Monday, July 19, 2010

RedBook.sys rootkit fake audio driver - browser search engine hijacking...

RedBook.sys rootkit hijacked Google, Bing and Yahoo search bars in Internet Explorer, Chrome and Firefox... Found by Kaspesky Labs TDSSKiller scanner utility: If Kaspersky link does not work download utility directly from our server.

Registry entries had to be cleaned manually - RedBook.sys in our case has been loading as event viewer service helper despite being an audio driver... Keep in mind that fake drivers can have different names and serve as dependencies to pretty much any legitimate windows services.

1 comment:

  1. Here is complete list of Kaspersky virus-fighting utilities(updated)

    Good post