Search result redirecting to another site [Solved/Closed]

 joseph -
I am really frustrted.Can someone plz help? I got infected with the Antivirus XP 2008 today. I removed it. But now having a problem. When I search using google and I try to click on a search result I am not able to open it.instead it is redirected to another site. How can it be fixed? Any help will be much appreciated.


38 replies

Follow these instructions exactly and you will get throught this easily. This is the easiest way to
get rid of the problem. the process is easy. the instuction look long but I wrote them assuming the
reader has no computer experience. enjoy

1. start another IE window along side this one to quickly and accurately review instructions (ctrl+n)

2. copy and paste the URL below directly into the address bar then press ENTER

*the tdss ( redirect virus recognizes all instances of "Malware, Mbam, etc...

3. under "features" use drop down menu and select Ver. 1.32, this will cause screen to refresh

4. click "download latest version"

5. a yellow Active X control should show just under your tab in the window. It will say
"To help protect your security, IE blocked.........and so forth"

6. left click and select download file

7. select SAVE, in file name field replace "mbam-setup.exe" with "setup.exe"

8. when complete, select "open folder" and double click setup.exe and then run

9. Proceed through till you are prompted to select destination location. to make it easier
just copy and past what I have below into the name bar


10. name start menu folder Malware (usesless but do it) do not create shortcut

11. deselect (uncheck if checked) option to create desktop icon or quick launch, continue through confirmation

12. It will take between 15 to 60 minutes (it will appear frozen, it is not. just let it be)


14. right click start, select explore and locate "Local Disk (C:)", expand view (click [-}, should be folder name "Malware" below

15. double click folder, locate mbam.exe and rick click to rename "Mban.exe" then double click Mban.exe to run

16. do not worry about updating, you wont be able to, select scanner tab and Perform quick scan

17. will take awhile depending on computer ~approx 10-20 minutes

18. will find around 8-20 files. here is a copy of my log for example:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

1/15/2009 3:52:36 AM
mbam-log-2009-01-15 (03-52-36).txt

Scan type: Quick Scan
Objects scanned: 51044
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\TDSSbrsr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqh.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Trojan.TDSS) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\TDSScbec.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSStkdu.log (Trojan.TDSS) -> Delete on reboot.

19. remove all items as prompted, some will require reboot to remove, this is normal

20. allow computer to reboot after cleaning. You are now free from your nightmare.
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2785 users have said thank you to us this month

I tried this, but couldn't find any malware and problem still persist. What am I doing wrong?
Hi I was able to solve the problem after 5 hours of gruelling work . I used SuperAntiSpyware and Malwarebytes to remove the Malware. if you need more help google for malware and loads of information would come up. Incidentally the Malware will not allow you to install any of the software so you will have to rename the files and then try to install. Start with Super Anti Spyware

Thank you so much! Malwarebytes worked like a charm! I can finally browse again! Thank you Thank you Thank you.
thanks for the hint!!!
For those who couldn't find that process starting with "t"....I disabled a process with "IEEE" which was labeled with yellow tag....
After that you should be able to browse the internet ....
Saf, I love U! hahahahaa! after wasting a lot of time to solve the problem, I finally found this site. And your advice worked. Thank you soooo much. May the force be with you man. take care
Had same problem with firefox and IE, I tried forefox reinstallation but didn't worked.
Then I went to option and removed all add-on, clicked on security and check warn me when need to install new addon. removed check box when there was automatic install addon checked. also removed java toolkit addon, which was the main thing.
restart firefox, solved.......
Using Malwarebytes worked for me. My situation was slightly different in that all search engine searches would return a proper "sounding" title, but the URL actually pointed to a site other than what it link said. So for a Google search, it would return a page that looked very much like google but there were differences. Google has sponsored links at the top and down the right side of the page, but with the rootkit running there were no sponsored links and there was a lot of white space on the page.

Malwarebytes found a Rootkit.Agent on C:\Windows\System32\sysaudio.sys. After removing it, all of my searches returned to normal function.
I had this problem as well (Firefox browser search being redirected to other sites, mostly advert sites/search results).

I solved this problem using Eset Security Center computer scan. This program found the virus and after it was deleted/quarantined I was able to use my Firefox browser search bar and Mozilla search page without being redirected.

I used to have Eset Nod32 Antivirus but it never found the virus. I also tried McAfee Total Protection 2009 and it didn't find it. Other things I tried was Malwarebytes, SuperAntispyware, AdAware, and Spybot Search & Destroy... none of these programs found it.

So get Eset Security Center 4 and use the computer scanner to scan all your files (I think it was found in one of Firefox folders. I think the name of the file was chrome.manifest. I can't remember for sure.)
Solved the search results' redirecting problem with Hitman 3.5 downloaded frm CNET
EASY solution for Google redirects to other sites or ads. Tried Malwarebytes, AntiSpyware, Spybot Search and Destroy and several other programs. Looked at lots of forums. Finally one said to download Hitman Pro 3.5 for free at cnet. com as that's the only thing that worked for him...It worked for me too!
Tried Hitmn Pro 3.6 -- latest version. Didn't find any malware but problem still persists
I have a problem with google search redirected results. I have used AVG, malware bytes, Microsoft security essential but no luck. I have tried hitman pro 3.5 and it help me to resolve the problem.
Thanks to people who suggest to use such easy program
were you able to solve the problem .... I have same issue
no, I dont think so, I have the same problem, I used super anti.... and it didnt work, I dont know wat to do..
> saf
Hi saf, im having the same problems but on Windows Vista. I cant show hidden files they way you descibe any info would be great.
Thanks to the link for malwarebytes. I was having this same problem and at a loss how to get this off my computer. It worked great!
Thanx for the suggestion to the malware bytes removal app. It found the file that you mentioned(audio.sys) and it removed it. I also used the antispyware one and it found other stuff but didnt help with the problem. I hate these damn spyware crap.

Thanx bro.
Registration date
Tuesday January 13, 2009
Last seen
January 15, 2009

it think this is probally spyware but i'm not 100% sure but if you do get avast and it will remove it
hi all....thankyou for the help...I downloaded malwarebytes...and it fixed the problem straight away...thankyou all so much..your the best!
Malwarebytes' Anti-Malware as a suggested solution solved my pain in the @$$ problem. Time is money. This free solution could not have been found at a better time.
Here is the long list of problems I had prior to finding the solution above:
Problems in Windows XP system restore, it did not fix or clean the registry. I Could not update lavasoft ad-aware, as it did not find the problem, even after a full scan. AVG anti-virus and Avast! anti-virus would not execute the updates or identify the problem. Frustrated, I even set up my home page to the microsoft windows update only to be redirected to google. With the Malwarebytes' Anti-Malware program I invested 5 minutes of my time. The reward could not be matched by any other program. Thank You. May the good Karma you have spread today come back to reward you for this kind act.
i had the same problem...
i already had symantac on my computer, but it didn't recognize the virus, so I downloaded avast (the free edition) and ran a full scan. It found two pieces of malware and took care of them. I then went into my document and settings and deleted all of my cookies. I then went into firefox,tools then options and deleted all private data and also unchecked "accept third-party cookies."

This whole process took about 30 minutes (because the full scan takes so long) and my problem is completely gone.
good luck!
can you tell me what the name of the malware you found was? I seem to have the same problem and thought I could just uninstall and reinstall the browsers but am stuck now with IE that never stays open.
saf disabling 'tdssserv.sys' worked thanks
After hours of messing around with these so called fixes I eventually went through HiJackthis and it removed it.............


I thought, forget this, and went to whihc a friend had recommended to me and had them fix it.. not only is the problem gone but the computer is running soo much faster thanks to their tune up service. I recommend them 100%
what did you used actually as it gives so many options of antispyware and am confused hich on you have used. pls provide more info
after installing the superantispyware, problem still exsists and I could not find the 'tdssserv.sys' to disable under Non-plug and play drivers , please help........