Two days ago, we realised our home laptop was infected with spyware. Whenever we did a Google web search, the results page titles would all be reasonable, but the actual websites returned were rubbish. The results would take you to pages full of advertising, rather than useful content. Clearly, something was very wrong.
We are running an up-to-date copy of the McAfee scanner, but it hadn’t picked up anything, and a full scan resulted in a verdict of all clear. Sorry, McAfee, you fail.
Yesterday, I downloaded Microsoft’s Windows Defender – software that is designed specifically to find this sort of thing. It didn’t find anything.
I also tried downloading Symantec’s Norton AntiBot (free for 15 day trial). It was worth the money I paid, i.e. nothing. AntiBot couldn’t find the spyware. At this point, three big guns – McAfee, Microsoft and Symantec – had completely failed.
The only other symptom with our infection was that, under Firefox, when the Google search results page was being returned, “Connecting to 1.2.3.0 …” was briefly shown in the browser. Doing a search for that returned some results with titles suggesting that people at the CyberTechHelp forums had similar problems on their PCs.
The helpful support guys there recommended the free Malwarebytes’ Anti-Malware software to fix it. A scan quickly found something named Trojan.Agent hiding in a fake sound driver in the c:\windows\ directory, which it then removed. Everything was back to normal!
You should never know if your anti-virus tool is any good. Ideally, you should never find yourself infected, so never find out if your tool has a weakness. Unfortunately, we did find our PC infected, so we did learn that our anti-virus tool was no good. The lesson for me is that the free tools can be superior to the big name, expensive tools. I won’t be renewing my McAfee subscription.
Well done on your investigation.
You are one of the few that actually took the time to find the problem and fix it.
And as you realized, free can be as good as paid for.
Well done!
Thank you for validating my refusal to fork out for ‘proper’ virus protector these days. Not sure how great our freebies are though – my laptop seems happy enough but apparently the other PC has some kind of contagion – ugh!
I’ve been recommended the free anti-virus program AVG (http://free.avg.com/) by a couple of people, which I’ll probably go for once I’m done with McAfee.
Scary, esp with the recent worries around IE7 security.. Thanx for the recommendation. (I too have friends who like AVG.)
I too have the very same issue right now, however unlike yourself, I havent been able to fix it with Malware …
:(
Sorry to hear that. I assume that you updated Malwarebytes to the latest signatures, and turned off your virus scanners when you used it …
Yes mate. Honestly, Ive thrown almost everything at this without any luck. Im just about to post a hijack log file on bleepingcomputer — hopefully someone over there might be able to offer some assistance.
This problem has been putting a lot of folk into knots recently. Jump over to http://www.google.com/support/forum/p/Web+Search/thread?tid=41cc2faa1537c68d&hl=en to read about it.
FIXED!
See here
http://miekiemoes.blogspot.com/2008/10/fake-sysaudiosys-causes-searchengine.html
I deleted wdmaud.sys from C:\WINDOWS\SYSTEM32
Its only 14k whereas the proper file lives in C:\WINDOWS\SYSTEM32\DRIVERS and is 81k
Flushed the browser cache, restarted — ALL GOOD!!