Comments on: Google, MSN, Yahoo Search 7.7.7.0 Redirector Malware HiJack http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/ All things involving technology. Fri, 05 Mar 2010 21:22:19 -0500 http://wordpress.org/?v=2.8.6 hourly 1 By: Jordan http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-3/#comment-1477 Jordan Wed, 20 Jan 2010 01:42:55 +0000 http://www.techish.net/?p=386#comment-1477 Same problem... except I deleted Wdmaud and I still have it. And on my computer, no matter how much I delete Wdmaud, it keeps coming back. Same problem… except I deleted Wdmaud and I still have it. And on my computer, no matter how much I delete Wdmaud, it keeps coming back.

]]> By: Mike` http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-3/#comment-785 Mike` Wed, 23 Dec 2009 04:20:01 +0000 http://www.techish.net/?p=386#comment-785 I forgot to mention, It happens in both Firefox (latest version) and IE8 I forgot to mention, It happens in both Firefox (latest version) and IE8

]]> By: Mike` http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-3/#comment-783 Mike` Wed, 23 Dec 2009 04:16:55 +0000 http://www.techish.net/?p=386#comment-783 I have the same problem. If I click on any link displayed in Google or Bing, or msn search, I get redirected to an unrelated website, which is different each time. Sometimes it is to a travel website, sometimes to a shopping website, somethings to a rogue spyware site that pretends to scan your PC for viruses and malware. Clicking CANCEL on the page does nothing, you have to click the X close box, top right. Malwarebytes, spybot, adaware, norton 360, avg, Microsoft security essentials, all report the system as clean. I have booted and scanned in SAFE mode for those programs that allow a safe mode scan. I have checked, I do not have the c:\windows\system32\wdmaud.sys file. I do have c:\windows\system32\drivers\wdmaud.sys I have checked the C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts file The only URL shown is 127.0.0.1 LOCAL HOST Other lines in the file are all prefixed with # (assumed to be a comment) I have checked the running processes and loaded files using Hijackthis There appears to be nothing unusual. Any ideas would be greatly appreciated, I have spend two days on this, I am tearing my hair out! I have the same problem.
If I click on any link displayed in Google or Bing, or msn search, I get redirected to an unrelated website, which is different each time.

Sometimes it is to a travel website, sometimes to a shopping website, somethings to a rogue spyware site that pretends to scan your PC for viruses and malware. Clicking CANCEL on the page does nothing, you have to click the X close box, top right.
Malwarebytes, spybot, adaware, norton 360, avg, Microsoft security essentials, all report the system as clean.

I have booted and scanned in SAFE mode for those programs that allow a safe mode scan.

I have checked, I do not have the c:\windows\system32\wdmaud.sys file.
I do have c:\windows\system32\drivers\wdmaud.sys

I have checked the C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts file

The only URL shown is 127.0.0.1 LOCAL HOST
Other lines in the file are all prefixed with # (assumed to be a comment)

I have checked the running processes and loaded files using Hijackthis
There appears to be nothing unusual.

Any ideas would be greatly appreciated, I have spend two days on this, I am tearing my hair out!

]]> By: Tony http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-3/#comment-571 Tony Wed, 09 Dec 2009 23:20:50 +0000 http://www.techish.net/?p=386#comment-571 Amoss, your hosts file looks normal to me. mine actually had a whole list of things that shouldn't have been there, which i managed to delete, but the google results redirecting is still happening. and malware bytes still doesn't find anything wrong. Amoss,

your hosts file looks normal to me. mine actually had a whole list of things that shouldn’t have been there, which i managed to delete, but the google results redirecting is still happening. and malware bytes still doesn’t find anything wrong.

]]> By: Amoss http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-3/#comment-544 Amoss Mon, 07 Dec 2009 02:05:46 +0000 http://www.techish.net/?p=386#comment-544 Hi. PLEASE HELP!!!!! Every time i click on a link on google i get redirected to some other site. Mainly advertising sites. I have tried to restore my default settings on the browser, i have scanned with Malewarebytes and it found stuff and deleted them already, i have sacnned with avast anti virus and that deleted files but the problem is still happening. Im not very good with computers and need help. This is what it says in my hosts file in noteped: # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost To be honest i wouldn't know if there was something wrong with that or not????? :s I am a bit concerned with these 3 files that avast picked up and i cant get rid of them, they are: kernel32.dll winsock.dll wsock32.dll All in system32 folder... Someone please help me. it happens all the time, even brings up new pages..... Hi.
PLEASE HELP!!!!!
Every time i click on a link on google i get redirected to some other site. Mainly advertising sites.
I have tried to restore my default settings on the browser, i have scanned with Malewarebytes and it found stuff and deleted them already, i have sacnned with avast anti virus and that deleted files but the problem is still happening.
Im not very good with computers and need help.
This is what it says in my hosts file in noteped:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

To be honest i wouldn’t know if there was something wrong with that or not????? :s
I am a bit concerned with these 3 files that avast picked up and i cant get rid of them, they are:

kernel32.dll
winsock.dll
wsock32.dll

All in system32 folder…
Someone please help me. it happens all the time, even brings up new pages…..

]]> By: Tony http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-2/#comment-507 Tony Wed, 02 Dec 2009 14:23:47 +0000 http://www.techish.net/?p=386#comment-507 Yeah, well I have this google redirect thing on my computer and MalwareBytes, and it doesn't remove it. This problem came after I got the AdvancedVirusRemover infection, this thing that tries to pass itself off as a virus remover, came out of nowhere while on my college's website. MalwareBytes removed that, but this is a lingering problem that won't go away. Of course I find this site a few days after you have removed the tool. Yeah, well I have this google redirect thing on my computer and MalwareBytes, and it doesn’t remove it. This problem came after I got the AdvancedVirusRemover infection, this thing that tries to pass itself off as a virus remover, came out of nowhere while on my college’s website. MalwareBytes removed that, but this is a lingering problem that won’t go away. Of course I find this site a few days after you have removed the tool.

]]> By: Richard Kreider http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-2/#comment-473 Richard Kreider Fri, 27 Nov 2009 17:23:46 +0000 http://www.techish.net/?p=386#comment-473 The file has been removed due to the fact MalwareBytes Anti-Malware scanner picks up this infection and fixes it. You can get Malwarebytes from http://www.malwarebytes.org/ The file has been removed due to the fact MalwareBytes Anti-Malware scanner picks up this infection and fixes it. You can get Malwarebytes from http://www.malwarebytes.org/

]]> By: Karen http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-2/#comment-320 Karen Sat, 07 Nov 2009 02:01:31 +0000 http://www.techish.net/?p=386#comment-320 I'm having a problem with the Redirect Virus, and would like to use your tool, but the zip file does not seem to exisit. Is there a way to get hold of it? I’m having a problem with the Redirect Virus, and would like to use your tool, but the zip file does not seem to exisit. Is there a way to get hold of it?

]]> By: Steve S http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-2/#comment-139 Steve S Mon, 03 Aug 2009 17:18:37 +0000 http://www.techish.net/?p=386#comment-139 Btw I'm also getting windows-like warning popups saying various files are corrupt and I need to run Chkdsk. Btw I’m also getting windows-like warning popups saying various files are corrupt and I need to run Chkdsk.

]]> By: Steve S http://www.techish.net/2009/01/10/google-7770-redirector-malware-tool/comment-page-2/#comment-138 Steve S Mon, 03 Aug 2009 17:16:35 +0000 http://www.techish.net/?p=386#comment-138 I deactivated Adobe Reader javascript and installed NoScript in Firefox. Did a full recursive scan of C:\ with 7770finder, it didn't find any infections but it did skip 41 files. Tried installing malwarebytes' tool from an external drive, but the setup script halts before finishing. So I'm still being redirected. THis is one nasty piece of work. I'll try installing AVG but I'm not hopeful. Could be it's time for an XP reinstallation... I deactivated Adobe Reader javascript and installed NoScript in Firefox.

Did a full recursive scan of C:\ with 7770finder, it didn’t find any infections but it did skip 41 files.

Tried installing malwarebytes’ tool from an external drive, but the setup script halts before finishing.

So I’m still being redirected. THis is one nasty piece of work. I’ll try installing AVG but I’m not hopeful. Could be it’s time for an XP reinstallation…

]]>