Search engine virus

February 10, 2009 at 06:08:55
Specs: Windows XP Home Edition SP3, Intel Pentium 4, CPU 3.20GHz, 503 MB RAM

I have a search-engine virus. This affects all search engines I have tried -- google, Yahoo, MSN -- and both Firefox and IE. It appears to be redirecting to another site. Search results come up but the websites are random unrelated sites.

I have run full scans on McAfee anti-virus 8.0, also CCleaner programs and registry, Spybot S&D and AdAware Anniversary Edition (both fully updated), but these did not find the problem.

Please help, thanks!

See More: Search engine virus

Report •

February 10, 2009 at 07:41:03

try malwarebytes and then do a bootscan using avast free, that should help.

Some HELP in posting on plus free progs and instructions Cheers

Report •

February 10, 2009 at 17:39:30

The first program, Malwarebytes, didn't find anything.
The avast boot scan found two items, which I moved to the chest:
1. C:\Program Files\Online Services\Netscape Online\NSsetup.exe -- don't think this would be the problem.
2. A0166513.exe
C:\System Volume Information\_restore{8F7A5040-9305-48DA-A5EE-E7EE68E6A938}\RP1472

After booting up, Avast listed the following file as a possible problem:
type: rootkit: hidden process

Is this a valid system file, or should it be deleted? I said to ignore, since I wasn't sure.

Even with those two files in the avast Chest, I still have the search redirect problem. What else do you recommend?

Report •

February 10, 2009 at 22:40:32

I googled and found this:
Important: Some malware camouflage themselves as wdmaud.sys, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the wdmaud.sys process on your pc whether it is pest.

Here is more insight, I think avast was right:

Some HELP in posting on plus free progs and instructions Cheers

Report •

Related Solutions

February 11, 2009 at 05:51:18

Thanks! I told Avast to delete that file, also followed its suggestion to reboot and scan. That fixed the problem.

Report •

February 11, 2009 at 10:55:49

Thanks for posting back & I'm glad your problem is resolved! Happy surfing!

Just for your own piece of mind, you may want to run HJT and then post the file in:

It is pretty straight forward and it's easy to google any suspicious entries.
That should let you know that all is clear.
Thanks again for replying...OH, and I would suggest using winpatrol's free and lets you know what is running on your PC...a great piece of software.

Some HELP in posting on plus free progs and instructions Cheers

Report •

Ask Question