My laptop started acting strange this week.
Web pages would get redirected to odd locations. My favorite page at Electro-music.com would not load at all. Firefox crashed on some pages. As did Opera. As did IE. And trying to diagnose things, I found that I could not run cmd.exe or even regedit. And the system was painfully slow sometimes.
Looking on the web, I found this was a recent Trojan horse often called the Google Redirect.
Here is what I did to fix it. The laptop is running XP. (Disclaimer: do this at your own responsibility!)
1) I downloaded Malwarebytes Anti-Malware utility that identified a Trojan horse and removed it.
2) I went to c:\WINDOWS\SYSTEM32 and copied regedit.exe to some made up name, such as rzezdziztz.exe. This name change prevents the trojan horse from preventing execution.
3) Running this regedit, I looked for the
and look through all the entries called
aux, aux1, aux2, etc
I found the one that had a strange filename, like C:\Windows\System32\..\abcdef.gih
It is supposed to be a random name. So replace this name with wdmaud.drv
4) I deleted the file with that strange name, and rebooted.
(After this, I also ran another malware scanning program too.)
Result: seems to be OK now. The information on the web was pretty good.
[UPDATE: Sept 2010. I helped fix a similar redirect problem recently. The problem wasn't the same as given in this 2009 blog item, but the symptoms were. I first used the MVPS HOSTS file fix, to reduce the spurious traffic; I had already installed ProcessHacker which let me see which sites I was being redirected to, and I added them to the blocked list; this gave some breathing room but was not a fix. I tried more than 8 different free/trialware programs and none worked, though some diagnostics program correctly suggested it was a rootkit problem and gave some fairly scary instructions on fixing it.
Finally, I tried (free version of) Hitman Pro3.5, which had just recently been upgraded to fix this very problem, it seems: it worked fine. Hitman Pro seems to have the edge on Malbytesware for this particular problem in Sept 2010 at least, though the capabilities (and the challenges) change and so any recommendation here has a definite shelf life! Thanks to all the people who put out free tools, though: you are real life savers.]