Fake sysaudio.sys causes Searchengine Hijack

This Lady managed to find exploited file by manually going through the OS start-up points, registry entries, etc.

Fake sysaudio.sys causes Searchengine Hijack

What bothers me is how easy malicious scripts can modify Microsoft system files leaving Microsoft file signatures intact, making it extremely painful to find these nasty exploits... Shame on Microsoft!

Known exploits found under %WINDIR%\system32:

  sysaudio.sys 

  wdmaud.sys 

  atapi.sys

 ...