Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search engine virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 twinterps

twinterps

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 27 January 2009 - 01:47 PM

When I try to use any search engine (google, yahoo, msn), I get search results that have what I searched for in the results but ALSO "freeantivirus", etc... as part of the web address. It says "loading 7.7.7.0..." at the bottom left of the screen no matter what search engine I use. I think this is a virus/malware/trojan of some sort but I don't know how to get rid of it. I have run SpySweeper & Norton Internet Security with no results. I also tried Spybot and Malwarebytes and it found some things and I "fixed" them but it didn't help with the search engine problem. System restore won't work on my computer (I think that's a problem with NIS but not sure). I have deleted the temporary folders, cookies, and caches. I have Window XP, Service Pack 3 and lately I've been using Firefox instead of IE. I'm not sure what my options are at this point. I was thinking of trying Windows Washer but not sure if that will help or hurt. I don't want to have to swipe out everything and reinstall windows. Any help would be appreciated!!!! Here is my Highjackthis log:

Edited by Billy O'Neal, 11 February 2009 - 05:58 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:23 PM

Posted 08 February 2009 - 11:00 PM

Hello, twinterps
:thumbup2: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to run a Scan with DDS
  • Please download DDS, and save it to your desktop, from one of the following mirrors:
  • Disable any type of "Script Blockers" or "Script Protection" installed on your system.
  • Double click Posted Image on your desktop.
  • If prompted by any script blocking tools, please allow any actions taken by DDS.
  • Two reports will open. Please reply with the generated reports:
    • DDS.txt <-- Copy and paste into your next post
    • Attach.txt <-- Attach to your next post
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • DDS.txt
  • Attach.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 twinterps

twinterps
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 February 2009 - 09:43 AM

I actually think I solved it. I did a little research and found that other people were having the same problem. Seems to have stemmed from a security breach with Adobe (I had an older version that hadn't been updated). Somehow it installed a fake wdmaud.sys file on my computer which was causing the search engine problem. I found this file, deleted it and all the temporary files/cookies, restarted Firefox and voila! everything seems to be working normally again. Can you think of anything else I would need to do?

Thanks for the help!

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:23 PM

Posted 10 February 2009 - 06:33 PM

I would still post those three logs, as there may be spots on the system not covered by the steps you followed.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 twinterps

twinterps
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 11 February 2009 - 09:49 AM

Thanks for your help. I'd rather not post all that info. I'd appreciate if you would remove my hijackthis log at the beginning of this topic. have a good day! :thumbup2:

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:23 PM

Posted 11 February 2009 - 05:58 PM

Are you sure you would no longer like help?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:23 PM

Posted 13 February 2009 - 05:43 PM

Hello, twinterps
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users