Search engine result hijack

Discussion in 'Backup and Security' started by m22au, Dec 14, 2008.

  1. m22au

    m22au

    After many years of computer use, I encountered some malware that I couldn't fix with Spybot S&D or Ad-Aware.

    The malware file was 'sysaudio.sys', and it was detected by Malwarebytes.

    http://www.malwarebytes.org/

    It appears that the malware hijacks search engine results, but thankfully I don't think it does 'other stuff' like keystroke logging.

    Useful article on Sysaudio:

    http://miekiemoes.blogspot.com/2008/10/fake-sysaudiosys-causes-searchengine.html

    do NOT confuse this one with the legitimate sysaudio.sys file which is present in the %sysdir%\drivers folder!!! So don't delete the legitimate %sysdir%\drivers\sysaudio.sys file!

    For what it's worth, I also had Zone Alarm detect WJQS.exe

    in real-time.

    At this stage I am unsure if it's related.

    Before I removed the sysaudio malware, Google was going to 1.2.3.0 instead of my usual 127.0.0.1 hosts file.
     
  2. m22au

    m22au

    Some further useful links:

    http://www.google.com.au/search?hl=en&q="yahoo+counter+starts+here"+malware&btnG=Search&meta=

    http://www.bleepingcomputer.com/forums/topic175838.html

    The Bleepingcomputer forum mentions that 'Combofix' solves the problem.

    I didn't try this because Malwarebytes was sufficient.

    * * * *

    EDIT:

    One way to prevent future infections is to install the Noscript addon for Firefox:

    https://addons.mozilla.org/en-US/firefox/addon/722

    http://en.wikipedia.org/wiki/NoScript

    https://addons.mozilla.org/en-US/firefox/browse/type:1/cat:all?show=20&sort=popular
     
  3. Thanks for the info. I installed Malwarebytes and seems to work fine. I will also upgrade to RT.