Computer Help forum

General discussion

I think my computer is getting hijacked.

i suspect that my computer is being hi-jacked because every time i search something on "Google" it would give me the wrong result. For example when I search youtube, it would give me results such as freescan.antivirus.com/youtube. Do you think my computer's getting hi-jacked? Should I post a hi-jack this log?

Discussion is locked
You are posting a reply to: I think my computer is getting hijacked.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: I think my computer is getting hijacked.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Do you have spywar antivirus

In reply to: I think my computer is getting hijacked.

Collapse -
A Couple More Good Free Antispyware Tools..

In reply to: I think my computer is getting hijacked.

Please try the steps below:

On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them.. I use the sites below to download the installer file and the manual updater:

Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder.

Hope this helps and let us know more.

Grif

Collapse -
still not working

In reply to: A Couple More Good Free Antispyware Tools..

Collapse -
Looks Like A Yahoo Search Problem..

In reply to: heres a bigger picturei think?

Did you try using Google.com to do the searches from? Do the same redirected websites show up from the link below:

http://www.google.com/

More importantly, what did the malware scans find, if anything? Have you tried re-running the scans repeatedly, in "Safe Mode", to see if it will get rid of any remanants of malware?

Hope this helps.

Grif

Collapse -
Exactly the same problem here.

In reply to: heres a bigger picturei think?

And also on MSN.com but not on Yahoo!
Moreover I can't do a Windows Update through Internet Explorer. However, everything works fine in Windows Explorer! (In the search panel: view->explorer bar->search and then search the internet).

I've been working on this and I think I'm getting somewhere: I've noticed that if you delete the following registry key and all its content (export the key an all its content first to put it back!):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility

The problem with the search disappears (you have to restart the browser). However, of course, you also lose all the functionality of the ActiveXs, like flash and Windows update.

Restored the registry key and the problem is back, as expected.

Now you would think that the problem is with one of the numerous subkeys: Tried deleting them all (by editing the reg file, not manually!) keeping just the main key (i.e ActiveX Compatibility with its empty default value) and the problem remains, as if IExplorer is just looking for the presence of the key to continue or not with the hack or other ActiveXs.

That's where I'm at now. I'll keep working on it later. More to follow I hope. Reply if you find something.

BTW I did try do disable all the ActiveXs and it didn't work.


--Never Reinstall!

Collapse -
FOUND IT!

In reply to: Exactly the same problem here.

C:/Windows/system32/wdmaud.sys

Delete it (or move/rename) and Reboot.

Collapse -
Be Careful On That One..

In reply to: FOUND IT!

Although that particular driver file can be malware, it is also a legitimate Microsoft file. the legitimate file should be located in the "C:\Windows\System32\drivers" directory which is different from the location where you found it. Obviously, a legitimate "wdmaud.sys" file doesn't belong in the System32 folder as you've discovered.. Just a link or two below:

http://www.file.net/process/wdmaud.sys.html

http://www.dynamiclink.nl/htmfiles/rframes/info_sys/info_w/31.htm

Others should confirm the location of the problem file. It might be beneficial to run a test first by disabling the wdmaud.sys process/service to verify that it's causing the problem. Obviously, it's taken care of your problem but it may not be a universal solution for all. Good find..

Hope this helps.

Grif

Collapse -
re: C:/Windows/system32/wdmaud

In reply to: Be Careful On That One..

Was having issue with Google and Yahoo search results getting diverted to other SPAM sites. Spyware and virus protection could not find/repair the exact issue.

Removing the wdmaud file seemed to work for me too.

Collapse -
Same problem issue returned

In reply to: re: C:/Windows/system32/wdmaud

Still having an issue with Google search results being redirected to SPAM sites.
The wdmaud file has been replicated and replaced. Now unable to access my Calendar tab from my Gmail account.
Noticed this file also appears in the System32 folder on another computer. Removing wdmaud may not help.

After all the other trojans that were found, may need to reboot and reinstall programs on this XP computer, as seemingly unable to find the problem issue.

Collapse -
Worke for me too

In reply to: FOUND IT!

astidkalis instructions fixed the problem for me too.

Find C:/Windows/system32/wdmaud.sys

Delete it (or move/rename) and Reboot.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.