Whenever I do a Google search, I get a momentary delay where I se the words “waiting for 7.7.7.0…” in the bottom status bar. The results page then seems to come up normally. Googling on the probkem reveals similar recent complaints about seach results being redirected to show spam entries. My computer seems to be resisting the redirect at the moment, but that little hitch is extremely annoying, and I’m worried that I’m not seeing the whole infection.
Does anybody know anything about this or have a clue how to fix it? It appears to have started with a sudden browser crash while a page on another site was loading, but so far, it does not seem to be interfering with other browsing besides the Google searches.
I’m in Firefox 2, by the way.
It’s Rootkit.Win32.Agent.fwt. Running the Kaspersky online scanner should fix it.
Thanks, but every time I try to open the Kapersky scanner, it closes my browser. Any advice?
You should have a file named wdmaud.sys in either c:\windows or c:\windows\system32. Rename it, reboot, and re-try Kaspersky.
I found it. but what do I rename it (my apologies if that’s a stupid question. I’m almost completely computer illiterate)?
yoyodyne, are you sure “wdmaud.sys” is the file of interest? Your link says “sysaudio.sys”.
IF it’s the correct file to re-name (see indistinguishable’s post above), I always rename files by placing an underscore (_) at the beginning of the filename. So “filename.ext” becomes “_filename.ext”. It moves them right to the top of the filelist and makes it easy to name them back to original if needed.
Most people that are infected seem to have wdmaud.sys as the filename. It shouldn’t be in windows or system32; if it is it’s the virus.
DC, you could delete it if you want, but I usually rename just in case. Rhubarb’s idea is a good one. Kaspersky should still find it no matter what it’s named.
Much obliged, yoyodyne. Everything appears to be back to normal.
Happy to be of help. Most spyware and viruses now are a lot harder to repair than this one.