[Cof1der]

I'm infected w/ antivirus XP 2008. I followed the suggested task manager end process but I still have remnants (or maybe all, what do I know). I tried going to pctools to download spyware doctor, but was redirected to some other web site. It seems something is redirecting me to sites different from the one I enter in the "go to address" box, so I can't go to where I can download remedy.

What do I do? How is it doing this. How do I locate the code that changes what I enter in internet explorer/mozilla fox "go to" address box?

P.S. This message from a different computer since I wouldn't be able to get here from my infected PC.


_________________
Life, living and the pursuit of happiness

[Bobby]

Hello there,
as you can't download the anti-spyware on the infected computer, you have to download install on another computer, then put the install on cd or usb and run it on the infected machine. i recommend malwarebytes antimalware : http://www.2-spyware.com/review-malwarebytes-anti-malware.html
_________________
I reccomend Spyware Doctor and Malwarebytes’ Anti-malware as ultimate protection.

[DanaKate]

I found that I could get around some of the redirect by going directly to CNet and downloading from there. I found that my version of AV09 evidently didn't consider CNet to be a threat to it. But if my browser wasn't being rerouted to a fake AV site, I would get the message that my security software couldn't be updated or that the site I wanted to visit (AVG, Spybot, Lavasoft, whatever) was not found. So I found a fix today on another site. I posted in another thread here (maybe where I shouldn't, since I'm new, I dunno), but I can give another overview here in case it helps someone with similar problems.

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices. Scroll down to "Non-plug and Play Drivers" and click the plus icon to open those drivers. Search for "TDSSserv.sys", right click on it, select Disable, and reboot your system. Make sure you don't choose to uninstall it, because it'll just reinstall itself when you reboot.

This doesn't get rid of AV09, but it fixed my redirect problem and allowed my AVG and Spybot to update and run so I could get rid of AV09 with them. I was also able to download and install trusted software. I'm running Malwarebytes now to make sure I didn't miss anything, and I still did some manual registry cleanup by following the AV09 removal instructions on this site. I hope this helps someone in a similar situation. I was so very happy when I found this. I couldn't wait to get home from work and try it out, and it worked like a charm for me. :D

[tamariki]

Had the same problem. Ran a couple of anti virus programmes, but couldn't get on their sites to download the upgrades. Downloaded spybot, installed it, but it wouldn't run.
One of the programmes I downloaded suggested running check disk. That would n't run.
Non of the previously installed spyware and anti virus programmes would run.
The solution you advised worked. When I rebooted, check disc cut in, and restored corrupted files. Ran for three minutes.
Am now able to run spybot, avast etc.
Thanks for finding a solution. Saved me re-installing Windows again.
PS
Had turned off system restore, so hope the PC in clean.

[visiondash]

I did what you said but I can't find "TDSSserv.sys". Can it be under a different name?

[tamariki]

After I disabled TDDS.sys, I found a solution that removed it by downloading and running SDFix.exe.
Instructions can be obtained from here:-

http://www.computer-juice.com/forums/f49/im-under-assault-smartest-virus-ever-help-19431/