A very annoying type of virus is the one that redirects Google searches and the addresses of websites typed on the web browser to different sites, often containing other viruses or in any case very ambiguous and strange . It is the type of TDSS virus, a very common rootkit that has spread in various forms over the past three or four years.
Symptoms of this virus are automatic downloads of unsolicited files, sites that open on their own and difficulty opening Google searches.
Recently it is accompanied by the DNSchanger trojan which, silently, changes the network settings so that the infected pc becomes part of a botnet, that is, a computer network used for illicit purposes.
Once the Trojan has changed the DNS configuration on the machine, DNS queries from the PC will be redirected to the hijacker server forcing the user to visit strange and malicious sites .
TDSS is also known as GRV virus ( Google Redirect Virus ) because it acts on internet searches and, by clicking on a normal result, instead of opening the chosen site, something else opens.
Since this problem is very common and since you often don't realize you have the TDSS rootkit on your computer, I recommend everyone today (even those who consider themselves safe and secure) to do a special scan to detect possible threats, using the excellent and indispensable TDSSKiller tool.
The fact is that, unlike most malware, this rootkit virus (see HiJackThis and anti-rootkit protections) goes deep into the system, so hidden that normal antivirus and antimalware scanners cannot find .
Even if there were no symptoms of infection, it should be noted that the TDSS rootkit can operate without giving any signal, like a hidden cancer that prepares the computer to receive other types of viruses and to become vulnerable.
If you then notice the opening of unwanted sites, unless it depends on a toolbar or a malicious component of the browser, the problem may be difficult to solve.
It afflicts and affects internet browsing, whatever browser you use: Firefox, Chrome, Opera and Internet Explorer.
The TDSS and its variants such as the DNSChanger or the GRV mentioned above, are difficult to detect because they are installed as normal computer drivers then load when the PC starts and then disappear from view (as is the case for all rootkits).
Since a system driver is a normal and innocent component to antivirus and antimalware scanners, TDSS will not be removed.
The solution comes from a small and easy free program released by Kaspersky : TDSSKiller .
This is one of those tools to always keep available in a USB stick and on the computer and to run every now and then to be sure that the PC has not been infected.
TDSSKiller has been specifically designed to remove TDSS viruses that normal antivirus cannot see and that can bring serious problems.
Affected or not, download TDSSKiller.zip, extract the file using an extraction program such as 7-Zip and, after extraction, launch the TDSSKiller.exe file.
If the pc had been hit, the download page of TDSSKiller.exe may be unreachable so you have to use another computer and copy it to a USB stick to run it on the infected computer.
Furthermore, if the PC blocks its execution, you have to rename the file by changing its name, (right mouse button -> Rename) by calling it, for example, pomhey.net (important to change the .exe to something else).
The tool can be run with a double click and is completely automatic; just start it and press the " Start Scan " button to start the check.
Those who are more experienced can enter the advanced options and activate the checks on the driver signatures and check the TDLFS filesystem.
After a short time you will immediately have the results of the scan and, if TDSS rootkits have been detected, the program marks the best action to perform.
Among the options, it is advisable to avoid both the Delete and the move to quarantine which may not be useful in this case.
By restarting the pc, the problems should be solved.
Note : sptd, the virtual driver used by programs that create a virtual CD DVD player such as Daemon Tools, may come out of the suspicious drivers.
If TDSSKiller doesn't find anything, you can scan it with another Symantec program : FixTDSS .
At this point, the TDSS rootkit should be successfully deleted from the computer and any problems should be solved.
To avoid new problems in the future, it is advisable to navigate carefully and install, in addition to a normal antivirus, an antispyware program such as Spybot that protects the computer against malicious sites and prevents changes to the DNS or the hosts file (see also Preventing the browser from open and browse virus websites from the hosts file).
