If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Last monday for some reason every time I would go to Google, MSN or Yahoo to do a search I was brought up results. However when you click on these results they go to adsense / ad sites encouraging you to click.
After looking in my status bar over the links I noticed that went to something called Go.Google I highly doubt this is a google service but it did seem a tad fishy. Basically I could not look up any information on how to remove it either because the results are brought up.
However if I knew a direct website url I could go to any website I wanted. I ended up going onto another PC and searching for go.google malware removal and I found a site which had the basic instructions on how to remove it.
Here is how:
Awnser to the problem guys…. worked for me….
1.Go to http://www.download.com in the search bar.
2.Search for Malwarebytes.
3.Download the version there (try using firefox because the download manager on IE7 gets infected)
4.When downloaded, install and check for updates.
5.Run the scan which will last approx 30 mins.
6.When you finish this, remove it all and you might be asked to restart your computer.
It worked for me and i had this virus for about a month! Let me know it it helps, thanks guys.
Feel free to ask any quesions.
Some guy named Max posted in and I am grateful he did, I wanted to let you all know about this because I believe some of you may have it and you don’t even know! The real bummer about this malware is nobody seems to know how someone gets it.
I don’t go to any bad sites or anything on my pc’s so I am very interested to know how it first of all got past my full paid version of Eset Smart Security and secondly how-come the only way to remove it is with a specific malware removal tool as the instructions above state.
Any ideas guys?
 | Categories: |
September 29th, 2008 at 12:27 pm
Thanks for the heads up. I haven’t run across this yet, but I am sure I will as I work IT and every new method of spyware shows up on 1 of our pc’s.
September 29th, 2008 at 1:42 pm
Hm, that stinks. It sounds a little like the “XP antivirus software” that was a scam and infects your pc and can only be removed by certain programs.
September 29th, 2008 at 2:21 pm
Strange… glad you got it fixed.
September 29th, 2008 at 11:59 pm
Your Eset smart security might have been sleeping while Mr.Malware entered your PC !
Anyway, good to hear that you got it fixed..
September 30th, 2008 at 1:18 am
Sounds like you’re having a lot of trouble with viruses lately..
Couple questions:
What browser are you using? (hope it’s still not IE6)
What browser should you use? FIREFOX
Do you have any adware programs?
Good adware programs:
AdAware (people say it’s not very good, but I can personally say that it has fixed many computers for me.)
Spybot Search & Destroy: Great 100% free adware program. Currently the only one I have installed on this comp
September 30th, 2008 at 10:09 am
I used it and was really surprised it found 12 trojan.
Using Firefox and BitDefender since years now but it seems I have to find some more tools
I think I’ll use it more often
Thanks for the tip.
October 12th, 2008 at 6:59 pm
Wow, I’m really suprised to hear it got by Eset’s Smart Security. It’s probably the best antivirus software out there. Did Eset pick up anything when you did a full scan? I’m not suprised Malwarebytes knocked it out though. I use it often and just gave it a rave review. I’d also recommend, if you’re using Internet Explorer, surfing in a sandbox. I’d recommend the free SafeSpace.
October 13th, 2008 at 6:14 pm
Had the same issue above. did not know what was causing it to get redirected. ran the program and now works fine. Thanks
October 17th, 2008 at 4:13 am
Hi Shannon. Thanks for the tip !! I encountered the same problem last night & I have spent all night & day trying to figure a way to fix it…but to no avail!
This nasty spam totally blocked all online anti-spyware scanning sites on the Internet (they’d return a page cannot be displayed message or start playing music on the background…it was really weird). Plus, I couldnt even update my antivirus or any of the antispam software that I had! In fact, I wasn’t even able to update this Malwarebytes after installing it. But seeing that the latest update was 9th Sept ‘08, I figured I’d just give it a try since its pretty recent. Voila!!! It worked! Right after rebooting, everything was back to normal. I quickly updated Malwarebyte to the latest definition & now I can browse any site normally. Phew!!!
Now, that leaves with the same question that you have. Where did it come from??? I’m an IT person myself & I am very careful at installing softwares & browsing too. Hmmmm….anybody else got an idea?
October 26th, 2008 at 9:56 pm
Thank you so much for this tip. I wrestled with my computer for a week…tried many different antivirus programs with no avail, but after my first (hour-long) scan with Malwarebytes my computer was cured.
October 31st, 2008 at 2:26 am
i had the go.google thing for 3 weeks and a go.yahoo thing
Norton 360 never found it didnt help at all
followed your directions, it worked
this virus or malware, whatever was a pain in the butt
thank you for posting and doing what you do
November 5th, 2008 at 10:21 am
Hmm! You are about prevention from malwares and its removal. So that I favor to use http://www.search-and-destroy.com which facilitates me more.
November 14th, 2008 at 12:56 pm
tried ,malaware/search and destroy downloads…once I downLoaded them i try to run the sw and get an error message “cannot connect to server”…seems the go.google virus may now recognize its enemy…lol…any suggestions? any off line retail products i can buy? maybe running from a cd will help.
will rolling back the computer to earlier date help?
or
i have a recovery cd disk , how do i “start over” what function keys and what steps should i take? I have nothing that i cant live without on the computer now….so a clean slate/start may be the answer…
thanks and looking for your help!
November 14th, 2008 at 9:01 pm
Anyone else unable to run the Malawarebytes, or any other software after installing it?
November 15th, 2008 at 1:49 am
Malwarebytes freezes up, even when originally downloaded with Foxfire :’(
November 16th, 2008 at 4:27 am
I was having problems running Malwarebytes and any other antivirus/malware program to try to gain back control of my pc. This is how I solved it (after working on it for about 5 hours). I hope it saves someone some time, or a format:
1) Go to the link below on an uninfected computer. Download the .zip rootkit tool to a thumb drive.
http://www.free-av.com/en/tools/4/avira_antirootkit_tool.html
2) Then download a second file, linked below, to the desktop of the uninfected computer.
http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
3) Insert a CD in the writable CD drive. Click the file and it will make a bootable “Rescue” CD with an antivirus scanner.
http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
4) Take your thumb drive and your bootable CD to the infected computer.
5) Copy the .zipped file on the thumb drive to the infected PC. Unzip it. Go to Start>Programs and you will see Avira Rootkit Detection installed as a new program. Run it. It will report back that its has found several HIDDEN files in c:/windows/ststem32 with names that begin “tdss”. It will also find one in c:/windows/system32/drivers that also begins “tdss”. Choose the option to repair or fix (I can’t remmber which), then reboot.
6) After you reboot (and assuming your PC first tries to boot from the CD drive, rather than an older floppy drive), insert the CD in the CD drive. Then shut the computer off again. Then reboot.
7) After rebooting from the CD drive the antivirus will start. Choose the option for English. (You can toggle between English and German using the space bar on your keyboard.) Choose the option to “rename” the infected files if it can’t fix or delete them.
Once the second program is done you will be able to run Malwarebytes, and your usual antivirus software. And do so, because they will find other infections.
November 16th, 2008 at 8:20 am
Browser redirects to go.google/go.yahoo/go.msn
Symptoms: Slow internet search, text fonts in Google are bigger than normal, redirected to go.google/go.yahoo/go.msn and then on to advertisements after clicking on links on Google page, unable to download any anti-spyware downloads, unable to download Microsoft’s malware program (says page is unavailable), unable to go to many trouble-shooting help forums and download pages (says pages are unavailable or that there is no internet connection), Malwarebytes and other malware programs will not run (they freeze up during the install)
After fighting with this for 2 days, I finally found the following solution posted (worked on 11/16/08):
Go to http://www.freedrweb.com/cureit/ for free (you will have to do this on another computer, because the malware will not let you do it on the infected computer), download the program on a jump drive, and then run on the infected computer.
It worked for me, my computer is back to normal (after cureit deleted a tdssxxom file in Windows/System32/drivers)!!!
To whomever posted the solution originally, thank you!!!!
November 16th, 2008 at 4:20 pm
For anyone who cant run MalwareBytes or XoftSpySE (which seems to be working) you have to download from another computer, move it over, and install it. After that (some will crash on install (Xoft - kill process after it hangs)), you rename the main exe file to something else - like asdfasfd.exe. Then double click the program to run it. Then these tools will work. This virus is NASTY. I’m in the process of removing it with Xoft now, and it detected all those tds* files.
Good luck, and lets hope this thing doesn’t mutate…
November 16th, 2008 at 4:25 pm
Word of note, XoftSpySE requires a paid registration to clean up the files. I didn’t know that on the orignal post, figured it was freeware… Apologies…
November 16th, 2008 at 4:43 pm
Malware Bytes seems to have fixed it (remember to rename that exe to get it to run). My hover links show up corrrect, and no more go.google.com. This all seems to be related to Antivirus 2009, which installed itself somehow a few days ago - and was removed by malwarebtyes….
It would be nice to know where this came from, so I can prevent another infection. I hope this information help someone out there.
November 16th, 2008 at 7:31 pm
Thanks for the information. I cleaned up the same malware using Malwarebytes’ anti-malware product, but I have a few tips that may help.
The version of the malware I had was a little smart so it didn’t let me run the installation file “mbam-setup.exe”. Quick fix for this is the change the file name to something else and run it. After installation it’s the same story. When you click on the program shortcut it doesn’t start because the malware blocks it. In this case go to the program files folder that malwarebytes is installed (C:\Program Files\Malwarebytes’ Anti-Malware), copy mbam.exe, save it with a different name and run that version instead.
Also, first I tried to run the software in safe mode but it didn’t detect anything for some reason. After running it in normal mode it found 6 entries and asked permission to clean them at the next system start-up.
Good luck
November 16th, 2008 at 8:01 pm
Congratulation Charles ! You have the good method.
I spent the whole week end trying to get rid of the go.google nightmare.
MalwareBytes installation was blocked by the virus.
By renaming the mbam-setup.exe to another name, it can be installed. Likewise, once installed, you rename the main exe file to whatever, like dummy.exe and bingo !
I could find many instances of tdss* ugly things, that could be removed.
all con’t be removed, but MalwareBytes stores a list of the files to remove, and by rebooting, you get rid of them.
Note that MalwareBytes is rather slow, so be patient !!
XoftSpySE has also found many instances of the virus, but you have to pay to get it remove them….
I had Kaspersky 7.0, it didn’t find the virus, but it seems that its proactive defense managed to block most of its activity..
Good luck to those who are infected !
bablaet
November 17th, 2008 at 7:32 pm
It looks like I’m fixed!!!
I had just about given up and was going to call Geek Squad or some pro to help me.
I tried XoftSPySE, SuperAntiSpyware, SpyBot, Malwarebytes - and then ComboFix - the first 4 would never run, EVEN THOUGH I RENAMED ALL OF THEM, or I would be told I had no connection, or some other error message. ComboFix seemed to be the one that worked, even though it also told me when I first started that I wasn’t connected to the internet (I was). Here is the link to the instructions that worked for me: http://forums.majorgeeks.com/showthread.php?t=35407. I had to use another computer to print all the instructions (make sure to print the ones for each program within the instructions for your operating system), saved everything to a jump drive (with new names) and brought it home. I kept going through them even though the first several steps did not work. The only things that my computer would run were CCLeaner and then ComboFix. I have put in about 20 hours into this little project, so BE PATIENT!
I hope that this works for others that nothing else seems to. What a nasty little bug this is!!
November 17th, 2008 at 11:21 pm
heres what i found
i got the go.google removed from browser and running malware bytes sw…
i feel i am on my way to solving this!
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world
In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.
November 18th, 2008 at 3:57 pm
Thanks all! I’d been wrestling with this virus for a while. I could install but not activate or update Norton AV; I could get it to run but not a full system scan. When it did run, it didn’t find anything. MalwareByte’s Anti-Malware wouldn’t install at all and Windows Updates wouldn’t connect to their site either. I was able to rename the mbam installation file, got it installed, then renamed the mbam executable, ran it and found and removed multiple tdss.* registry infections. I was able to go into the Device Manager, disable the TDSSserv and was finally able to activate Norton and download updates. I was then able to run a full system scan and Norton found and removed numerous infections, cleaning the system pretty well. Thanks again.
November 19th, 2008 at 5:16 pm
I got a real problem. I was infected with Antivirus 2009, I did not purchase anything as I knew it was spyware. However, my Spydoctor when run flags bad items and removes them but it doesn’t get rid of the whole problem. I have many other scans I have tried to run and this virus has blocked them from running, Ad Aware, Spybot, and Malware Sweeper wont run. I cannot download and run Malwarebytes which has been suggested to fix this virus. Also I’ve opened my task manager and everything there seems to be as it should, yet I am still seriously infected rendering my pc almost useless! I have windows 2000 by the way. I am not computer savey enough to meddle with the registry manually but I’m at my whits end here and don’t know what else to do, any help please….???
November 19th, 2008 at 6:57 pm
Try running CCleaner and ComboFix - I had the same problem, and these are the only programs that would run for me. Download them from another computer and save them to a flash drive. When you install them on your computer, change the names to something else.
November 19th, 2008 at 6:58 pm
By the way, I had the AntiVirus 2009 and the go.google virus’s.
November 19th, 2008 at 8:31 pm
Thank you Mike. I’ve been scratching my head for 2 days now trying to figure out where the tdss trojan was hiding. Follow the advice from Mike first then use Malwarebytes, that solved all the Antivirus 2009 issues as well as the go.google & tdss virus. Wow…that was an insidious malware. Blocked all updates, downloads/malware antivirus etc. Just wasted 48 hours on that. People who write these things need to be stoned…
November 22nd, 2008 at 3:11 pm
Thank you for this article! I got bombared with these issues too, no idea why or where I could have picked them up, although my status bar didn’t show anything. I used spybot and adaware daily to remove a bunch of malware and cookies that kept showing up, which made me able to get yahoo and google searches to pull up the related content instead of bogus ad pages, but the searches were taking forever to load, go back to etc. Found this page, ran the Malwarebytes program and, voila!, problem solved. Thanks again!!
November 23rd, 2008 at 10:38 pm
Mike,
Thank you very much for your tip about TDSSserv.sys in Device Manager. I have been trying for the last 2 weeks to get rid of antiviruspro2009 and go-google virus. I am now able to run malware bytes and as published by many I might be close to getting rid of the viruses. Mcfee is also now connecting and downloading updates. Thanks again for your Tip. People like you make the world better.
November 24th, 2008 at 11:43 pm
I can’t find the tdss. file in device manager.. could there be any other names?
please help
December 2nd, 2008 at 3:31 am
Was able to download Malwarebytes from cnet, but then couldn’t get it to run until I renamed the .exe file. Read it here, thanks for the tip
December 4th, 2008 at 1:00 am
I know nothing about bits and bytes or my .exe from .ass. Thanks to mike and others, go.google went bye bye
December 8th, 2008 at 8:56 pm
@kevin:
you have to display hidden devices and then go to plug-and-play devices
December 10th, 2008 at 5:11 pm
You guys saved my arsch on this one. I’ve been in IT for quite a few years and this one had me befuddled. Someone went to great lengths when they wrote this to make the interface match WindowsXP, to bury itself so deeply and then to protect itself by hijacking search engine results and not allowing software updates. A full SAV system scan with current definitions found nothing on my machine, btw. Thanks again!
December 11th, 2008 at 3:57 am
We have ever wanted a tool that can do almost everything for us.
December 15th, 2008 at 9:31 pm
Thanks a lot mike!!!! Your solution works perfect
December 16th, 2008 at 11:36 am
I was unable to successfully install and/or run any of the malware programs until disabling that TDSSserv.sys file. Thanks a bunch, I just got this disgusting go.google virus this past weekend. I use Firefox mostly but was using IE recently to test a website for IE compatability. Not sure if I got it through IE or not…
December 23rd, 2008 at 6:58 pm
I had the go.google malware for 2 days and finally did it by renaming the .exe file of malwarebytes. Thought my PC had seen its last days !! If anybody gets a virus called xp antivirus 2008 or 2009 now just system restore IT WORKS !! I tried to system restore when i got the go.google malware but it wouldnt let me do that !! Thanks a bunch guys !!
December 24th, 2008 at 1:00 am
Thanks guys, very very appreciated. Virus are so powerful thoses days and anti-virus solution so weak against new virus. I cannot understand why microsoft don’t patch that!! in fact i can … It’s Microsoft.
December 29th, 2008 at 9:00 am
Google is very catchy in each and every regard.
January 2nd, 2009 at 1:02 pm
Mike! You are a legend!