Please follow these instructions:
How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator. - When the program opens, click the Start Scan button.
- Any objects found, will show in the Scan results - Select action for found objects and offer three options.
- If an infected file is detected, the default action will be Cure...do not change it.
- Click Continue > Reboot now to finish the cleaning process.<- Important!!
- If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
- A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Step 7 instructs you to
scan your computer using Malwarebytes Anti-Malware. Don't forget to
check for database definition updates through the program's interface (
preferable method) before scanning.
Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.- After completing the scan, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab .
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
- Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.Important Note: Using any
torrent, or
peer-to-peer (P2P) file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze)
is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst,
Norman ASA.
The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you
vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration,
downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can
trigger pop-up ads and
malicious Flash ads that
install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the
infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive,
reformat and reinstall the OS.
Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer.
The best way to eliminate these risks is to avoid using P2P applications.
Since the nature of P2P programs is counter productive to restoring your computer to a healthy state, I strongly recommend that you remove all such programs to reduce the risk of infection and keep your system clean.
Using such programs or browsing torrent sites is almost a guaranteed way to get yourself infected!!
). I certainly would appreciate any assistance you can render to a blockhead who got just what he deserved. And I promise to remember these words next time I'm tempted by something just too good to be true. 
Back to top
