Google Hacked? Any Help Please?

Vandle · 9 Feb 2009 at 08:53

Hi ,

Got a problem with google.
Whenever I search it brings back a load of bunged results , see pictures.

The search titles seem fine but the sites it takes me to are totally random , see first link on the picture - from IGN but takes me to a stupid samurai sword set..

Every search takes around 10 seconds on a 25 meg connection and on the bottom left it says "Waiting for 7.7.7.0" as its searching.

Its obviously some type of spyware , Ive searched some results using yahoo search but I cant find much - the best I came up with was to download and run vundofix. Tried that , didnt work.
Ive also ran adaware , spybot and bazooka. Ran malwarebytes (which I generally find excellent) but no luck. Also did a full scan with McAfee which revealed nothing.
All software is up to date.

Anyone got a clue??
Thanks.

EDIT - win xp pro and using firefox 3.0.6

Thanks

yashiro · 9 Feb 2009 at 09:00

- Check your 'hosts' file.
If your hosts file is hacked then IE will give the same results.

- Check your connection is not configured to use a proxy.

- Try connecting to http://74.125.19.103
This is Google.

- Be wary of installing apps from untrusted people.
- Stop running as Local Administrator. Make a NEW ordinary User account and use that.
- Stop clicking random stuff in popup boxes.
- Browse using Linux

Vandle · 9 Feb 2009 at 09:03

Its set to Do not use proxy and yep , IE gives the same results.

randal · 9 Feb 2009 at 09:04

http://www.andydidyk.com/2009/01/04/7770-google-redirect-virus-alert/

Good ol' Google... oh wait.

There is a particularly nasty virus out there that is very new, and so there isn’t a lot out there that has been written about it. I just wasted my entire Sunday trying to clear our home computer of it, and I finally think I’ve found a solution, so I thought I would post it here. My symptoms were that whenever I would search for anything in Google, MSN, or Yahoo, the results would appear as normal, except that all of the links were redirected to bogus spam sites.
As it turns out, I had some sort of Trojan Downloader, which had jumped on the web an infected my system with all kinds of nasty stuff. Most of it was easy to clear with some of my favorite ( and FREE!) antivirus and anti-spyware software (AVG Free, Spybot Search & Destroy, and Zone Alarm).
However, even with the Trojan (which, when you think about it, is a misnomer because the Greeks built the Trojan horse, not the Trojans) was cleared, the search results remained the same. Because this is so new, a lot of the forums online don’t have solutions posted yet. Late this evening some started showing up, so I’ll post the solution that worked for me.
I found it here, amidst some bantering about Linux vs. Mac vs. Windows. Basically, if when your search results are loading you see “7.7.7.0″ in your browser’s status bar, you need to browse to your C:/Windows/system32/wdmaud.sys and delete the file. You still need to run the antivirus programs to get rid of the Trojan that started the problem (and possibly downloaded other goodies on your PC), but deleting this file did the trick for me.
I really hope that helps someone out there, and I’m grateful to all of the altruistic techies out there who work to make the internet a slightly safer place.

Pho · 9 Feb 2009 at 09:04

7.7.7.0 is a proxy, so your traffic is being relayed via someone else hence the slow speed. It's also a great help in finding out how to fix your problem

.

I found it here, amidst some bantering about Linux vs. Mac vs. Windows. Basically, if when your search results are loading you see “7.7.7.0″ in your browser’s status bar, you need to browse to your C:/Windows/system32/wdmaud.sys and delete the file. You still need to run the antivirus programs to get rid of the Trojan that started the problem (and possibly downloaded other goodies on your PC), but deleting this file did the trick for me.

http://www.andydidyk.com/2009/01/04/7770-google-redirect-virus-alert/
http://kylenishioka.com/blog/2009/01/03/troublesome-google-hijacking-redirects-results-through-7770/

edit: Beat

.

danielmp007 · 9 Feb 2009 at 09:06

Malware...

Download malwarebytes and run it in safe mode.

Sone · 9 Feb 2009 at 09:10

malwarebytes is great, especially how relatively unknown it is

quackers · 9 Feb 2009 at 09:12

Vandle, combofix will get rid of it. I've sorted this out for a couple of people now, then run malwarebytes, spybot etc

Bry · 9 Feb 2009 at 09:26

Yea this is a very annoying virus. a client brought her laptop to me with this only last week.
Malwarebytes should remove this fine.
I would also suggest running Spybot search and destroy and doing a full virus scan. As you never know what else may have been picked up while your system has been compromised.

Vandle · 9 Feb 2009 at 10:28

Thanks to all for your input , very much appreciated.

All fixed now!!

For the record or for future reference I deleted C:/Windows/system32/wdmaud.sys file then ran combofix.

From the log file it also deleted
c:\documents and settings\Chris\Cookies\arekupynuk.dat
c:\documents and settings\Chris\Cookies\sise._sy
c:\documents and settings\Chris\Cookies\ybavig.sys
c:\documents and settings\Chris\Cookies\ymyhol.pif
c:\documents and settings\Chris\Cookies\zuzini.pif
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\fokili._dl
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\pobe.db
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\qisenyl.ban
c:\windows\system32\TDSSosvd.dat

Running malwarebytes , S&D etc now but it appears to be ok.

Once again , thanks for the help!!

yashiro · 9 Feb 2009 at 19:28

Did you work out how you got this though?