Search engine result hijack

Discussion in 'Backup and Security' started by m22au, Dec 14, 2008.

  1. m22au


    After many years of computer use, I encountered some malware that I couldn't fix with Spybot S&D or Ad-Aware.

    The malware file was 'sysaudio.sys', and it was detected by Malwarebytes.

    It appears that the malware hijacks search engine results, but thankfully I don't think it does 'other stuff' like keystroke logging.

    Useful article on Sysaudio:

    do NOT confuse this one with the legitimate sysaudio.sys file which is present in the %sysdir%\drivers folder!!! So don't delete the legitimate %sysdir%\drivers\sysaudio.sys file!

    For what it's worth, I also had Zone Alarm detect WJQS.exe

    in real-time.

    At this stage I am unsure if it's related.

    Before I removed the sysaudio malware, Google was going to instead of my usual hosts file.
  2. m22au


    Some further useful links:"yahoo+counter+starts+here"+malware&btnG=Search&meta=

    The Bleepingcomputer forum mentions that 'Combofix' solves the problem.

    I didn't try this because Malwarebytes was sufficient.

    * * * *


    One way to prevent future infections is to install the Noscript addon for Firefox:
  3. Thanks for the info. I installed Malwarebytes and seems to work fine. I will also upgrade to RT.