January 3rd, 2009

Default

Pretty common Google virus

Over the last week, it seems many people, including myself, have developed this little redirecting virus when using Google (or Yahoo, it seems).

Try a Google search for anything, and watch the Status bar on your browser. See if it looks for the IP "7.7.7.0". If it does, congratulations; you have the virus too! It redirects your search results (and it may be why my Firefox crashes a lot lately then won't find anything for about 10 minutes even after flushing DNS and everything).

The fix appears to be removal of C:/Windows/system32/wdmaud.sys (note, NOT C:/Windows/system32/drivers/wdmaud.sys). Unconfirmed, but another site suggests also removing the file "sysaudio.sys" from the same folder (as again, the real "sysaudio.sys" is in the "drivers" subfolder).

And you know, I think I remember trying to play a MIDI file from some site that ended up not playing, with a "corrupted" error... and that's when it began for me. Makes sense, since wdmaud.sys is used in MIDI rendering.