Google/Yahoo/MSN searches redirect is a result of gaopdxserv.sys trojan activity (variant of TDSSserv trojan family). The trojan horse may represent security risk for the infected computer and uses rootkit-specific techniques designed to hide the software presence in the system.
Once infected, gaopdxserv.sys trojan blocks user access to security websites, search results in Google, Yahoo, MSN and other redirect you to non related sites. Vimax pills banner ads are popping up on some sites, include security sites. Also the trojan spreads by copying itself to all removable drives as %DriveLetter%\resycler\***.com, after that the trojan creates %DriveLetter%\autorun.inf file on all removable drives so that it executes whenever the drive is accessed.
Use the following instructions to remove gaopdxserv.sys trojan.
Step 1: Delete gaopdxserv.sys trojan driver.
- Download Avenger from here and unzip to your desktop.
- Run Avenger, copy,then paste the following text in Input script Box:
Drivers to delete:
gaopdxserv.sys - Then click on ‘Execute’.
- You will be asked Are you sure you want to execute the current script?. Click Yes.
- You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.
- Your PC will now be rebooted.
Step 2: Remove autorun.inf file.
- Download Flash Disinfector by sUBs and save it to your desktop.
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
- Please do so and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
Note: Flash_Disinfector will remove any autorun.inf files, create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder. It will help protect your drives from future infection.
Step 3: Remove gaopdxserv.sys trojan files and any associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
If you need help with the instructions, then post your questions in our Spyware Removal forum.
DO NOT DOWNLOAD
The Flash Disinfector download is a worm.
freedan, its false alert. Flash Disinfector is very good small tool. Read comments here.
Hi,
I have this problem and MBAM cannot delete some gaopdxserv.sys entry in windows registry. in fact the registry entry is locked for this key.
Windows Vista SP1
You should use Avenger for removing gaopdxserv.sys trojan or ask help at our forum.
hello,
the malware will not let me update malware bytes! and its not finding anything. help please, i have followed all previous steps as well as tried spybot, webroot, norton, and now here i am 200 dollars later.
it allowed me to use avenger to remove the services. but i cannot run it again.
help
cody, probably you have another variant of the trojan. Ask help at our forum.
i just removed the trojan successfully thanks to this post after a four hour google session.
thank you
Same here spent hours googling this problem, followed these instructions and everything was sorted.
hey Patrick thanks i joined your guys forum and i am having a wonderful computer experience again, i found so much crap on there that was slowing me down, everything works better. its almost as though i have a brand new system =)
YOU GUYS ARE AWESOME!
thank you so much. i am not very computer savvy but these instructions were completely clear and the programs worked perfectly. no more trojan!
Finally! Problem solved.
Thanks, awesome site.
Thanks! I went through all the steps and the problem is solved. I have no computer abilities and I was able to do it very easily.
The problem has been fixed by following the intructions posted. Thanks a lot.
Good instructions.They didn’t work at first as I was reinfected after rebooting and was ready to nuke my hard drive. But then I tried disabling my wireless connection and it worked like a charm. Thanks
I’ve been a computer security professional for almost 30 years and this one stumped me. Thanx for the help! Problem is solved!
Awesome instructions! Thanks a million. I own a computer & tech support business and a customer’s computer was infected with this rootkit and none of my
Hey thanks a lot …
I tried lots of different stuff and nothing worked but avenger was the key.
Ok I think I have this trojan because there are these damn vimax ads EVERYWHERE (unless I go on Opera for some reason).
Also, I have no idea what to do everyone is telling me something different can someone please help google redirects me too its VERY annoying!!!!
Mitten, if above steps does not help you, then probably your PC infected with another variant of DNSChanger trojan. Ask for help at our Spyware removal forum.