• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Trojan › Tutorials - HowTo › How to remove Google searches redirect virus 7.7.7.0 (remove Rootkit.Win32.Agent.fwt)

How to remove Google searches redirect virus 7.7.7.0 (remove Rootkit.Win32.Agent.fwt)

Myantispyware team February 19, 2009     4 Comments    

Redirect to 7.7.7.0 is a result of wdmaud.sys trojan/rootkit activity. Once infected, google results redirected you to junk/scam sites. You can see the waiting for 7.7.7.0 in the bottom of the browser. It is caused by the file C:\Windows\system32\wdmaud.sys (reported as Rootkit.Win32.Agent.fwt). The legitimate wdmaud.sys actually exists at C:\Windows\system32\drivers\. Use the free instructions below for removing the wdmaud.sys trojan/rootkit from your computer.

Use the following instructions to remove wdmaud.sys trojan/rootkit.

Step 1. Remove wdmaud.sys trojan/rootkit registry entries and files.

  • Please download OTM by OldTimer from here.
  • Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux2"="wdmaud.drv"
    
    :files
    c:\windows\system32\wdmaud.sys
  • Click the red Moveit! button.
  • When the tool is finished, it will produce a report for you.

Step 2. Remove wdmaud.sys trojan/rootkit associated malware.

  • Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
  • Once downloaded, close all programs and Windows on your computer (including this one).
  • Double-click on the icon named mbam-setup.exe to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select “Perform Quick Scan”, then click Scan.
  • MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • MBAM will now delete all of the files and registry keys and add them to the quarantine.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Trojan Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

4 Comments

  1. laurent
    ― June 23, 2009 - 7:19 am  Reply

    Dear Patrik,
    I have the wdmaud.sys trojan, and I’d really appreciate your help.
    (1. above, the link to OTmoveIt3 does not work)
    2. for me, MBAM does not find the associated malware. It says that my computer is clean.
    Should I use the forum? Thanks in advance.

  2. Patrik
    ― June 23, 2009 - 9:02 am  Reply

    laurent, i have updated a link to OTMoveIt3 (now OTM). Please try follow these steps (above) again or ask help at our Spyware removal forum.

  3. gemmy
    ― July 19, 2010 - 6:26 pm  Reply

    Hi, I followed all the instructions on here but I still have those files and I’m still getting redirected to junk sites. When I restarted my computer, all of a sudden there was another wdmaud in my systems32 folder. Both are at 23 kb. Malwarebytes did not show any infected results.

  4. Patrik
    ― July 20, 2010 - 12:14 am  Reply

    gemmy, try the instructions (step 1, variant 3).

Leave a Reply Cancel reply




New Guides

Tecappcloud.com malicious
Tecappcloud.com pop-up redirect (Virus removal guide)
Mediumhiquality.com I am not a robot Scam
Mediumhiquality.com Virus Removal Guide
Devon Claire Beds 0rder Placed Scam Text
Devon and Claire Beds Scam Text Order Placed Message
Shaggyselectmast.com malicious
Shaggyselectmast.com pop-up redirect (Virus removal guide)
Chatgigi2.com pop-up
Chatgigi2.com Pop-up Virus (Malware removal guide)

Follow Us

Search

Useful Guides

How to reset Google Chrome settings to default
remove android virus
How to remove virus from Android phone
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)

Recent Posts

How to remove ASC AntiSpyware or Win Antivirus Vista/XP (Delete instructions)
Avira AntiRootkit – detect and remove active rootkits (How to use)
How to remove Antispyware 3000 (Delete instructions)
How to use Kaspersky online scanner (Free Virus Scan)
How to remove the SysAntivirus 2009 (Delete instructions)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.