 | Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here! |
How to remove msivxserv.sys trojan (Google redirect virus)
MSIVXserv.sys trojan is a new hidden trojan/rootkit from DNSChanger trojan family. The trojan uses rootkit-specific techniques designed to hide the software presence in the system. Once infected it blocks user access to security websites, blocks Spybot, AdAware, AVG, Superantispyware and Malwarebytes Anti-malware. Search results in Google, Yahoo, MSN and other redirects you to other non related sites.
Also msivxserv.sys trojan changes the DNS server options to the following fixed IPs: 85.255.112.95, 85.255.112.171, 85.255.112.204, 85.255.112.90.
Use the free instructions below to remove msivxserv.sys trojan and any associated malware from your computer.
Symptoms in a HijackThis Log
O17 – HKLM\System\CCS\Services\Tcpip\..\{2AFAF5CA-6B22-40A6-9642-D179DC3ADF8F}: NameServer = 85.255.112.95,85.255.112.171
O17 – HKLM\System\CCS\Services\Tcpip\..\{824A5446-77BF-4995-9F06-5B29F5E80614}: NameServer = 85.255.112.95,85.255.112.171
O17 – HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.204,85.255.112.90
O17 – HKLM\System\CS2\Services\Tcpip\..\{2AFAF5CA-6B22-40A6-9642-D179DC3ADF8F}: NameServer = 85.255.112.204,85.255.112.90
O17 – HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.171
O17 – HKLM\System\CS3\Services\Tcpip\..\{2AFAF5CA-6B22-40A6-9642-D179DC3ADF8F}: NameServer = 85.255.112.95,85.255.112.171
O17 – HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.171
O17 – HKLM\System\CS4\Services\Tcpip\..\{2AFAF5CA-6B22-40A6-9642-D179DC3ADF8F}: NameServer = 85.255.112.95,85.255.112.171
O17 – HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.95,85.255.112.171
Use the following instructions to remove msivxserv.sys trojan
Step 1: Remove msivxserv.sys trojan hidden driver.
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
msivxserv.sys
Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.
You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
Your PC will now be rebooted.
Step 2: Remove msivxserv.sys trojan files and any associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
16 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Malware Removal:
- Remove antispyjob.com browser hijacker
- How to remove AWM Antivirus (Uninstall instructions)
- How to remove antivirspace.com browser hijacker
- How to remove antivirlock.com browser hijacker
- How to remove antivirmars.com browser hijacker
- How to remove Advanced Security Tool 2010 (Uninstall instructions)
- How to remove Red Cross Antivirus (Uninstall instructions)
- How to remove AVDefender 2011 (Uninstall instructions)
- How to remove fake Microsoft Security Essentials Alert
- Remove antivirdial.com browser hijacker
Recent Forum Posts:
- Buy Avapro Online Without Prescription | Buy Avapro No Rx
- Antimalware Doctor - help!
- Virus pretending to be Microsoft internat explorer
- Antimalware Doctor
- Security Suite Virus - Unable to start computer
- exact same problem removed antimalware doctor, can't get online
- Malwarebytes removed antimalware doctor, can't get online
- Google redirect: HiJackthis log (at wits end)
- MBAM_ERROR_ADD_TO_RESULTS (0,6)
- Antimalware doctor won't let me run HijackThis...
Recent Comments:
- God!! youre a life saver! i mean pc saver!...
- Derek, what shows your browser when you trying to...
- Adrienne, download HijackThis from ...
- Joey, start a new topic in our Spyware removal for...
- Amjad, download the suggested programs above to an...
- luke, what shows you PC when you trying run any ap...
- Eva, try the following: rename the core Malwareby...
- Then you need to download the suggested programs a...
- mark, probably you have clicked to a google ads. U...
- DA, you are logged as Administrator ?...
Categories:
Archives:
- September 2010 (3)
- August 2010 (21)
- July 2010 (9)
- June 2010 (11)
- May 2010 (11)
- April 2010 (7)
- March 2010 (19)
- February 2010 (20)
- January 2010 (26)
- December 2009 (26)
- November 2009 (23)
- October 2009 (26)
- September 2009 (18)
- August 2009 (12)
- July 2009 (10)
- June 2009 (10)
- May 2009 (7)
- April 2009 (18)
- March 2009 (21)
- February 2009 (15)
- January 2009 (13)
- December 2008 (7)
- November 2008 (15)
- October 2008 (14)
- September 2008 (10)
- August 2008 (5)
- July 2008 (3)
- June 2008 (4)
- May 2008 (5)
- April 2008 (1)
- March 2008 (4)
- February 2008 (3)
- January 2008 (2)
- December 2007 (7)
- November 2007 (27)
- October 2007 (4)
- July 2007 (2)
- June 2007 (3)
- April 2007 (1)
- March 2007 (6)
- February 2007 (6)
- December 2006 (1)
- November 2006 (2)
- October 2006 (7)
- September 2006 (2)
- August 2006 (10)
- July 2006 (7)
- June 2006 (22)
- May 2006 (18)
- April 2006 (12)
- March 2006 (24)
- February 2006 (33)
- January 2006 (52)
- December 2005 (50)
- November 2005 (66)
Help by linking to us:
- MyAntiSpyware needs your support. Please make a link from your site to us.
Use the button:
Bookmark Us:
My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.
Avenger executed MSIVXserv.sys
and everything work back to normal
i was able to install and run malwarebytes’ and 16 were detected…
thnx alot for the instrucions…:)
Comment by Pat — July 13, 2009 #
Thank you for posting this. I have been looking for a solution to this for over a week. My next step was to format.
Worked like a charm!
Thanks again.
Comment by Scott — July 28, 2009 #
I’ve done EVERYTHING on this website and I STILL have the redirect google virus… so frustrated!
Comment by Christin in Austin TX — July 29, 2009 #
Christin, then ask for help at our Spyware removal forum.
Comment by Patrik — July 30, 2009 #
I don’t like google and I want to know how to get out of Total Security Anti-Spyware and PC Anti Spyware and the rest of the fake
Comment by Sal.sa — August 13, 2009 #
Hello,
I followed these instructions after trying many other solutions and it worked!!!
Comment by Navi — August 23, 2009 #
Apparent success! I had the Google redirect problem, which my McAfee couldn’t find.
The avenger didn’t find msivxserv.sys, but I went ahead with the MBAM. That found a number of items and once removed, no more Google redirect!
Thanks!
Comment by Kevin — September 4, 2009 #
IT WORKED! it really did! it was pretty easy too, just took a while (like 30min.)
Comment by Melvin — January 13, 2010 #
After hours of hard research work, I came across a different solution because MalWarebytes (MBAM)didn’t work for me. Try HitMan Pro (ver 3.5 is the latest as of this writing) fixed my Google & Yahoo Redirect Virus. The file culprit was named 7n8001.sys and was located in the Drivers sub-directory under C:\Windows\System32.
It took several hours of research and experimentation before I came upon this solution. I found the software on CNet. Looks like it’s free for 30 days. It’s a cloud computing solution. If you try deleting or renaming the virus yourself, it regenerates itself. It’s nasty and persistent.
As of today, 1/20/2010, the latest updates for AVG, Malwarebytes, Spybot Search & Destroy, and AdAware could not fix it. XDELBox found it but couldn’t fix it (couldn’t write to the HOSTS file in C:\Windows\System32\Drivers\ETC.)
Comment by LarryFromVegas — January 20, 2010 #
Excellent worked a treat, thank you very much!!
G
Comment by Graham — January 31, 2010 #
Neither of those options worked for me. The first one didn’t remove the virus so I tried the second one – MalwareBytes – and it downloaded to my computer but wouldn’t run and didn’t show any of the screens this website said it should. My computer still has the redirect virus and it’s getting pop-ups now too.
Comment by Jeni — February 16, 2010 #
Jeni, download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder and double click the TDSSKiller icon. Follow the prompts.
Comment by Patrik — February 17, 2010 #
Thx Larry HitMan Pro fixed me after 4 evenings wasted trying to resolve this redirect virus!
Comment by Dave — March 13, 2010 #
The Hitman Pro fixed on the first try. Have been through avenger, unhackme, and malwarebytes along with other anti virus programs. but the hitman worked.
Comment by SteveinMA — March 14, 2010 #
THANKS DUDE THIS FIXED MY COMP.. THANK YOUuu!!
Comment by Steve — May 9, 2010 #
This didn’t work for me, but Hitman Pro 3 did.
It saved me a lot of frustration. Thanks.
Comment by Daniel — July 17, 2010 #