Help needed removing Google installer virus please

  Chris Webster 23:19 10 Aug 2009
Locked

Hi,

One of guys who uses the Stock Car Racing forum I am a member of has got the Google installer virus and is having great difficulty removing it.

Any help or pointers in the right direction would be very gratefully received.

Regards, Chris.

  Fruit Bat /\0/\ 23:22 10 Aug 2009
  Chris Webster 23:31 10 Aug 2009

Thank you for the link, I've forwarded it to him.

Regards, Chris.

  birdface 00:27 11 Aug 2009

Another to try is Malwarebytes [free]But you must rename it to be able to use and update it..

Another remedy from another forum.

heres what i found
i got the go.google removed from browser and running malware bytes sw…
i feel i am on my way to solving this!

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

Right click on it, and select “Disable”

Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.

Looks like a bad one so lets hope your friend can remove it.

  Chris Webster 16:08 11 Aug 2009

Thanks for your help and advice,

here is the message he posted in the Stock Car forum earlier today,

Downloaded superantispyware onto the laptop, saved it to memory stick, started desktop in safe mode, switched off AVG, extracted files from memory stick to desktop, renamed the .exe file (the virus recognises all the known anti virus names so advice is to rename it something innocuous - I chose fluffy.exe lol), ran quick scan (203 threats picked up), ran it again (106 threats), ran it again (26 threats) then decided to do a full scan (where it picked up a further 26 threats) rebooted desktop and gave it a try and so far it seems to be working fine. (Fingers crossed)

  birdface 16:48 11 Aug 2009

Your friend did well.It looked like a hard one to shift but looks as though he nailed it in one.
Lets hope it stays clear and his advice will probably help others with the same problem.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

These brilliant Lego posters show just what children's imaginations are capable of

Mac power user tips and hidden tricks

Comment réinitialiser votre PC, ordinateur portable ou tablette Windows ?