what happen to your old video

si delete the one in system 32? i also have one in service pack files. delete it?

Guys here is the removal for the redirect virus. You need to check your Host file and lmHost file. You will see THOUSANDS of domain entries in their. Next open the registry and go to these 2 hives. HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER\SOFTWARE\Mic­rosoft\Windows\CurrentVersion\­Internet Settings\ZoneMap\Domains delete everything except microsoft. Also go to the Key P3P 2 folders up and delete the history. You will see THOUSANDS of entries! If you can replace the entire KEY on both Hives!!!

Guys here is the removal for the redirect virus. You need to check your Host file and lmHost file. You will see THOUSANDS of domain entries in their. Next open the registry and go to these 2 hives. HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER\SOFTWARE\Mic­rosoft\Windows\CurrentVersion\­Internet Settings\ZoneMap\Domains delete everything except microsoft. Also go to the Key P3P 2 folders up and delete the history. You will see THOUSANDS of entries! If you can replace the entire KEY on both Hives!!!

what if it isnt in the driver folder

I deleted the file with the one that has 'Trusted Installer' as the owner. First you've got to make yourself the owner of the file by going Properties, Security, then Advanced, then Owner, Edit, and make yourself the owner. Then click apply and go back to the properties window. Then click edit, and give the Administrator full control, and then click okay, and you should be able to delete it. Fixed it for me!

What are some good websites for free removal virus tools?

thank you

bro ima take a shot and download your rootkit, if its a virus my best frinds dad works for symatech teh company that makes norton antivirus he'l scan it and put your bloddy as in jail!!!

bro this one sais trustid instaler and is 163kb no microsft anywere and its registerd as a user what do i do?

Please can you help me; I've gone to 'wdmaud' but I only have a .drv version. When i right click and go 'properties,' my second tab in is 'security,' not 'version' like yours. So, i'm having trouble being able to tell whether it's my microsoft or not, as I can't find the 'version' page :(

Follow manthonyb and you will not have a problem. Thanks bro for making something that I had no idea about a easy fix

My wmaud is 160KB and doesn't have a Version tab, I tried to delete it but it says I need permission, even though I'm on my admin account.

@redplague same prob, it says TrustedInstaller has full control. apparently this is a virus!!!!!!!!!

I too had this nasty bugger, however, not the one described in the video. I first scanned in safe mode with AVG, SuperAntiSpyware, and Malwarebytes; yet still had that pestering issue of search engine links redirecting me to babble sites.

Heck, i even tried deleting all my internet browsers, only to be further p'ed off.

I finally came across a site recommending ComboFix, and what do you know.

After a quick scan in safe mode, it FOUND and DELETE that pesky rodent that hid in system32/drivers.

This didn't help me. All I learned is that My wdmaud isn't bootleg. Thanks though if this helped someone.

@raynarayskye - Malware changes, it now downloads several TDSS Rootkits, new video and blog article covers removing these :-)

I have no issues with wdmaud or sysaudio, AVG isn't finding any redirect viruses either - I even reformatted, and that only solved my problem for a day and then it came back.

I keep getting redirected to blackinternet dot se.

@Wolliom - Go to my site and download TDSSKiller, sounds like a rootkit has embedded in your system :-)

@cotojo1253 I had the same issue, and the TDSSKiller worked. I wish i could kiss cotojo1253 on the face. I love your brit bean and toast loving ass.

SIR I COULD KISS YOU!! That bloody virus has been tormenting me for days and my host files were fine and everyone had conflicting opinions upon which program would remove it! But though the hidden file wasn't "maud" - it was in that folder, so THANKYOU!

=)

@misspratchettfan - You're welcome. Malware keeps changing and removal methods also change. No longer do Hosts get hijacked or wdmaud get changed, it's a bit harder now but there are many free tools which will remove the threats and I'm pleased to hear tat you have solved your problems too :-)

I didn't have the wdmaud issue. Mine are signed by microsoft. Also, when I look in hosts, it doesnt show any website addresses. I am really stumped... I'm not technologically inclined. Anything I search for on yahoo or google shows me the right results, but when I click them it redirects me to an apartment finding website or some other advertisement. It also today has started with random popups suggesting fake virus protection.

@GrandMasterSloth - Download Rkill, preferably the com version and suoperantispyware portable, watch my video on Avast Test for more info on Rkill, runs in cmd window and kills running malware processes, then run superantispyware, remove all threats, reboot and scan with malwarebytes :-)

@GrandMasterSloth DUDE, I get the same shit. Have you fixed it?

is it normal to come back to the folder after i delete it?

@awsome3003 - Which folder are you deleting which then comes back?

I wiped it TY for all the help though.

@ peacenlove3 - Now that you have wiped it, if you can, make a backup image when everything is updated and do this regularly keeping the last two images and as a new one is created delete the oldest, much easier to restore an image than wipe everything and start again :-)

I am still trying and fighting with it. TY for the email working on it. Problem is I can't update stuff :( Ughh

@peacenlove3 - Sent you another message :-)

Superantispyware times out for me err can't download it and Malwarebytes won't let me update. It did remove like 14 things. I have tried so many things and things won't get it, update or even download. My 36 and drivers look right. I have no idea how to do this host stuff?

@peacenlove3 - I will send you a message with more details :-)

This has to be the best video I have watched TY However I can't find anything wrong where your telling me to look. I can't get this off my computer and it's driving me mad :(

When I went to system 32, I found a file called

wdmaud.drv and it was 208KB. I have Vista so it's set up a bit different, and I have the search engine redirect problem. Can you help me out?

@ discodarth - Try Malwarebytes antimalware free version and Spybot Search & Destroy. Also watch my video on Portable Tools HostsXpert & HostsMan & Fixing Browser Redirects :-)

@cotojo1253 I have Spybot running on my computer and it did not se this virus. Malwarebytes worked well and so did Hitman pro 3.5 - but make sure to restart the computer after scan to edit registry changes!

@lamorlayefrance - Malwarebytes will prompt the user to reboot to finalise the removal process which includes registry items after the scan and removal process :-)

Yes, download tdsskiller and run that. Works like a charm.

@ihatelifejosemartine - esagelabs do an excellent tdss remover if mbanm fails, although mbam is first choice to run as it will remove most malware :-)

You're right, I had to use TDSSKiller because MalwareBytes had indeed failed to remove a rather stubborn piece of Malware.

@ ihatelifejosemartine - TDSSKiller is a good tool and mbam doesn't always find TDSS as there are many verions of it. TDSSKiller easily removes it :-)

I downloaded Malwarebytes and found the problem right away.

Finally, I terminated the little bastard. Muahaha.

@ PerryThePlatypoos - MBAM is a great little program to keep and scan with when problems appear. Antivirus apps may pick up some malware but does not remove it, MBAM does :-)

I have just seen your video and tried following your instructions, but I can' t get that far. Mine says wdmaud.drv and it's 208kb and the options of the

tab for me are General Security and Details. I cannot find what it is your show on the video. I have a vista.

Thanks

concertmatell - Visit my site and look in the A - Z Index, click on Malware Removal. Malware has changes and so have the methods :-)

Thank a lot!!!

@concertmatell  You're most welcome.

Happy Holidays :-)

i found it ..but it says wdmaud.dv with 163 KB

@hellokitty7654321 - It can be up to 170KB, if you have a problem then scan with Malwarebytes Anti-Malware free :-)

is this what u are talking about, i type in runescape in the ie browser n it takes me to redtube without changing the browser name up da top?

halosniper1001 - That's a classic redirect. Download malwarebytes free version, install, update and perform Quock Scan. Remove ALL infections found and reboot if prompted :-)

yeh i found out to remove it wif no programes but thx =)

this is freaking insane.. i scanned with all 3 top antiviruses & it didnt detect notihng....

13l4CK - It's malware NOT a virus - AV's won't remove it. Malwarebytes, Superantispyware, or a-squared - all are free. Any problems contact me through my site freepcsecurity (dot) co (dot) uk

yeh i know.. malware is messing up my browser (firefox- SLOW, crashes, unresponsive, as well as redirecting me to cheap malicious sites)

and plus malwarebytes didnt find HALF of the trojans AVG & Onelivecare.microsoft found.. malware bytes DID find some infections though, but it didnt find the BIG guys.. please help me out..

by the way i have TWO explorer.exe's running..

all my wdmaud and the sysaudio files are signed by microsoft what else could be causing the redirecting? help please

WrsT101 - Hijacked Hosts file will cause redirects. Will send you a message to clean your Hosts :-)

dude so if i have the same thing as your showing in your pc do i delete it or not?so i delete wdmaud on system 32 or not?

HoustonRocket281 - Malware has changed and now tends to hijack the hosts - clean the hosts file C > Windows > System32 > drivers > etc - remove all entries apart from lmhosts, protocols, networks and services. Scan with Malwarebytes antimalware, remove allinfections, reboot and if using Spybot or other hosts file manager apply immunization :-)

dude i try all of this and still redirects me .can u send me a file tha clean my host?

ok this is what i have in the folder...

Hosts,another hosts file,then imhosts,networks, protocol and services.

So do u whant me to delete both host files?

HoustonRocket281 - Delete ALL hosts keep only lmhosts, networks, protocols and services. Download malwarebytes, install, allow to update and perform Quick Scan, remove ALL infections found :-)

I have located the wdmaud.drv file in the system32 folder, however when I try to delete it I get the following message: Cannot delete wdmaud: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use. Any suggestions? The redirects are quite annoying. I could not find the sysaudio file in the drivers folder. All suggestions are appreciated. Thanks for your help. BTW, I have run a scan using malware bytes and am still having a redirect issue!

chijog - Your Hosts have been hijacked. Clean your hosts file - C:\Windows\System32\drivers\et­c - remove all hosts entries but leave lmhosts, networks, protocol and services. Download a-squared free, update and scan, remove all infections and reboot. If using Spybot, SpywareBlaster or other similar app re-apply protection after reboot :-)

I am having the same problem as chijog. I am not sure what you mean by "host files" I am sure our computers are different but can you tell me where the host files are? Thx ahead of time.

samzaveson - C: Drive and double click, then double click on the Windows folder, open the system32 folder, locate the drivers folder and open the etc folder. Delete ALL of the hosts files, DO NOT delete lmhosts, networks, protocol or services :-)

sorry if i am hassling you, but my computer still says the same message after i deleted every thing you said to. ( there was only one thing to delete) any further suggestions???

All of my wdmaud.sys files are either 84 kb big, or 24 kb big, and they are all signed by Microsoft. A couple are in the system32 folder, and one is in the drivers folder. Are they all ok? Got a wdmaud.sys BSOD, followed by a IRQL_NOT_LESS_OR_EQUAL BSOD. Don't know which I should delete, if any...Checking my RAM right now to see if either of my chips are faulty.

spartan0187 - Scan with Malwarebytes Anti-Malware, it will find any problem associated with wdmaud. If the problem continues message me :-)

I checked all the files you talked about all seems correct, am I suppose to check all sys files some are other software but valid.

Jim9298 - Most files are genuine OS dll's and finding rogues is never simple. Use Malwarebytes Anti-Malware to perform a Quick Scan :-)

Did what you said and now the redirections stopped......THANK YOU!!!

xXAntiHero666Xx - You're welcome, good to hear that the redirections have now stopped :-)

Need help. I found wdmaud.drv (not .sys like you said in the beginning) but then when I go to properties n when I check, it says 163KB. What should I do?

xXAntiHero666Xx - Right click the wdmaud file and select Properties then click on Version, it should show the company as Microsoft Corporation, if not delete the file. If you are having specific problems get back to me either here or on my site, link under 'more info' :-)

I cant find the fake wdmaud or what not.

Please help D:

vietdragon94 - Will message you with some ideas :-)

but when i install it and try to run it, it doenst do anything. whats wrong?

brenanabread - Rename the malwarebytes installer from mbam.exe to xxxx.exe

If the problem continues check my video on 'Remove System Security & Other Malware'

hey i didnt find a fake wdmaud or anything so is there another way to remove the virus??

TheShadowIzUponU - Have sent you a message. malware changes and so do removal methods :-)

when im at drivers and find the dwmaud, and go to the orginial file name, it says wdmaud.drv. should it be sys? is there somthing wrong?

brenanabread - wdmaud.drv is the correct filename. Simply right click and select properties, then click on version tab, it should show Microsoft Corporation. If it does then your system is fine. For any other malware you think you may have, download malwarebytes, install, update and perform Quick Scan, remove all infected objects and reboot :-)

Thank u soooooo very much!!!  My computer is not redirecting anymore. I am so thankful. WDMAUD!

Masheekia - You're most welcome, pleased to know that it worked :-)

will malewarebytes software take care of this problem?

jacobtb1 - In most cases yes, but you may also ned to clean your Hosts file with HostsXpert or Hostsman. If mbam doesn't solve it send me a message :-)

archieali - Can you download malwarebytes and superantispyware? If so, download, update and peform a Full Scan. If you cannot download get back to me :-)

archieali - Yes, HostsXpert will allow you to reset the Hosts file to the Windows Default which will be clean. If using Spybot or similar then immunization will need to be applied AFTER removing any malware :-)

Even though I checked the files stated in the video I still get redirected..

lzrdude123 - Have you cleaned your Hosts File and disabled DNS?

Use HostsXpert or HostMan to clean your Hosts to restore MS Hosts File, if using Spybot or Spywareblaster or similar that have Hosts blockers, disable them temporarily. Scan with mbam and super then add a new Hosts File or reinstate Spybot /Spywareblaster.

"So what if you have an Infection of Trojan TDDServ?"

Rikudaru27 - Clean Hosts file and scan with SUPERantispyware :-)

"Super...Antispyware?...Clean Host Files?"

Rikudaru27 - Hosts files are often hijacked with malware, it's becoming more 'intelligent', therefore cleaning the hosts file first makes sense, using either HostsXpert or HostsMan makes it easier. Superantispyware can then remove the malware without it being reactivated through the Hosts. Malwarebytes will also remove many of the malware variants, but Super is better at removing the rootkits that are used.

is this for confiker c ?? and the strain a and b ??

eureka7123123 - Conficker A and B can be removed with relative ease using bdtools from BitDefender, or McAfee's AVERT Stinger.

Conficke C, may of us are waiting to see what it does and when the fixes are released, but McAfee have a Conficker removal tool which will be updated daily, click on 'more info' and click the link, there are more details on the front page of my site.

also i have another question when i click on the wdmaud's original file name it says .. wdmaud.drv... what does this mean ??

eureka7123123 - wdmaud.drv is a WDM Audio driver mapper from Microsoft Corporation and belongs to Microsoft Windows Operating System.

If you right click it and select Properties, click on 'Version' tab, under 'Item Name' highlight 'Company' and to the right it should say Microsoft Corporation.

If it doesn't, delete it :-)

ok then im safe :D cause it says microsoft corporation :D

lolz conficker c in 2 days >.>

eureka7123123 - In some countries it is now April 1st!

We sit and wait although much is being prepared by security vendors and one group have found the genetic 'fingerprint' of theis version and can now identify infected computers :-)

and ty for help