go.google – go.yahoo

go.google and go.yahoo is browser hijacker that dominantly redirect web browser to a harmful websites. Normally, user’s Internet browser is delivered to a page that projects online virus scan. It detects numerous threats and advises the victim to download a removal tool. There are occasions that this redirect virus is utilized to gain profit for its developer after browser on the infected PC is forwarded to advertisements web page.

A Trojan that has a payload of modifying browser settings drops go.google and go.yahoo. It can also disable installed security programs such as antivirus and firewall. This threat also monitors internet activity of the infected computer.

Update: October 5, 2011
Browser redirect these days is mainly dropped by a rootkit Trojan to hide its activity once inside the computer. Rootkits are difficult to remove using only single antivirus software. You cannot rely on installed antivirus program at all times. You need a special too created specifically to fight redirect and rookit Trojan to stop the malicious deeds.

Signs and Symptoms of go.google – go.yahoo Infection:

Browser is redirected to go.google – go.yahoo web sites
Trojan usually infects a web browser in order to redirect it to another web page that contains additional malware. In some instances, redirects are used to promote a rogue program such as fake antivirus products.

Exhibits fake pop-ups and security alert
In order to deceive computer users, go.google – go.yahoo will exhibit a bunch of fake security alerts and warning messages. It also intends to promote the malware as the sole remover for identified threats.

go.google – go.yahoo will detect errors and threats that do not exists
If the redirect intends to promote a rogue program, user may see a bunch of fake detection after the browser is redirected to a malicious page. Keep in mind that that detection is fictitious and does not really exists in the computer at all. This trick is common to viruses and malware that uses redirect methods.

Other Functions of go.google – go.yahoo:

  • go.google – go.yahoo will arrive on computer via another virus infection
  • Internet browser can be redirected to unknown address that is usually the location of other malware
  • go.google – go.yahoo may contact a remote computer and download more threats
  • go.google – go.yahoo will display excessive advertisements on the computer
  • This threat also monitors Internet activity on the infected PC

How to Remove go.google – go.yahoo

Remove the rootkit Trojan causing the redirect

Anti-rootkit utility called TDSSKiller is a free tool from Kasperksy that neutralizes complicated malware which effectively hides its process, folders, files and registry entries.

1. Download TDSSKiller from this link. Save the file to your desktop.
2. Extract the contents using archiver applications.
3. Reboot the computer in Safe Mode to avoid go.google – go.yahoo from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
- Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will now start in Safe Mode.

4. Locate and run the TDSSKiller.exe file.

5. On Object to Scan, please mark Services and drivers as well as Boot Sectors.
6. Click on Start Scan to begin scanning your system. This may take a while.
7. After the scan is finished, it will reboot the computer. That should complete the disinfection process.

Download and scan with Malwarebytes Anti-Malware

1. Download Malwarebytes' Anti-Malware from this link and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as default only.

4. Before the installation completes, check on the following prompts:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware

5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the Show Results button.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.

80 Comments

  1. james

    this is so-far the best resolution for fixing the hijack that i have stumbled across. thank you so much for the advice

  2. Noah

    Thanks, it worked for me when no other antispyware programs would!

  3. mike

    heres what i found

    Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

    Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

    Then search for “TDSSserv.sys”

    Right click on it, and select “Disable”

    Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

    Restart your pc.

    You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.

    Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

    In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update.

  4. RM

    Mike,

    Thanks very much. I tried your suggestion of disabling the TDSSserv.sys and it worked. It stopped routing to the local computer.Then I downloaded Malwarebytes software after disabling the TDSSser.sys, which I could not download earlier before disabling it. The malwarebytes scanned all the trojans and virus infected files. I deleted all those. Then installed a new AntiVirus software that I bought.

    Thanks very much. I appreciate it.

  5. eg

    I found a suggestion which worked. If the virus isn’t letting you open or run any anti-virus/malware program, rename the setup file. I found when I did it with the Malwarebytes setup file it would actually install. I couldn’t install any anti-virus program because this thing recognized all of them until I tried the rename. I did manage to get rid of the Antivirus2008 malware popup with the free program Avira Antivirus which for some reason loaded while being infected. Malwarebytes did the rest and everything seems back to normal.

  6. codie

    Mike,
    Repeated scans and uploading different antivirus via removable drives, disabling sytem restore, starting in safe mode, no luck. Your TDSS disable suggestion saved the day, Dr. web program found the virus 30 seconds into the scan. Thanks,Man.

  7. Tina

    Mike,

    Thanks very much – worked perfectly and easier than all the other solutions.

  8. Dave

    Mike – Nicely done. I’m running the scan now, but I’ve at least been able to access the webpages necessary to get to the scan software. I even tried doing things with a downloaded program onto a thumbdrive … couldn’t get that to work. Fingers crossed, but this seems to be doing the trick. Thankfully I had another computer to use in researching this.

  9. Mark

    Thanks guys! I was trying to get rid of this for days with no help from the guys at AVG. It initially detected the virus but did not stop it completely. Sometimes I wonder what we pay these anti-virus people for? If people on a forum can do it why cant they!!!!!

  10. Joe

    Thax Mike – u really made it simple – now I see that device with yellow exclaimation mark – what should I do with that?

  11. CA$H

    GOOD LOOKiN OUT MiKE! BEEN TRYiNG 2 FiX THiS 4EVER!

  12. mike b

    I.m still working through this but your suggestion is the only thing that has allowed Malwarebytes to run….fingers crossed it’ll sort it out but I had to thank you for the progress ater days of pulling my hair out. Many thanks!!!

  13. J Moz

    Had similar problem with almost every google or Yahoo search being directed to random spam or even adult pop-ups/sites. However followed Mike’s instructions above (slightly diff as I’m on Vista) but couldn’t find a file named TDSSserv.sys there.

    Any other ideas?

    Cheers

  14. Dylan

    Many thanks Mike, your fix did the trick! Cheers

  15. Lisa

    Thank you SOOOOOO MUCH Mike, I have been up for hours trying to fix my hubbies computer and your solution worked like a dream!!!! Thank you

  16. Rejesh

    you are awesome. That totally helped me to fix my computer.

  17. Kitch

    I have a similar problem,
    but, I can’t open Google, it re-directs me to “Microsoft security” an obvious fake site.
    followed Mike’s instructions above (slightly different- I’m using Vista) but couldn’t find a file named TDSSserv.sys there.

    Thanks.

  18. Donny

    You might want to go to your system 32 files, and click on date modified, scroll down to the latest date and see if the tdssserv. files or anything that is related to it is still there. I cut and pasted them to my desk-top then deleted them all.

  19. Kam

    yeah works great, unless your using Vista

  20. tony

    i cant find tdss serv.sys ive opened non plug/play drivers and its no where to be seen im on windows xp ,could any one suggest any thing as im not very good on computers and this virus is driving me up the wall
    thanks tony

  21. Tom

    Yup, the tips here saved me from jumping off a tall building…did the Dr. Web first and that got me through the nasty virus attack….thanks all!

  22. Seth

    Thank you Mike! That totally did the trick.

  23. Sahil

    I have been trying to fix this problem for so long that I feel like pulling my hair out right now. I can’t seem to get google to stop re-directing me to other sites. Google has become slow and it seems like I just can’t go to any of the websites that I normally am able to go to. I tried Mike’s suggestion but when I get to control panel and click on “system”, it doesn’t even open. I tried and tried and it just doesn’t open. I really need to get this fixed. Please help!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  24. cybersnak

    thax a lot man :)==*~

  25. Jen

    THANK YOU SO MUCH, MIKE!

  26. Grayghost

    Way to go Mike! Bing Bang Boom…done.

  27. tito

    thanks mike, i fought that all weekend to no avail.your fix worked !

  28. Mike number 2

    Mike.. Like a charm. 1/2 day lost, but not I’m back. Thanks again.

  29. Fortysix&2

    Thanks Mike!!! 5 minutes to fix; some of the other sites would have taken hours to fix.

  30. robert

    Thanks so much Mike. I wish I would have found your suggestion before wasting almost an entire day.

  31. mrzeta

    Hi folks – This problem called page and search engine hijacking is the 2nd worst Trojan I have ever encountered. There was ref to 302 exploit and redirects – I couldn’t log into any spyware websites etc – my other computer worked thankfully. I think I got slammed of my email site. What happens is that advertisers embed scripts in their ads; my registry get changed and files are added to my system without my permission. I’ll let you know if my problem is solved.

  32. mrzeta

    Hi – I found TDSSserv.sys and also (!!) I never knew about hidden devices…

    I do know about services running so I am gonna look it up now.

    Somethin I noticed – I disable all my remote access stuff – well the drivers i that list are labled as ‘demand’ ; it is like they still can be used even though I shut them down; disabled they go too….I couldnt disable the TAPI one but I tried the other 2.

    Here goes PC restart !!

  33. mrzeta

    Here is the registry entries – I do all mine manually.

    hkey_local_mach, system, controlset001, enum, root, legacy_tdssserv.sys (delete
    this one; its called an active service – I didnt locate it manually my house is
    noisy again tonite.

    Just search tdss in the registry an delete them all AFTER restarting. I am doing this now. Dont run IEXplorer. I have also saves the registry entries should I

    decide to install it on my virus computer lol.

    Now I found the main software entries !!! KMA look at the disallowed area – all those websites I couldnt load up! Hey wait (!!!); if these are the disallowed

    spyware programs this list must have a good list of spyware programs for us to use
    !! Muhaha !

    Then I did a search in files fot tdss – deleted (after moving !) all of em (mostly system32 dlls).

    I also see that tdss is in a list of browser addons (under manage addons:),
    Mscorews.dll and msadco.dll. The last one is ligit but I just disabled it; also
    wuweb.dll; search assistant addons. All this crap relates to these browser addons,
    and tdss was not found in the addon list but it was still being used. I deleted
    the search assistant entries in ACMru (Again these are manual registry deletions).

    I also couldnt get rid of all the tdss registry entries; I did get the most
    important one, the program entries with dissallowed sites; GONZO !

    Oh, and I added this site to my favorites !

    Now here are some other important things to check.

    Delete all prefetch files and everything in Docs/set Temp, then check those

    directories for odd files. I always look at the date and time when somethin goes awry with my computer and that helps.

    Export the registry after running malaware etc. Good luck.

  34. Rima Nomolas

    Can’t find file named TDSSserv.sys.

    Can someone in simple terms explain to a rookie what is the next approach to removing this trojan?

    Donny suggested:
    You might want to go to your system 32 files, and click on date modified, scroll down to the latest date and see if the tdssserv. files or anything that is related to it is still there. I cut and pasted them to my desk-top then deleted them all.

    where do you find system 32 files. Was anyone else succesful with this recommendation.

    Help………………
    I need play by play instructions…………

  35. mrzeta

    One more thing ! Thanks Mike !! Disabling TDSSserv did the trick – I have my search engines back, and go.google.com is gonna here from me.

    That disallowed list I mentioned is a list of programs that prevent from running on your computer, or even installing !! Now I am trying MBam !

    Thanks !

  36. mrzeta

    One more thing – in the windows registry if you cant delete any legacy tdss files, right click on permissions; hopefully you have admin rights, click full permission then delete the entry !

    Rima, Folow Mike’s instructins above to ‘disable’ the non plug and play device called TDSSserv !

    MrZ

  37. mrzeta

    Also – I couldnt get permissions on some of the files because the name of the user

    was missing ! Just add the user you are logged into maybe – I accidently used my

    other one I havnt used yet and I got the permissions boxes to open up! Good Luck!

  38. mrzeta

    LMBO TDSS is loading again into my system – I need to logoff

  39. Rick

    Mike, you’re a god. Thanks for the great suggestion to disable the TDSS file.

  40. George

    Mike your the man……. its working. If you have que you can ask me anything you want thx man

  41. Rima Nomolas

    One more time – how should a computer novice find the
    file named TDSSserv.sys. (it is not showing up on Non-plug and play drivers).

    If possible – I need “play by play” instructions.

    Thanks so much.

  42. George

    you have to go on Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices. then click it and disable

  43. George

    by the way after disable device called TDSSserv (mike´s ideea) you may still find some threat my Malwarebytes find 5 in C:\system Volume information\_restore{….. this files are probabily what was left in the restore volume however you have to scan fully to find them coz a quik scan wont do you any good. a.. mrzeta can you tell me how you delete all TDSSserv from regedit some of thm are still there and i cant delete them Jesus this is a hell of a spyware…

  44. George

    !!! mrzeta !!!!

    by tha way again how did you get there??

    …..Now I found the main software entries !!! KMA look at the disallowed area – all those websites I couldnt load up! Hey wait (!!!); if these are the disallowed ………..

  45. Jason

    I used CureIt and Malwarebytes to get rid of this problem. Thank you Bill for the tips. Found this page on Google.

  46. Rima Nomolas

    As I indicated the other day – couldn’t find the TDSServ.sys files in Non-plug and Play Drivers.

    My niece suggested that I download Malwarebytes: (see link below) This software found the Trojan virus and worked like a charm. Phew!!!!!!!!!

    Btw, if you blocked from downloading Malwarebytes – You should use firefox, not IE.

    https://www.precisesecurity.com/tools-resources/adware-tools/malwarebytes-anti-malware

  47. Alice

    Thank you so much!! You saved me from a whole lot of pain!
    I was ready to reinstall Windows.

  48. Tom

    Mike, you da man !!!! I was just minutes away from the “reformatting hard drive” fix when I came upon your solution. After several days and many hours of frustration your advice worked like a charm. Thanks a million. All systems go.

  49. Casey J

    hey I am having all the same symptoms of this TDSSserv.sys problem. I have done a complete fresh windows XP install and I am still having all the symptoms. Any suggestions?

  50. Anton

    Thank you! Finally this thing is gone.

  51. Z

    Thank you every much. The sick feeling I had the last few days has gone away. This site is a must for now on.

    :thumbup:

  52. Z

    I forgot to add that I was not able to defrag, start in safe mode or get to the windows update page until the fix.

    Thanks again!

  53. chuck

    Thanks for all the good advice. The DR Web scanner has picked up viruses that none of the other AV programs I tried found. This fixed the go.google redirect problem immediately.

    I did follow the additional advice of disabling the TDSSERV.SYS as well.

  54. Mark

    Thanks so much!!! I can put the razor blades away!!!!!!!

  55. Mark

    Do I need go back and enable the TDSSserve after I run my antivirus??

  56. Gordeaux

    Thanks Mike, your advice really saved me!

  57. Anketaros

    Thx Mike!
    Good question Mark. Enable the TDSSserve after the cleaning operation??.

  58. Zelly

    IF YOU CAN’T FIND TDSSSERVE:

    If you are looking through Non-Plug and Play, but don’t see TDSSserve, go to Action > Scan for Hardware Changes. This made it appear on the list for me.

    Thanks so much to #4, Mike! <3

  59. Justthegreatone

    Thankyou so much mike, its funny that everytime something like this happens to me, i always find the answer on a message board. Its working so far now, and does anyone know a great virus protection program to insure that this does not happen again?

  60. AlainStoon

    Mike, Thanks for the hint. I was planning to re-install XP and you save me many hours fixing my PC. I am curious. How did you find out about TDSSserv.sys?

  61. madfluter

    Mike (msg #4) saves the day!
    ran Ad-aware (full version) and caught it, but had to go into system 32 and delete recalcitrant TDSS files. I bought the Ad-Aware after the free Malwarebytes ran for 1/2 hour and caught nothing…, this virus is annoying. all I can say is: go Google and go Yahoo can go Google and Yahoo themselves…

    THANKS MIKE

  62. terenaam

    msg #1 worked for me. Thanks.

  63. Lenmo

    Mike – Msg #4 saved my day and Christmas! I had spent 7-8 hrs trying to remove Spyware Guard 2008. I was ready to call it quits and reformat my hard drive when I realized my browser had been taken over by go-dot-google. Since I was not able to browse using google, I changed to AltaVista, was able to browse the internet, and found this post. I manually disabled the “TDSSserv.sys” file per your instructions, then was able to download and run the free Malwarebytes Anti-Malware program. This program kept hanging during the download prior to disabling the tdsserv.sys file. Malwarebytes found 93 files (trojans,malware, etc…) and removed them.

    I now have my system back! THANK YOU!

  64. Mayor McCheese

    Mike, I love you more than life itself.

  65. F*** AntiVirus2009

    Thanks! Been seeing this alot lately in repairs

    Recommend virus scanners pick up on this little tip!!!!!!

  66. Fredrik

    Thanks very much Mike, your advice saved my life almost. ive been trying for days now to get rid of this nasty virus.
    /Fredrik, Falun – Sweden

  67. chrisc

    MIKE!!!!!!!! YOU ROCK!!!!!!!!!!

  68. Phil

    MIKE my hero!!!! THX A LOT!!!

  69. Nancy

    Mike, you are a genius and a lifesaver!! Thank you!!!

  70. Matt

    Mike,

    Your suggestion did the trick. Thanks… Mcafee killed it within seconds after I disabled the TDSSserv.sys. But how did I get it in the first place. I run mcafee and spybot and neither picked it up on its way in??? UK.

  71. jeff

    OK Im all fired up at this POS Trojan! I followed instructions but its not located in the non-plug and play drivers….I was able to run spyware doctor and at first had 17 threats and under the TDSS one there were 52 then after running once and rebooting there were still 9. I looked at the registry when I ran the doctor…and 5 were in C;/windows/system 32 and 3 were in the Hkey local machine system control set 003 and 004 etc. How do I find these now (I tried a search in safe mode and took forever so I stopped). Please Help!!

  72. Scott

    OK Ive taken the harddrive out and ran a scan in another computer treating the infected one as a slave. Found one trogan after 2.5 hours of scanning. There is no existance of TDSserve on this system. Is there another one in the ysstem that is called something else? Cannot even load any malware software even in safe mode

  73. Scott

    OK Here’s what had to be done to get my system back up.
    I did not have the TDSSserve file (I’ll tell you how I found out)
    I downloaded Malwarebytes to a flash drive and tried to run it on the infected comp. No luck…wouldn’t even start – even in safe mode which kind of scared me.In fact, I tried a bunch of different malware killers but no luck. So, I took the drive out of the computer and put it on an old back up computer and looked at the infected drive as a slave. I used the old computer with malwarebytes to hunt down any infections on the slave. It found 17 trojans that McAfee couldn’t or wouldn’t see When this was done, I reinstalled the drive back into the primary computer. (I unplugged the network cable) I then tried to run malwarebytes again and nothing. Next I went for the big guns… I went to bleepingcomputers.com and downloaded combofix.exe onto another flashdrive. I copied combo to my desktop and renamed it CB (you can call it what you want) I ran it and it found 37 chunks of garbage lurking in the system32 files. NOT ONE MALICIOUS FILE WAS TDSSERVE! After this went through its course I ran malwarebytes which started right up and the computer is clean. A bit of advice…it doesn’t help to scream cry swear etc. Keep your cool and you will figure it out.

  74. Louai

    MAN I still have the same problem I looked for the TDSserver it wasnt rather downloaded malwarebytes and XoftSpySe and still no luck can someone help me out?

  75. Shari

    I can’t find the
    TDSS file I can’t download Malwarbytes and this went right through my McAfee. I need to do my taxes and don’t dare as long as this is here I have two harddrives one a slave one not. I am running XP with IE 8. I also have Safarie and FF loaded and it redirects in both of them. Please help I am not good at computers but I follow directions well. Mike I look for that file in Non Plug and play unless it is named something else it is not there. Somebody help. Why do I pay big money for antivirus programs if they aren’t going to help. This seem to let me load Malwarebyes but not run it.

  76. lithium4641

    I’ve been having this same prob w/ search redirecting it doesn’t matter which browser I use IE, firefox, safari, etc. Tried to find the TDSS under non plug and play but it wasn’t there however I noticed another entry called Serial, disabled that just for grins, tried google again and no more bs redirecting anymore, now I just need to figure out how to get the junk off my pc.

  77. Gordon

    Same problem here. I’ve been trying to get rid of this for two days now. I looked for and could not find TDSServ.sys file as directed. Using my work pc and emailing to my home pc, I was able to download and run AVG and Malwarebytes. AVG found only 5 bad files where MW found 27. Cleaned all of them and it did something but didn’t get rid of it. Now I’m just redirected to a different search enging then before and still can’t get to any spyware/security sites. Any help would be greatly appreciated.

  78. crippy

    I seem to have an updated version of this hijack, I can’t even get into device manager, all attempts to find or install software are blocked along with any websites related to software fixes… any ideas? :P

  79. Hyoran

    I’ve tried everything to find the TDSSserv.sys including the scan for hardware changes and i still can’t find it. Is there any other hardware you can disable that will help?

    Also i seem to have problems with serial and npkcrypt. Why have they stopped working?

  80. Michael

    If you can’t find TDSSserv.sys in DEVICE MANAGER (as Mike described above); then click START > RUN > Open: regedit > EDIT > FIND > TDSSserv — delete (if you also see go.yahoo delete that too) — then click FIND NEXT — delete any others found then FIND for go.yahoo — delete any found. Exit Registry Editor.

Comments are closed.