02-08-2009 08:36 AM
I am using a client of Symantec Anti-Virus Corporate edition (V10.0.1.1000) with current definitions (7 Feb rev 3). About 3 days ago the top 2 or 3 returns on a google search looked ok, but were being re-directed to DANOVASA.COM, GOOCSENGE.COM, and others. Symantec shows no problem.
In looking on the Internet, I see 3 other posts on 1, 3, and 5 Feb. One discussion led me to:
http://miekiemoes.blogspot.com/2008/10/fake-sysaudiosys-causes-searchengine.html
which discusses a fake wdmaud.sys. The real wdmaud.sys is in system32\drivers and is about 82KB.
The fake wdmaud.sys is in system32 and is about 21KB.
Thanks.