I have requested for some more information on this through your private message (PM), please reply back to it so that we could proceed further on this issue.
Just an update in my fight with whatever is in my comp-a friend came by today who knows more about computers than I do. He got looking into some stuff and thought it may have something to do with the yahoo toolbar and search so we uninstalled them and then reinstalled. Now when I attempt to do a search in the yahoo toolbar and it tries to redirect, it is coming up as no internet connection when a weird site comes in the address (search-netinfo I think). Just something to look into-one more thing I don't understand! oooooooo well!
Just an update and details of what the beast in my comp is doing now since my numerous attempts to root it out. Now, I do a search and can sometimes make it to one of the results on the first try. But then, if you return to the results and try a second result (always SiteAdvisor approved sites), I am redirected first to search-netinfo, then searchnation and then it sent me to a site that had the yellow Mcafee warning bar so I shut it down immediately. At present, I am basically limiting my internet activity to the sites in my favorites or one that I can type the address directly into the address bar. These seem to be OK other than being slow also.
I just found what may be the answer to my problem in another forum. It is in Mcafee Communities>Security Awareness>General Malware Discussion>Discussions and titled "web redirect from 126.96.36.199". They seem to have the same problem as me, ran the Malwarebytes as recommended and then after finding nothing with the scan, accidentally found a bad file in their favorites, removed it and fixed the problem. My only problem is that I am not computer savvy enough to do what they did to fix it! Could someone give me step-by-step instructions to check this out? Thanks for any help here.
I found what finally fixed mine all the scans in the world did nothing but the following worked I just had to remove one simple file I cant believe it a week plus on this
Although that particular driver file can be malware, it is also a legitimate Microsoft file. the legitimate file should be located in the "C:\Windows\System32\drivers" directory which is different from the location where you found it. Obviously, a legitimate "wdmaud.sys" file doesn't belong in the System32 folder as you've discovered.. Just a link or two below:
Others should confirm the location of the problem file. It might be beneficial to run a test first by disabling the wdmaud.sys process/service to verify that it's causing the problem. Obviously, it's taken care of your problem but it may not be a universal solution for all. Good find..
I'm glad you were able to get yours fixed but I think you may have missed something in my post-I haven't gotten anything fixed! I found the post in the other forum and just repeated what that person did. My problem is that I am just not that computer savvy so I don't know how to execute the process needed to do it. If someone could give me the step-by-step instuctions for how to get this out, then we can all celebrate together! Pleeeeeease help!
Oh man this is getting bizarre! I went and searched the C: for wdmaud.sys and first it found 11 files, some of which looked odd but I didn't want to delete anything until I was sure what to delete (definitely not very computer savvy). I closed the search and came back here to look it over, then went back to look at it again. Suddenly, I only had 8 files in there. Knew there had been more than was showing up now, did a bit of checking and I swear the thing UNCHECKED "search hidden files and folders"! Reran with the check turned back on and got the 11 again but I am still leery of just what to remove. HELP!
Hi there Donda1 here
I don't think we are all on the same track.
My machine is not a zombie or my Isp compromised, the attack is about money, the infection was contained in a Microsoft signed update in german.
The observed language was asian strikingly similar to Norton technical support. The webware was named Live Antivirus 2009.
The attacker doesn't care about anything but getting paid to return my machine to operability; while exploring the infected machine I discovered a "heal file listing the files to be healed", I also have a desktop unit that does not have internet connectivity, the malware traveled via usb to this machine in one of the executable files.
The files on your machines are piggybacking the infection, the malware relocates the system files and uses prefetch, and svchost remote proceedure call processes to control and limit your access to the programs and prevent operation and installation of antimalware.
The original infection occurred on a Toshiba laptop the malware disabled the McAfee full protection software, and also disabled the backspace key and limited icon selection to the top row of displayed icons. It appears that it also disabled search and run processes, substituting its own files for McAfee Csrss and sms files. There is also some evidence that it was able to connect to websites for support when the hardware switch on the wireless card was turned off.
More later Good luck
I have requested for some more information on this through your private message, can you please reply back to it , so that we could proceed further.
I am correcting my previous response I have fixed nothing still getting redirected after a few days of use how frustrating Mcafee is about to win I guess I have to pay an additional $90 FOR THEM TO FIX WHAT THEY SHOULD HAVE PREVENTED IN THE FIRST PLACE