• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 31 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 31st Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $23,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $23 Million dollars
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Google search hijacked - spyware? virus?

Laurie

TUG Review Crew
TUG Member
Joined
Jun 6, 2005
Messages
3,079
Reaction score
828
Location
NC
We have McAfee site advisor, and I like to check their ratings b4 clicking on websites.

Also we do regular McAfee scans.

One day while using IE, I noticed Google regular search wasn't displaying any McAfee site advisor symbols, and in fact the search was not returning the most valid sites for words searched on - instead it seemed to return a bunch of phony-type affiiliate sites (I can come back with examples if needed). I did click on one unwittingly before I noticed the problem, it was just one of those useless lists of other websites.

So we did scans with Adaware, Spybot, cleaned up whatever was there, and started using Firefox as a browser. Google searches in Firefox were OK, whereas Google searches in IE still weren't OK - which didn't matter much since I just used Firefox.

Well, yesterday Firefox google search also started displaying no McAfee symbols, and not good websites. I went to Google's Advanced Search and found those searches to be fine - in both browsers. We did all the scans again using SpyBot, Adaware, McAfee, etc. But it's still doing this.

Any suggestions?
 

debraxh

TUG Member
Joined
Jun 6, 2005
Messages
1,409
Reaction score
3
Location
California
Don't know if that's a sign of malware or not, but I had a severe problem a few weeks ago and was only able to remove everything using a combination of superantispyware and malware bytes anti spyware. Both free and worth the time it takes to scan, IMO.

Good luck
 

Aussiedog

TUG Review Crew: Veteran
TUG Member
Joined
Oct 13, 2007
Messages
662
Reaction score
4
Location
North Carolina
Sounds exactly like the Back Door virus (it has a longer name but those are the first two words). It is wicked. DH got it on his computer a few weeks ago and had to call for assistance in walking through the fix.:crash:

Ann
 

Don

TUG Member
Joined
Jun 6, 2005
Messages
1,457
Reaction score
3
Location
Port Charlotte FL formerly Portsmouth VA
I gave up on McAfee 8 months into a years contract, it just isn't as good as it used to be. I've been using the F-Secure program from my service provider (for free) for over a year with no problems. Since you are using Firefox, why not use the "Web Of Trust" addon. It works well and I've had no problems with it.
I did have a problem similar to yours when I was using Netscape. My Google search became only a desktop search when I changed my homepage to "My Yahoo". I could only search through Yahoo. I don't have that problem with Firefox.
 

Amy

TUG Member
Joined
Jun 7, 2005
Messages
999
Reaction score
0
Location
Pacific NW
Since you are using Firefox, why not use the "Web Of Trust" addon. It works well and I've had no problems with it.
I use Firefox unless a site requires IE to work properly. I'm not familiar with the "web of trust" addon -- what is that?
 

Don

TUG Member
Joined
Jun 6, 2005
Messages
1,457
Reaction score
3
Location
Port Charlotte FL formerly Portsmouth VA
When you do a search, Web Of Trust (WOT) will have each site marked with a different color circle to show how trustworthy it is when it come to things like downloading malware along with what you really wanted and such. A green circle is good, a yellow warns to be cautious, and red is a definite warning. Another addon I would get is Adblock Plus to block popup ads.
You can go to this site to get these addons and lots more.
http://en-us.www.mozilla.com/en-US/firefox/customize/
 

BSQ

TUG Member
Joined
Oct 24, 2005
Messages
791
Reaction score
0
Location
Los Angeles & Charlotte
I got this malware hijack at the beginning of the year. When you do a goofle search it says it's waiting on 7.7.7.0.

look for the following files on your computer: "sysaudio.sys" and/or "wdmaud.sys" in c:\windows\\system32 (Note both the ".sys" extensions and the very specific location).

kaspersky.com virus scanner his one folks have been reporting helped get rid of it. But you have to install the free version and disable any current virus protection you have.

Once you delete the file be sure you delete it out of the recycle bin as well.

I've read a few forums about it, and some say it comes from signing into a google account, others a PDF. I don't have a google account that I ever sign into, and it only hit my laptop not my desktop. On my computer it was the wdmaud.sys file in the location noted above. Once that was removed my searches were back to normal.
 

Amy

TUG Member
Joined
Jun 7, 2005
Messages
999
Reaction score
0
Location
Pacific NW
My laptop browser (Firefox) was hijacked recently; I didn't notice until last night because I was primarily entering the addresses directly (or entering pages via bookmarks). But last night all my Google searches result in links that brought me to a page other than what I expected to see. I have AVG free antivirus software, which is also supposed to have spyware detection. I did notice a pop up window that looked like AVG (with the color sign but no "AVG" reference) that said I had some trojan virus two days ago; however, because I was concerned that that itself was a fake pop up, I just closed it. :doh:

First, I ran the AVG scan, and it detected nothing. Then I downloaded the microsoft spyware program and it found nothing in a quick scan. (It said to run full scan if I find something via quick scan; so I didn't run full scan.) Then I downloaded and ran the malwarebytes software; it detected a lot of malicious files/stuff (including a couple identified as trojan something) so I deleted them all. Rebooted system and then tested the browser again; clicking on the Google search results still brought me to unexpected sites. I downloaded superantispyware, and it found a bunch of stuff as well! I deleted them all. I tested the browser after rebooting and the hijacking still exists!

So I decided to rerun the AVG full scan; it detected a trojan backdoor virus and quarantined it. I didn't reboot this time because the program didn't say I needed to reboot to effectuate the removal of the virus. I just tested the browser search and searches still get hijacked. ARRRUGH!!!

What should I do now? :(
 

Talent312

TUG Review Crew: Veteran
TUG Member
Joined
Jul 4, 2007
Messages
17,811
Reaction score
7,655
Resorts Owned
HGVC & GTS
I can't say what's doing it, but just deleting or quarantining may not be enuff.
There's two things that I've done to make sure that malicious files stay gone:
1. Run msconfig.exe or start-up manager to screen what's loading at boot-up.
2. Run regedit.exe or registry manager to run a search for the file names.
... B4 meddling with the registry, create a restore point and be very careful.
 
Last edited:

timeos2

Tug Review Crew: Rookie
TUG Lifetime Member
Joined
Apr 11, 2005
Messages
11,183
Reaction score
5
Location
Rochester, NY
It's bad - get it out!

It sure sounds like a malware / spyware / virus that McAfee missed (not ast all uncommon - you should change your anti virus to a more relaiable one such as Trend Micro, Bitdefender, Avast!, Karpensky (sp?) - but stay away from Norton, McAfee, Computer Associates as they are not very good anymore and living off their past names.

Find & run Smitfraudfix as that may find the offending files & remove them. Also turn off system restore as it hides in that. Finally download & run Malwarebytes & Spybot Search & Destroy to hopefully clean it all out. All of those need to be done in safe mode.

Do get it fixed as letting it go will only make it far worse & tougher to eliminate without a total OS rebuild.
 

timeos2

Tug Review Crew: Rookie
TUG Lifetime Member
Joined
Apr 11, 2005
Messages
11,183
Reaction score
5
Location
Rochester, NY
What does safe mode mean? I didn't do that when I ran the various programs I mentioned above. Did I goof?

Right as the pc boots up - before the logo - you can tap the F8 key & get the "safe mode" choices. Choose "Safe mode with Networking". Yes, you need to be in safe mode when you run the repairs as that doesn't load some of the offending files that otherwise get bypassed & can reinfect your pc. Also be sure system restore is turned OFF.

Run all the procedures in Safe Mode again starting with Smitfraudfix, then Malware bytes - Spybot, etc. Hope that works for you.
 
Top