Jump to content
number8

( SOLVED ) Yvirtcikstd.exe Adware virus

Recommended Posts

Yesterday, several occurrences of Yvirtcikstd.exe were loaded onto my computer. I believe it is an adware virus. Malwarebytes was installed but didn't detect it. Today I bought and ran a full scan of SAS Pro. It recognized 54 cookies, but not the virus. I deleted the cookies and reran SAS Pro. This time it found 142 cookies, but not the virus. I can't find Yvirtcikstd.exe anywhere on the Internet either. I am not a techie. Anyone know why SAS Pro won't recognize this?

Share this post


Link to post
Share on other sites

Select All, copy, Paste, is something I've done a thousand times, but never from an infected computer to this forum. Something is different somewhere. Thanks for the offer, but I can't help at this point. I do see seven occurrences of the following:

C:\Users\Owner\AppData\LocalLow\EmieSiteList\Ybdnvrikj\ufdlkrlscpc\Yvlrcikstd.exe

Sorry I can't be more help.

Share this post


Link to post
Share on other sites

Select All, copy, Paste, is something I've done a thousand times, but never from an infected computer to this forum. Something is different somewhere. Thanks for the offer, but I can't help at this point. I do see seven occurrences of the following:

C:\Users\Owner\AppData\LocalLow\EmieSiteList\Ybdnvrikj\ufdlkrlscpc\Yvlrcikstd.exe

Sorry I can't be more help.

That EmieSiteList is a legit file, used by IE11.

 

Without more details it may be difficult to assertain wether or not there is an infection or not.

As you cannot copy and paste (for some reason) can you select the "More Reply Options" and "Attach" the log files that way.

 

Incidentally, do you have any other browser(s) you could try?

Share this post


Link to post
Share on other sites

Sorry number8 it was late had to sleep.

 

I see some possible issues which may be a background cause, please download and run adwcleaner.

 

Then download and run Emsisoft Emergency Kit and run a full scan.

 

Then create a Sysrescue USB/CD/DVD here boot from it, update and run a Full scan.

 

Please reply back with the logs of each (if any shown).

 

Thanks

Share this post


Link to post
Share on other sites

Thanks for the help. Attached is the AdwCleaner report.

 

I am trying to download Emsisoft Emergency Kit, but Yvirtcikstd.exe is hogging my machine (constant 50%-85% CPU usage.) The download is currently stuck at 72% after 20 minutes. I'll let it remain as is for now.

AdwCleanerR0.txt

Share this post


Link to post
Share on other sites

At the moment, there are 12, I've seen less and I've also seen more. The biggest one at the moment is 417,736kb.

A bit of good news. I found that by hitting Pause, then Restart, I would get a few more pcts of download before it froze again. After doing that several times, I was able to get 100% and am now running the Start Emergency Kit Scanner full.

Share this post


Link to post
Share on other sites

Quarantine complete. One of the Trojans required a reboot to kill. When the computer restarted, it seemed to start in the normal amount of time and all occurrences of Yvirtcikstd.exe were gone.

I created a ESET SysRescue USB and restarted the computer, F9, with it. The update failed because I wasn't connected to the Internet. Results: 51 min, 219,368 objects, 0 Infections.

It looks like I may have a clean machine. What do you think?  

Share this post


Link to post
Share on other sites

To be sure you need to run adwcleaner again and select Scan and then Clean and post the log back here.

 

Then uninstall adwcleaner.

 

Then download TDSSKiller and run it, make sure all boxes are ticked.

 

Then update CCleaner and run the cookie cleaning option.

 

Then re-run DDS and poste the log files back here so we can be sure.

Share this post


Link to post
Share on other sites

Ran AdwCleaner. AdwCleaner(R1).txt is before the clean, AdwCleaner(S0).txt is after. When I ran Clean, it restarted the computer, so I don't know if AdwCleaner was deleted, but I can't find it.

 

Kaspersky TDSSKiller Antirootkit utility:

Processed: 461, Found: 0 threats

 

CCleaner Pro - updated it, then ran for cookies only. Deleted the following cookies.

Internet Explorer - Cookies   1,123 files

Applications - Office 2013   11 files

Multimedia - Adobe Flash Player   303 files

Utilities - SUPERAntiSpyware   6 files

Windows - MS Search   1 file

 

DDS logs attached.

 

AdwCleanerR1.txt

AdwCleanerS0.txt

Attach 3.txt

DDS 3.txt

Share this post


Link to post
Share on other sites

That is looking a lot better :)

 

Now you may have to go into MSConfig and change a few start up items (if you choose).

 

Also you should remove Wild Tangent from your system as that can often be a backdoor for PUP's like Babylon Toolbar, Conduit Toolbar, White Smoke etc..

 

So the big question is, how is your system running now?

Share this post


Link to post
Share on other sites

Wrap Up:

I didn't know I had Wild Tangent. Thanks for the warning. I found it in the HP Games folder. I uninstalled the entire folder.

 

The system is doing fine. Time to restart is at least as good as it was before. I do have some questions though.

 

1. Malwarebytes was corrupted by the virus and still won't run. Since I now have SAS Pro installed, I was thinking of just uninstalling MWB. Do you know of any reason why I would want both on the same machine?

 

2. Norton 360 seems to be doing its job. Do you think the virus might have corrupted it?

 

3. I use a USB as offline backup for documents and pictures. Should I reformat it and reload the backup files in case it was affected?

 

4. At least one of the Trojans was in the Canon printer folder. Did it chose that folder at random, or is it possible that Canon software calls home from time to time, opening a back door?

 

5. I bought and installed SAS after the computer was infected. Is there a simple explanation as to why SAS did not find the virus when I ran it?

 

6. Can you be more specific about what changes I might want to make with MSConfig?

 

Thanks for all your help on this. Obviously, I couldn't have done it without you.

Share this post


Link to post
Share on other sites

1. Malwarebytes was corrupted by the virus and still won't run. Since I now have SAS Pro installed, I was thinking of just uninstalling MWB. Do you know of any reason why I would want both on the same machine?

A fresh copy of MWB would be advisable. It's always beneficial to have 2nd/3rd opinions as not one program will pick up everything hence the varied tools you had to use to remove the problem(s).

 

2. Norton 360 seems to be doing its job. Do you think the virus might have corrupted it?

No it's not likely, however, I have not been a fan of Norton software for a long time (twice bitten and never again) and 360 is the worst of their AV's for defence, I have heard some good things about their NIS 2014/2015 though.

 

3. I use a USB as offline backup for documents and pictures. Should I reformat it and reload the backup files in case it was affected?

I would to be on the safe side assuming of course you don't want to keep anything. If you're unsure you can select a file at a time and upload to VirusTotal to check.

 

4. At least one of the Trojans was in the Canon printer folder. Did it chose that folder at random, or is it possible that Canon software calls home from time to time, opening a back door?

Hard to say exactly. All printer software phones home as they constantly check for updates.

 

5. I bought and installed SAS after the computer was infected. Is there a simple explanation as to why SAS did not find the virus when I ran it?

It may not be in the Definition Database yet, as mentioned earlier no single program will find everything thats why there are a variety of tools on offer.

 

6. Can you be more specific about what changes I might want to make with MSConfig?

In the Startup Tab all you need running during startup are your Anti Malware programs in your case Norton 360 AV only (not any browser helpers etc), and SuperAntispyware.

 

In the Services Tab select the box that says "Hide all Microsoft Services" and uncheck everything left on the list except SASCore service (this will also quicken your startup time slightly).

Optional : Unceck "Hide all Microsoft Services" and uncheck Windows Media Center receiver, Windows Media Center Scheduler, Fax, Windows Card Space, Windows Media Player Network Sharing.

 

There are more optional but that should do for now.

 

*note* you can still use these programs if you need to they will not be removed from the system.

 

Thanks for all your help on this. Obviously, I couldn't have done it without you.

No worries, that's what I'm here for...sort of :D I bet you could if you wanted to ;)

Share this post


Link to post
Share on other sites

Thanks again for your assistance, GuiltySpark. Your combination of knowledge, patience, and fast response is rare these days. I sincerely hope I never have need to access this forum again, but if I do, I hope you're around. Number8

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×