Wednesday, December 10, 2008 - Virus, Trojan, Annoying

I was in a conference room in Denver traveling on business when my Google search results started sending me to random pages. Bad. Same thing with Yahoo and Very bad.

The problem went away for a few days, but crept back up. I think it opened a door for some other stuff too, because my Firefox bookmarks got wiped out, and the background of the text for my desktop icons started to change. Danger. Danger!

So, now I had to do something. Our IT department wasn't much help, and I couldn't search anywhere. Then I realized that clicking the links in the search results didn't work, but the search engines mentioned earlier print the URL for cutting and pasting.

"Not a big deal", I thought. "I'll just see what McAfee has for this." The Trojan writers though about that though. Like my Google results, was blocked.

I found this forum post at that saved me. Apparently, the Trojan blocks the installation and update of Antivirus software and the like. In a nutshell, here are the instructions that are provided there:

  1. Go to Start > Control Panel(This Computer) > System.

  2. Click the Hardware tab and click on Device Manager.

  3. Select View from the menu, then select Show Hidden Devices.

  4. Scroll down to Non-plug and Play Drivers and click the plus icon to expand the items.

  5. Look for TDSSserv.sys, right click it, then select Disable

    Note: If you select Uninstall, it will install itself again when you reboot the system so Don't!.

  6. Restart your PC

  7. Now you can install the software to kill it. Download, install, and run "MalwareBytes". You can get it from The filename will be mbam-setup.exe.

That should do it. Follow the MalwareBytes instructions and you should be home free. Now I can get back to redesigning, home of the world's best looking websites (shameless plug).


Post a Comment

<< Home