After many years of computer use, I encountered some malware that I couldn't fix with Spybot S&D or Ad-Aware. The malware file was 'sysaudio.sys', and it was detected by Malwarebytes. http://www.malwarebytes.org/ It appears that the malware hijacks search engine results, but thankfully I don't think it does 'other stuff' like keystroke logging. Useful article on Sysaudio: http://miekiemoes.blogspot.com/2008/10/fake-sysaudiosys-causes-searchengine.html do NOT confuse this one with the legitimate sysaudio.sys file which is present in the %sysdir%\drivers folder!!! So don't delete the legitimate %sysdir%\drivers\sysaudio.sys file! For what it's worth, I also had Zone Alarm detect WJQS.exe in real-time. At this stage I am unsure if it's related. Before I removed the sysaudio malware, Google was going to 1.2.3.0 instead of my usual 127.0.0.1 hosts file.
Some further useful links: http://www.google.com.au/search?hl=en&q="yahoo+counter+starts+here"+malware&btnG=Search&meta= http://www.bleepingcomputer.com/forums/topic175838.html The Bleepingcomputer forum mentions that 'Combofix' solves the problem. I didn't try this because Malwarebytes was sufficient. * * * * EDIT: One way to prevent future infections is to install the Noscript addon for Firefox: https://addons.mozilla.org/en-US/firefox/addon/722 http://en.wikipedia.org/wiki/NoScript https://addons.mozilla.org/en-US/firefox/browse/type:1/cat:all?show=20&sort=popular
Thanks for the info. I wonder if this is what happened here also... http://www.elitetrader.com/vb/showthread.php?s=&threadid=144738