This is my first post here. I have learned a great deal by reading messages on this forum and thought I should return the favor by sharing what has worked for me.
I am not sure how, but my PC received what I call the go.Google virus. It manifests by when you do a Google search, the list of sites it pops up all redirect to advertising sites via go.Google. This redirects under both IE and Firefox. Curiously, it does not redirect under the SeaMonkey browser.
When you try to run Avast, it does not let you connect to update your database, and when you run the scan it tells you no viruses found. Not!
This nasty virus has another behavior, it removes the safeboot option from the registry. So when you try to do a F8 safeboot to run cleaning programs, that is no longer available. I have read about getting to safeboot via msconfig, but never got around to trying that, I used a different method.
One other interesting behavior. When Windows is shutting down, and the “Saving your settings” screen is displayed, there is a barely perceptible flicker and the words shift slightly on the screen. I assume that the virus is working at that time to ensure that it has squirreled itself back in place prior to shut down.
Here is what I did:
To get around the safeboot problem, I created a BartPE boot disk via the instructions here: http://www.nu2.nu/pebuilder/ Once booted from BartPE, I needed a self installed virus checker. The ones that needed to be installed try to install to the boot CD, which will not work. I used Cure-It obtained from here: http://www.freedrweb.com/cureit/
The Cure-it program found and deleted the various entries: tdssdata.dll, tdssinit.dll, tdmain.dll, etc.
After the Cure-it program ran, I rebooted and ran Avast. This time it successfully updated. I ran a full scan and Avast found one additional remnant and deleted: C:\Windows\System32\tdssadw.dll
To restore the F8 functionality, I merged the .reg file found here: http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/
All appears to be back to normal now. I am sure there are other programs that will do the same thing, I am just sharing what worked for me.
Thanks to all who give of there time here to help others in need. You are true servants!