Jump to content

Computer Infected by yeabests.cc


Recommended Posts

Hey Kevin,

                I restarted now and the re-directs are gone. Maybe that WMI malware is the culprit behind the run.vbs error I mentioned in the first post. I solved that problem using the link next to it . Should I revert the changes I made to the registry? Am I clean?

Link to post
Share on other sites

Yes is recent infection, Zemana Beta version appears to be the only tool detecting it at present.. https://twitter.com/Zemana

If no remaining issues or concerns run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings   <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif

 

Link to post
Share on other sites

Quote

Maybe that WMI malware is the culprit behind the run.vbs error I mentioned in the first post. I solved that problem using the link next to it . Should I revert the changes I made to the registry?

Regarding the registry change, if the winlogon registry value was changed to C:\windows\system32\userinit, then it can be left that way, it is the correct value... Not sure that was related to the WMI issue...

Quote

And is it a coincidence that Zemana posted about yeabests.cc yesterday and I am having the problem from the day before? I mean how could it be a so perfectly-timed post.

Yes the timing was ideal, such infections are always under the scrutiny of security developers when found, hence the fixes appear very quickly after the infections unfold.

Are we ok to close out?

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.