Search result redirecting to another site [Solved]

Follow these instructions exactly and you will get throught this easily. This is the easiest way to
get rid of the problem. the process is easy. the instuction look long but i wrote them assuming the
reader has no computer experience. enjoy

1. start another IE window along side this one to quickly and accurately review instructions (ctrl+n)

2. copy and paste the URL below directly into the address bar then press ENTER
DO NOT CLICK THE URL. YOU MUST COPY AND PASTE OR YOU WILL BE REDIRECTED!

*the tdss (go.google) redirect virus recognizes all instances of "Malware, Mbam, etc...
this will get around that. DO NOT CLICK THE URL. YOU MUST COPY AND PASTE OR YOU WILL BE REDIRECTED!

www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

3. under "features" use drop down menu and select Ver. 1.32, this will cause screen to refresh

4. click "download latest version"

5. a yellow Active X control should show just under your tab in the window. It will say
"To help protect your security, IE blocked.........and so forth"

6. left click and select download file

7. select SAVE, in file name field replace "mbam-setup.exe" with "setup.exe"

8. when complete, select "open folder" and double click setup.exe and then run

9. Proceed through till you are prompted to select destination location. to make it easier
just copy and past what I have below into the name bar

C:\Malware\Malware

10. name start menu folder Malware (usesless but do it) do not create shortcut

11. deselect (uncheck if checked) option to create desktop icon or quick launch, continue through confirmation

12. It will take between 15 to 60 minutes (it will appear frozen, it is not. just let it be)

13. IMPORTANT!!! deselect UPDATE MALWARE AND LAUNCH MALWARE (THE VIRUS WILL SHUT YOU DOWN IF NOT UNCHECKED) click finish

14. right click start, select explore and locate "Local Disk (C:)", expand view (click [-}, should be folder name "Malware" below

15. double click folder, locate mbam.exe and rick click to rename "Mban.exe" then double click Mban.exe to run

16. do not worry about updating, you wont be able to, select scanner tab and Perform quick scan

17. will take awhile depending on computer ~approx 10-20 minutes

18. will find around 8-20 files. here is a copy of my log for example:

************************************************************************
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

1/15/2009 3:52:36 AM
mbam-log-2009-01-15 (03-52-36).txt

Scan type: Quick Scan
Objects scanned: 51044
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\TDSSbrsr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqh.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Trojan.TDSS) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\TDSScbec.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSStkdu.log (Trojan.TDSS) -> Delete on reboot.
************************************************************************

19. remove all items as prompted, some will require reboot to remove, this is normal

20. allow computer to reboot after cleaning. You are now free from your nightmare.

Hi I was able to solve the problem after 5 hours of gruelling work . I used SuperAntiSpyware and Malwarebytes to remove the Malware. if you need more help google for go.google.com malware and loads of information would come up. Incidentally the Malware will not allow you to install any of the software so you will have to rename the files and then try to install. Start with Super Anti Spyware

Enjoy
Abhi

For those who couldn't find that process starting with "t"....I disabled a process with "IEEE" which was labeled with yellow tag....
After that you should be able to browse the internet ....

Saf, I love U! hahahahaa! after wasting a lot of time to solve the problem, I finally found this site. And your advice worked. Thank you soooo much. May the force be with you man. take care

Hi,
Had same problem with firefox and IE, I tried forefox reinstallation but didn't worked.
Then i went to option and removed all add-on, clicked on security and check warn me when need to install new addon. removed check box when there was automatic install addon checked. also removed java toolkit addon, which was the main thing.
restart firefox, solved.......

Using Malwarebytes worked for me. My situation was slightly different in that all search engine searches would return a proper "sounding" title, but the URL actually pointed to a site other than what it link said. So for a Google search, it would return a page that looked very much like google but there were differences. Google has sponsored links at the top and down the right side of the page, but with the rootkit running there were no sponsored links and there was a lot of white space on the page.

Malwarebytes found a Rootkit.Agent on C:\Windows\System32\sysaudio.sys. After removing it, all of my searches returned to normal function.

I had this problem as well (Firefox browser search being redirected to other sites, mostly advert sites/search results).

I solved this problem using Eset Security Center computer scan. This program found the virus and after it was deleted/quarantined I was able to use my Firefox browser search bar and Mozilla search page without being redirected.

I used to have Eset Nod32 Antivirus but it never found the virus. I also tried McAfee Total Protection 2009 and it didn't find it. Other things I tried was Malwarebytes, SuperAntispyware, AdAware, and Spybot Search & Destroy... none of these programs found it.

So get Eset Security Center 4 and use the computer scanner to scan all your files (I think it was found in one of Firefox folders. I think the name of the file was chrome.manifest. I can't remember for sure.)

Solved the search results' redirecting problem with Hitman 3.5 downloaded frm CNET

ok if you click start and type: ''C:\WINDOWS\system32\drivers\etc\HOSTS'' then save as notepad then delete the websites that are under the hosts then restart your computer and BAM its problems solved any problems just contact me at bbcpark2000@gmail.com

EASY solution for Google redirects to other sites or ads. Tried Malwarebytes, AntiSpyware, Spybot Search and Destroy and several other programs. Looked at lots of forums. Finally one said to download Hitman Pro 3.5 for free at cnet. com as that's the only thing that worked for him...It worked for me too!

I have a problem with google search redirected results. I have used AVG, malware bytes, Microsoft security essential but no luck. I have tried hitman pro 3.5 and it help me to resolve the problem.
Thanks to people who suggest to use such easy program

were you able to solve the problem .... I have same issue

Thanks to the link for malwarebytes. I was having this same problem and at a loss how to get this off my computer. It worked great!

Thanx for the suggestion to the malware bytes removal app. It found the file that you mentioned(audio.sys) and it removed it. I also used the antispyware one and it found other stuff but didnt help with the problem. I hate these damn spyware crap.

Thanx bro.

it think this is probally spyware but i'm not 100% sure but if you do get avast and it will remove it

hi all....thankyou for the help...I downloaded malwarebytes...and it fixed the problem straight away...thankyou all so much..your the best!

Malwarebytes' Anti-Malware as a suggested solution solved my pain in the @$$ problem. Time is money. This free solution could not have been found at a better time.
Here is the long list of problems I had prior to finding the solution above:
Problems in Windows XP system restore, it did not fix or clean the registry. I Could not update lavasoft ad-aware, as it did not find the problem, even after a full scan. AVG anti-virus and Avast! anti-virus would not execute the updates or identify the problem. Frustrated, I even set up my home page to the microsoft windows update only to be redirected to google. With the Malwarebytes' Anti-Malware program I invested 5 minutes of my time. The reward could not be matched by any other program. Thank You. May the good Karma you have spread today come back to reward you for this kind act.

i had the same problem...
i already had symantac on my computer, but it didn't recognize the virus, so i downloaded avast (the free edition) and ran a full scan. It found two pieces of malware and took care of them. I then went into my document and settings and deleted all of my cookies. I then went into firefox,tools then options and deleted all private data and also unchecked "accept third-party cookies."

This whole process took about 30 minutes (because the full scan takes so long) and my problem is completely gone.
good luck!

saf disabling 'tdssserv.sys' worked thanks

After hours of messing around with these so called fixes i eventually went through HiJackthis and it removed it.............


ONLY TO COME BACK AGAIN!

I thought, forget this, and went to www.fixedlikemagic.com whihc a friend had recommended to me and had them fix it.. not only is the problem gone but the computer is running soo much faster thanks to their tune up service. i recommend them 100%