http://i36.tinypic.com/fxxoar.jpg <br/> <br/> <br/>There's still the virus because when I re-installed Firefox, it still had the go.google link for every search result. Hopefully, these 10 objects infected are the ones that virusbuster was talking about. <br/> <br/> <br/>Maybe it'll work for you, solana: <br/> <br/>1.) Go in safe mode on your computer (keep pressing F8 before the main Windows screen pops up) <br/>2.) If you see an Administrator account, log onto that <br/>3.) Follow virusbuster's rules step-by-step <br/>4.) Run Malwarebytes (now with the exe name of -> mab.exe) <br/>5.) Wait for it to finish scanning; quarantine and then delete the infected objects <br/>6.) Log back onto your regular mode (not safe), and you should be able to launch Malwarebytes normally now <br/>7.) Do a full/quick scan once again, and you'll see that there are still more viruses/trojans to be deleted <br/> <br/>I'll post up what happens after a couple of scans (see if go.google is gone).
Posted 11/15/2008 4:05 AM
#68265
User avatar

Ecstasy Valued member

Date Joined Nov 2016
Total Posts: 13
And sorry for triple post, but my Firefox is now working as opposed to before when it wouldn't even launch (probably because of the virus). <br/> <br/>I'll let you know how it goes after a couple of scans. <br/> <br/>Edit: Here's the results of a quick scan on Malwarebytes: <br/> <br/>User image
Posted 11/15/2008 12:25 PM
#68286
User avatar

solana Valued member

Date Joined Nov 2016
Total Posts: 25
Ecstasy - <br/> <br/>Running Malwarebytes in safe mode under the administrator WORKED! Yahoo! <br/> <br/>I'm going to try running it in normal mode now - <br/> <br/>Thank you both for this help!
Posted 11/15/2008 3:02 PM
#68293
User avatar

solana Valued member

Date Joined Nov 2016
Total Posts: 25
Free at last - free at last! <br/> <br/>To summarize: <br/> <br/>1. Download malwarebytes on a clean computer and put on a flash drive. <br/>2. Rename it to setup.exe <br/>3. Drag it onto your infected computer <br/>4. Install it - change the names of both directories to another name - I used "Malwar" - be patient - it gets hung up for a full 10 minutes. <br/>5. After installation - rename the mbam.exe file to mab.exe <br/>6. Reboot into safe mode using F8 <br/>7. Log on as administrator <br/>8. Run mab.exe from its directory and wait 2-3 hours for it to finish - remove the infected files - about 4 <br/>9. Reboot <br/>10. Run mab.exe from your normal mode <br/>11. Allow it to run 2-3 hours until it finishes - remove about 9 infected files - and it requires a reboot to get rid of some of them. <br/>12. Log back in again - and get your life back. <br/> <br/>Touch, VirusBuster and Ecstasy - <br/> <br/>Much appreciated!
Posted 11/15/2008 3:06 PM
#68295
User avatar

solana Valued member

Date Joined Nov 2016
Total Posts: 25
And now - can someone give me a really good recommendation for a program that will prevent this from ever happening again? I'm running Avast - and clearly, its not up to snuff.
Posted 11/15/2008 11:43 PM
#68315
User avatar

Ecstasy Valued member

Date Joined Nov 2016
Total Posts: 13
I'm glad it worked out for you, solana. <br/> <br/>I went into my C:drive and I saw a new folder named Avenger, and inside were the TDSS dll files. I instantly deleted the folder because it was totally suspicious what with the TDSS name and such. I suggest you do the same. Maybe it's a waste product of the TDSS trojans you got rid of. Still, my computer is working perfectly now, before TDSS attacked it. <br/> <br/>And I suggest keeping Malwarebytes for your computer. It's probably the best anti-malware/spyware program now. I also have Spybot on my computer. I've never used Avast, so I can't say much, but my uncle gave me a copy of his ESET NOD32 Business Edition (anti-virus/spyware) and it uses very little resources. <br/> <br/>So overall, I have: <br/> <br/>ESET NOD32 Business Edition <br/>Spybot <br/>Malwarebytes <br/> <br/>I suggest you update all 3 programs daily or at least every 2 days. They're constantly getting updates that'll help to guard/defend your computer from new viruses and attacks. This Google redirect virus seems to be the newest, most malicious one out there right now. I don't think I've ever gotten this bad of a virus so much that it disabled my computer, and slowed it down too. <br/> <br/>I've heard AVG is also good, though the free version is not up to par to the other heavyweights such as NOD32 and Avast. Still, all these aforementioned programs beat out the likes of McAfee and Norton. Those are low-grade programs that uninformed people actually think are good.
Posted 11/19/2008 9:16 PM
#68565
User avatar

virusbuster08 Member

Date Joined Nov 2016
Total Posts: 3
Hi sorry I haven't been on since the day I posted it. Completely forgot. <br/> <br/>As for the safe mode, I did it through safe mode but forgot to post that here. <br/> <br/>The only thing is that I did not have any avenger folder, that could just be the name/program/downlod that your trojan infected your comp under. <br/> <br/>Glad this helped somewhat.
Posted 11/23/2008 6:16 AM
#68794
User avatar

chillicane Member

Date Joined Nov 2016
Total Posts: 1
Thanks everyone for this post/forum, ive spent the last 7 hours removing this virus. Its one of the craftiest viruses ive ever seen. <br/> <br/>Also while i was writing this sentance a saw a command prompt window open and close in front of my eyes so maybe its not over yet.... <br/> <br/>ALSO i will be getting NOD 32 antivirus after this, iv thought i was too smart to get stung, but now im here and i guess im not!. <br/>nod 32 comes highly recommended from various people in the tech industry ive spoken too.
Posted 11/23/2008 6:26 PM
#68821
User avatar

MeadowMuffin Valued member

Date Joined Nov 2016
Total Posts: 17
Remember folks. Any time you're running any Anti-Spyware programs & they come up with anything close to being serious be sure to Re-run them until they come up clean. <br/>Edit: This was a interesting log to follow including the log that sent me to this one: <br/>http://www.bullguard.com/forum/5/I-got-hit-hard-Dont-know-if-th_68112_2.html
Posted 11/30/2008 11:46 PM
#69210
User avatar

Debora Member

Date Joined Nov 2016
Total Posts: 1
Thank you so much. I finally got the software to launch. I could not launch my husband computer in safe-mode so I went to the command prompt and cd to Malware. <br/>The program is currentl y running and has found 26 infected objects.
Posted 12/8/2008 5:25 AM
#69601
User avatar

testorck Member

Date Joined Nov 2016
Total Posts: 1
I was having the same problem, but it still isn't fixed. In Safe mode, I changed the Malwarebytes folders/program names which allowed me to execute the malware scan. A bunch of crap came up and i hit the fix button. I rebooted, again in safe mode and scanned again. Now only 2 items keep coming up regarding "userinit.exe". I deleted those, but they came up again upon another reboot in safe mode. <br/> <br/>Now, when I start up normally, all I see is my background and my cursor with no Taskbar or desktop icons . I am able to hit Ctrl+Alt+Del to bring up the task manager but I am unable to do anything else. Any Ideas on how to fix this at this problem?
Posted 12/8/2008 5:35 AM
#69604
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello testorck :smile: <br/> <br/> <br/> <br/> <br/>Reboot to safe mode with network. <br/> <br/> <br/> <br/> <br/> <br/>Then -> <br/> <br/> <br/> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma">Please download Combofix: <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="COLOR: #222222; mso-ansi-language: EN-GB">Http://download.bleepingcomputer.com/subs/combofix.exe<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma">And save to the desktop. <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN">Close all other browser windows. <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 10.0pt; mso-ansi-language: EN-US; mso-bidi-font-family: Arial">Please connect all your external hard drive/flash drive before running Combofix<SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-US"><o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: red; FONT-FAMILY: Verdana; mso-ansi-language: EN">Important-><SPAN lang=EN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN"> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".<SPAN style="mso-spacerun: yes"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Arial"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Double-click on the combofix icon found on your desktop. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. </B><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><SPAN style="mso-spacerun: yes"> <o:p></o:p></B> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><SPAN style="mso-spacerun: yes"> When finished, it will produce a logfile located at C:\combofix.txt. <SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma"><o:p></o:p> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA"> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">Post the contents of that log in your next reply

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 3:23 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.