Thursday, January 22, 2009

Miekiemoes rules ?? Yeah right...

This is about the Searchengine Hijack I blogged about a couple of months ago. Files responsible for this hijack are sysaudio.sys or wdmaud.sys, present in the system32 folder - detected by most scanners as Win32:Daonol.
Someone notified me yesterday about a version of Win32:Daonol which is a bit different than other versions.
The malware author(s) decided to add "Miekiemoes rules" under file description in one of its versions.
Again, another proof why not to believe what malware tells you :P

This is what you get when you hover your mouse over the malicious wdmaud.sys:



I only have above screenshot. The person who uploaded this screenshot for me already deleted the wdmaud.sys, so no sample available. In anyway, thanks for the screenshot.

Sample is welcome (only above version).
Edit - Sample received - Thank you blogreaders :)

Related Posts by Categories



Posted by miekiemoes on 10:41 AM
Labels:

Comments (6)

Loading... Logging you in...
Dashboard | Edit profile | Logout
  • Logged in as
0 Vote up Vote down
TeMerc's avatar - Go to profile

TeMerc · 844 weeks ago

Wow, Miekie, I've been fighting a couple of these and can't beleive I didn't recall your blog!! I'm going to go and try to track down that file, it's one of Jr's pals soccer moms. AVG detects it right off as Rootkit -Agent CI, see here in my forums:
http://www.temerc.com/forums/viewtopic.php?f=12&t=6436

Still awaiting user reply about resolution tho.

Thanks!
0 Vote up Vote down
astrosoup's avatar

astrosoup · 844 weeks ago

Haha! Miekiemoes does rule. It is true that no one will deny this.
+1 Vote up Vote down
Thunder's avatar

Thunder · 844 weeks ago

You must have hurt those malware author(s) real good, Mieke ;-)
If they try to imply that a highly respected member of the anitmalware community has anything to do with that crap,
they must be really frustrated and desperate. :-)
+1 Vote up Vote down
S!Ri's avatar - Go to profile

S!Ri · 844 weeks ago

Miekiemoes rules. Yes she does :þ
Loading...
+1 Vote up Vote down
miekiemoes's avatar - Go to profile

miekiemoes 47p · 805 weeks ago

Latest variants now use my nick "Miekiemoes" in the Author field of pdf files. :S
0 Vote up Vote down
Thomas's avatar

Thomas · 748 weeks ago

I get a browser redirect when I click on a search engine result link. I've run every spware program under the sun without luck. I've also read and tried what you've suggested here. Any clues of what I should try next?

Post a new comment

Comments by

Subscribe to: