How to remove go.google go.yahoo go.msn trojan redirects

Join the forum discussion on this post - (1) Posts

XP antivirus is a trojan antivirus program that baits the user into purchasing the program by displaying popups and balloons that suggest that your system is infected.  This malware adds / installs unwanted files and adds entries to your registry to ensure that you will have a very hard time removing it.

What I have noticed with this malware, in addition to installing unwanted software, is that it hijacks your browser.  When you try to remove XPantivirus manually it still leaves a search engine hijacker.  Example, when you search for something on Yahoo.com or Google.com and you click on one of the search results link it redirects you to AntiSpyware ad sites.  I believe this is true for MSN’s search engine as well as a few others.

You will notice in the browsers  status section (lower left hand corner) that it contacts go.yahoo.. or go.google.. and a few IP addresses before it redirects you to some random site.

SOLUTION:

Update: If you are having problems running any AntiVirus/AntiMalware program please see this comment by Bomp before running Malwarebytes.

The only fix that I have come across as of yet is to use the Malwarebytes anti-malware program.  I downloaded, installed and scanned the infected system and it removed XPantivirus and fixed the go.google.. issue.

  1. Download Malwarebytes
  2. Double-click mbam-setup.exe and follow the prompts to install the program.
  3. Place check marks next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware.
  4. Click Finish
  5. If an  update was found, it will download and install it.
  6. Select Perform quick scan, then click Scan.
  7. When the scan is complete, click OK and Show Results to view.
  8. Be sure that eveything is checked and click Remove Selected.
  9. The log will open in notepad.
  10. Done.. no more XPantivirus and go.google redirects.

I have spent sometime researching this one and among other techniques, tried to rip this issue out of the registry without any success.  If you have any idea on the details of this issue, please feel free to comment below or visit the forums to post your comments.

Site:

www.malwarebytes.org

Download:

http://www.malwarebytes.org/mbam.php

For more detailed information about this very annoying malware please visit:

http://www.bleepingcomputer.com/malware-removal/remove-xp-antivirus-2008-2009

Did you find this post usefull? Why not leave a comment below and let us know. Or, if you still need help, post it in our Forums.

Comments

Thanks. Malwarebytes did the trick. I was just about to reinstall. Thanks for tip.

Malwarebyte cleaned it right up. Thank you for the tip!!

Was tearing my hair out trying to fix this. This worked great. THANK YOU.. THANK YOU !!

Sure hope it works for me! Here goes…

It should work, please let us know if it does not. Cheers !!

Browser redirects to go.google/go.yahoo/go.msn

Symptoms: Slow internet search, text fonts in Google are bigger than normal, redirected to go.google/go.yahoo/go.msn and then on to advertisements after clicking on links on Google page, unable to download any anti-spyware downloads, unable to download Microsoft’s malware program (says page is unavailable), unable to go to many trouble-shooting help forums and download pages (says pages are unavailable or that there is no internet connection), Malwarebytes and other malware programs will not run (they freeze up during the install)

After fighting with this for 2 days, I finally found the following solution posted (worked on 11/16/08):

Go to http://www.freedrweb.com/cureit/ for free (you will have to do this on another computer, because the malware will not let you do it on the infected computer), download the program on a jump drive, and then run on the infected computer.

It worked for me, my computer is back to normal (after cureit deleted a tdssxxom file in Windows/System32/drivers)!!!

To whomever posted the solution originally, thank you!!!!

I’m having the same problem but it seems that this virus (or perhaps another) has disabled any antivirus software on my comp. So though I was able to download malwarebytes and get it installed, the program simply won’t run. Neither will any others (spybot and the like). I’ve also tried this in safe mode and it is still the same. Every site I’ve read has said that malwarebytes solved the go.google problem but I can’t run any antivirus software. What should I do?

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

Right click on it, and select “Disable”

Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world :D

In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.

Yeeeeeeeeeeeeeees!

That totally worked! I had been monitoring my connection activity over the past couple days and did notice that there were a lot of activities attempting to connect to 127.0.0.1 which I knew to be home but didn’t know if this was a bad thing (though it logically seemed counterintuitive). Anyway, disabling that TDSSserv.sys allowed me to run anything and malwarebytes totally obliterated the go.goole poopy, as well as a few more problems I didn’t even know I had.

Thanks for the help!

Wow…been dealing with this all darn day and could not get any of my spyware to work nor download anything else. I did what paul said to and I was able to atleast get to a website to to download Malwarebytes. It is scanning and finding alot of stuff right now. Paul, if you are ever in Phoenix, I owe you a beer.

The http://www.freedrweb.com/cureit/ solution worked perfectly! I couldn’t run the MBAM app as the malware wouldn’t allow it to run.

This was probably the toughest infection I have ever had to remove (not nearly the most steps though). Other sites were simply telling people to reinstall windows! The above app couldn’t be easier to use, although you will have to download it on another PC and move it over as the malware won’t let you download the app.

THANK YOU VERY MUCH!!!

Well, this thing has been afflicting my PC for about three weeks now.

So far it has disabled networking, my device manager is empty, and many programs will not run or are unstable (same symptoms in Safe Mode).

Running Malwarebytes’ in Safe Mode now – trying to avoid formatting. Any ideas?

@Jesse

I hope Malwarebytes’ or CureIt does the trick. If it doesn’t, post a HJT scan report to the Forums.

Not sure how I’m going to be able to get HJT to that PC. Can’t find my flash drive – not sure it would even read it if I could.

@ Jesse

Started a topic in the forums to help. Please view here.

Leave a comment
*