Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

How to remove Google searches redirect/vimax ads [gaopdxserv.sys trojan]

Google/Yahoo/MSN searches redirect is a result of gaopdxserv.sys trojan activity (variant of TDSSserv trojan family). The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.

Once infected, gaopdxserv.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to non related sites. Vimax pills banner ads are popping up on some sites, include security sites. Also the trojan spreads by copying itself to all removable drives as %DriveLetter%\resycler\[random].com, after that the trojan creates %DriveLetter%\autorun.inf file on all removable drives so that it executes whenever the drive is accessed.

Use the following instructions to remove gaopdxserv.sys trojan.

Step 1: Delete gaopdxserv.sys trojan driver.

  • Download Avenger from here and unzip to your desktop.
  • Run Avenger, copy,then paste the following text in Input script Box:

    Drivers to delete:

  • Then click on ‘Execute’.
  • You will be asked Are you sure you want to execute the current script?. Click Yes.
  • You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
  • Your PC will now be rebooted.

Step 2: Remove autorun.inf file.

  • Download Flash Disinfector by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
  • Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will remove any autorun.inf files, create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder. It will help protect your drives from future infection.

Step 3: Remove gaopdxserv.sys trojan files and any associated malware.

  • Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
  • Once downloaded, close all programs and Windows on your computer (including this one).
  • Double-click on the icon named mbam-setup.exe to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select “Perform Quick Scan”, then click Scan.
  • MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • MBAM will now delete all of the files and registry keys and add them to the quarantine.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

If you need help with the instructions, then post your questions in our Spyware Removal forum.

March 15, 2009 on 9:11 am | In Trojan, Tutorials - HowTo | 19 Comments |


RSS feed for comments on this post.


    The Flash Disinfector download is a worm.

    Comment by freedan — March 16, 2009 #

  2. freedan, its false alert. Flash Disinfector is very good small tool. Read comments here.

    Comment by Patrik — March 16, 2009 #

  3. Hi,
    I have this problem and MBAM cannot delete some gaopdxserv.sys entry in windows registry. in fact the registry entry is locked for this key.

    Windows Vista SP1

    Comment by Mehrdad — March 25, 2009 #

  4. You should use Avenger for removing gaopdxserv.sys trojan or ask help at our forum.

    Comment by Patrik — March 25, 2009 #

  5. hello,

    the malware will not let me update malware bytes! and its not finding anything. help please, i have followed all previous steps as well as tried spybot, webroot, norton, and now here i am 200 dollars later.

    it allowed me to use avenger to remove the services. but i cannot run it again.


    Comment by cody — March 25, 2009 #

  6. cody, probably you have another variant of the trojan. Ask help at our forum.

    Comment by Patrik — March 25, 2009 #

  7. i just removed the trojan successfully thanks to this post after a four hour google session.

    thank you

    Comment by gsat — March 26, 2009 #

  8. Same here spent hours googling this problem, followed these instructions and everything was sorted.

    Comment by Matt88 — March 27, 2009 #

  9. hey Patrick thanks i joined your guys forum and i am having a wonderful computer experience again, i found so much crap on there that was slowing me down, everything works better. its almost as though i have a brand new system =)


    Comment by cody — March 27, 2009 #

  10. thank you so much. i am not very computer savvy but these instructions were completely clear and the programs worked perfectly. no more trojan!

    Comment by andrea — March 28, 2009 #

  11. Finally! Problem solved.
    Thanks, awesome site.

    Comment by Docker Al — March 29, 2009 #

  12. Thanks! I went through all the steps and the problem is solved. I have no computer abilities and I was able to do it very easily.

    Comment by Kimberly — March 30, 2009 #

  13. The problem has been fixed by following the intructions posted. Thanks a lot.

    Comment by Thuong — March 30, 2009 #

  14. Good instructions.They didn’t work at first as I was reinfected after rebooting and was ready to nuke my hard drive. But then I tried disabling my wireless connection and it worked like a charm. Thanks

    Comment by oldmannewtrks — April 4, 2009 #

  15. I’ve been a computer security professional for almost 30 years and this one stumped me. Thanx for the help! Problem is solved!

    Comment by Archangel — April 4, 2009 #

  16. Awesome instructions! Thanks a million. I own a computer & tech support business and a customer’s computer was infected with this rootkit and none of my

    Comment by Benchmark — April 4, 2009 #

  17. Hey thanks a lot …
    I tried lots of different stuff and nothing worked but avenger was the key.

    Comment by rakeshishere — June 28, 2009 #

  18. Ok I think I have this trojan because there are these damn vimax ads EVERYWHERE (unless I go on Opera for some reason).
    Also, I have no idea what to do everyone is telling me something different can someone please help google redirects me too its VERY annoying!!!!

    Comment by Mitten — August 27, 2009 #

  19. Mitten, if above steps does not help you, then probably your PC infected with another variant of DNSChanger trojan. Ask for help at our Spyware removal forum.

    Comment by Patrik — August 27, 2009 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.