Thursday, January 22, 2009

Miekiemoes rules ?? Yeah right...

This is about the Searchengine Hijack I blogged about a couple of months ago. Files responsible for this hijack are sysaudio.sys or wdmaud.sys, present in the system32 folder - detected by most scanners as Win32:Daonol.
Someone notified me yesterday about a version of Win32:Daonol which is a bit different than other versions.
The malware author(s) decided to add "Miekiemoes rules" under file description in one of its versions.
Again, another proof why not to believe what malware tells you :P

This is what you get when you hover your mouse over the malicious wdmaud.sys:

I only have above screenshot. The person who uploaded this screenshot for me already deleted the wdmaud.sys, so no sample available. In anyway, thanks for the screenshot.

Sample is welcome (only above version).
Edit - Sample received - Thank you blogreaders :)

Related Posts by Categories