My Window XP desktop with McAfee AV was infected with a variant of the google redirect virus. Our search results on Google and Yahoo
were getting redirected.
Until I recognized it as the google redirect virus, I could not load any new Spyware. Once I identified this as a possible cause, search results directed
to a file called wdmaud in C:\Windows\System32. Renaming this file allowed me to temporarily access the net.
I downloaded a variety of options including BulletProofSoft, Spybot/Teatimer, McAfee rootkit, GMER and Malwarebytes. These worked temporarily when I
renamed wdmaud, but the redirects kept reoccurring. The redirections seemed to stop completely when I used TDSSKiller from Kaspersky.
However, while the redirection stopped, some process is continuing to create the wdmaud file on every restart. Also, after an initial start, I am not
to run SpyBot on my system. When started, Spybot initializes but stalls immediately after. Malwarebytes runs but does not find any issues. Neither does
McAfee find any issues.
Unfortunately, since I was given ComboFix through an alternate path, I hadn't read the instructions in this forum to not use it unless requested. I ran
ComboFix on the system twice. The first run produced a Blue Screen and the second a log (appended to this message).
I believe the desktop is still infected since the fake file keeps reappearing. I would appreciate any advice on how I can identify the process that's
creating the fake wdmaud file. The system has also become noticeably faster after all of these scrubs!
Edited by Orange Blossom, 15 July 2010 - 10:35 PM.
Move to AII ~ OB