Close to a month ago, I downloaded a torrent and opened the contents. I'm pretty sure now that Symantec AntiVirus popped up with a message warning me, but I didn't really absorb it and chose not to heed whatever it was saying, closing it. Shortly afterwards I noticed that my google results were redirecting to suspicious locations, so I scanned the computer with Symantec, and sure enough, it came up with tdss files. I performed full scans a couple of times, each time having the antivirus clean, delete or move what it could; after the second or third time the google results stopped redirecting and my computer seemed to operate fine. But I distinctly remember that for a couple of files, it asked to reboot and still could not perform any requested actions. I meant to post on these forums then, but I kept procrastinating until now. Meanwhile, Symantec has stopped asking for reboots but does prompt me to download some updates and check if quarantined items can be cleaned or deleted now. So far no luck with that. And, I just checked: Symantec's AntiVirus SFV tells me the 52 files it recorded in the history are missing now (log is below). My question is, have I done enough to remove any threat, or should I be doing more? I looked at some previous cases on these forums and it seemed like getting rid of the virus was a long, involved and individualized process, so I wanted to confirm. Symantec AntiVirus SFV log: QuickSFV v2.36 Risk Downloader Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv Backdoor.Tidserv!inf Downloader Bloodhound.Exploit.213 Trojan Horse Backdoor.Tidserv Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv Backdoor.Tidserv!inf Backdoor.Tidserv Backdoor.Tidserv!inf Backdoor.Tidserv Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv!inf Downloader Backdoor.Tidserv!inf Downloader Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv!inf Packed.Generic.200 Packed.Generic.200 Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv!inf Backdoor.Tidserv!inf Trojan Horse Backdoor.Tidserv!inf Backdoor.Tidserv!inf Trojan Horse Trojan Horse Backdoor.Tidserv Backdoor.Tidserv!inf Backdoor.Tidserv!inf Packed.Generic.200 Trojan Horse Trojan Horse Backdoor.Tidserv!inf Backdoor.Tidserv Backdoor.Tidserv!inf Backdoor.Tidserv!inf 52 files checked There were 52 missing files

I think you are still infected. Depending opun the variant of the google redirect malware this may temporaryily help with the redirects: Click on Start, click Run, and then type devmgmt.msc and click OK On the View menu click on Show hidden devices Browse to Non-Plug and Play Drivers and click the + sign to the left, you should see something like TDSSserv.sys in that list. Highlight that driver and right click on it and select DISABLE - NOT uninstall. Now RESTART your computer. Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save. 1. Double Click tool.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply. If Malwarebytes installed but will not run navigate to this folder: C:\Programs Files\Malwarebytes' AntiMalware Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save. 1. Save " tools.exe" to your desktop. 2. Double click on tools.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

TDSS is a trojan that is also known as TDSS SERV or Trojan.Backdoor.Tid Serv. ok heres a manual removal guide for removing the TDSS http://darfuns.com/remove-trojan-td...

I tried following the steps to deal with the redirect (even though it stopped a long time ago after I used Symantec), but couldn't find TDSSserv.sys or anything similar. I downloaded Malware but couldn't find the way to rename it before, so I just renamed the setup file after it finished downloading. I also renamed the folder to tool.. not sure if that accomplished anything. In any case I did the quick scan and it detected a couple of misnomers. Since it asked for a reboot I decided to delay posting the log which popped up. However, during the reboot process I got a black screen that said something like, "Invalid system disk. Please correct and press any button to continue". I do have a slave drive, if that's relevant; I can get it switched with the primary drive for me if it's needed. Meanwhile I can't access the computer as I keep on getting that message even if I restart (I'm using another computer to post this). What should I do?

Switch it with the primary drive and see if it will boot.

Hello, I belive I have a similar problem with my computer. My Norton Antivirus discovered this naughty little virus called "packed.generic.200", and shortly after I got some trojans and crap aswell. Now I keep getting redirected on the internet, aswell as having all internet advertisement replaced with adds for viagra pills. I would appriciate any help I can get.

Qwazin, please start a thread of your own and we will try to help. Just state the problem as you did here, do not post any logs yet please.