Yahoo Redirecting Virus...
- Thread starter Warstud
- Start date
- Status
This may help. Basically a manual version of TDSS killer, but sometimes that's the only way that will work. Copied the procedure from another website. Hope it helps.
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit software.
Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit software.
I'm surprised that Malwarebytes and a-squared didn't do it for you. Try a Hitman Pro. Download the free version and I believe if you register it will "fully function" for something like 30 days. Last I checked, Hitman uses the scan engines from G Data, ESET (NOD32), Avira, a-squared AND Prevx.
check your host file under c:\winnt\system32\drivers\etc\hosts.
There really shouldn't be anything in it unless you have spybot or you manually edit it. I've had some that edit the host file and no matter how many times you get rid of it, the host file will keep redirecting you.
Another useful tool is GMer. I like it better than hijackthis.
Some of the spyware/malware even replace .sys files now. Generally if you can get into safe mode, .sys files are unharmed.
Make sure malwarebytes is up to date. download and run rkill. If there are any known processes running, it will kill them and allow you to get a thorough scan with malware.
There really shouldn't be anything in it unless you have spybot or you manually edit it. I've had some that edit the host file and no matter how many times you get rid of it, the host file will keep redirecting you.
Another useful tool is GMer. I like it better than hijackthis.
Some of the spyware/malware even replace .sys files now. Generally if you can get into safe mode, .sys files are unharmed.
Make sure malwarebytes is up to date. download and run rkill. If there are any known processes running, it will kill them and allow you to get a thorough scan with malware.
Still having problems getting rid of this redirecting virus. Threw everything at it but it keeps coming back. Subscribed to STOPzilla and it found a couple trojans but didn't solve the whole problem. Contacted them about it and they said it will be a week before they can work with me...one on one. I can't wait that long.
Re-format and re-install Windows. That was the only thing that worked for me. I went through several antivirus, malware, spyware programs and nothing got rid of my search engine virus. There seems to be different versions of the virus floating around because some people had success with combofix and malwarebytes but other people haven't (such as myself).
Look into a program called Combofix. It removed a Firefox redirecting virus on my fiancee's laptop.
Oh, wait, somebody already mentioned it.
Oh, wait, somebody already mentioned it.
When you get this fixed / solved, install and run sandboxie,it's free and you wont have this problem again.
Stop depending on antivirus programs!!!!
Stop depending on antivirus programs!!!!
I think I finally got rid of this thing. Ran ComboFix and my Stopzilla popped up half way into running it and found a bunch of stuff. So I don't know what one gets credit but I know longer get redirected.... but something seems to be loading up at startup. Possibly the Stopzillas real time protection? I dunno! Thanks Guys.
- Status
