Malware unremoveable

Hi people... I have a laptop infected.  I posted on another forum with a bit of success, but what follows is my mail, copy and pasted from said forum.

Hello. I have a problem with my laptop that various AV told me that I have Rootkit.Agent in my system. Is annoys me as his slow down my laptop to a snails pace and no matter what / who's advice I followed, I can't seem to remove. Its located in c:\windows\system32\drivers\ywytagq.sys. It may even be the ywytagq.sys file as I can not manually delete. I used AVG, Microsoft Security Essentials, Malwarebytes Antimalware, trend micro Houscall, SuperAntispyware... and none of them can get rid of this 'thing'.

This is my first ever forum post so not sure what anyone who could help me in detail would need. I know what I need though, and it's this thing removed/deleted/killed/trampled then shot.

I can't do a system restore because this laptop never came with the system restore disks even if I bought nine just since more than a year. Its a Hewlett Packard Pavilion dv5 1110em... If that's any help... It seems I have to buy the HP System Restore disk, which seems a bit out of me. Money by typing c *. In addition, vista (32 bit) was preinstalled, so I have no disc for to be.

This made my nut.

Please, can anyone help?

... and...

Hi peeps, thank you for the welcome and information so far.

Microsoft Security Essentials won't update the definitions all of a sudden... I need to be connected to the Internet when I'm already. It gives an error code of 0x80072efe... whatever it is.

AVG can't find anything when I do a Rootkit scan or anything when I scan the infected file (c:\windows\system32\)

MBAM always detects the infection and lists as Rootkit.Agent in c:\windows\system32\drivers\ywytagq.sys and said it will remove the element on a restart... it never... even if I run the program in SafeMode... ALWAYS infection remains

MSE stopped me to download UNLOCKER. Said that it detected TrojanClicker:Win32 / Yabector.B. within Unlocker.

SuperAntispyware is not something other than some tracking cookies

Defender will not update or another. It has 0x800106ba and 0x800106b5 errors

A reboot, when I press F8 to got to the menu "System Restore" and choose the repair, I get an error with the code 0xc000000f. She not get spent then must restart Windows normally or in safe mode.

My HP restore partition does not work correctly... There never. Basically I have a spare 9 GB of space on this laptop that I never use.

The date of the file ywytagq.sys is identical to today. So, for today, it's 09/03/2010...tomorrow that it will be 10/03.2010 I'm gusseing, as was the previous dates (08/03, 07/03). I can't rename or move to another folder... it does not allow me to. I tried calling bollocks.sys... but computer says no! It is in my opinion definitely uneeded and the cause of all this. In practice, it opens the tabs in my browser that connect to advertising and also someones YouTube channel.

Just off time protection real MSE to re-download Unlocker. It worked this time but Unlocker couldn't unlock the file ywytagq.sys. Although I agreed to let him perform a deletion on the next reboot... results to follow.

MBAM is also constantly blocking IP "malicious." Almost 1 every 2 minutes. If I can work out how to attach logs for this post, I'll do for your reading amusement and potential. I do, incidentally, serioulsy appreciated all the help and all the time you give a lot to this problem of mine.

Overall, this laptop sounds shagged you don't think. If only I had HP restore disks.

(OK, cannot work out how attatch to the logs for this post... so, just copy n paste them in?)

... and...

OK, after a reboot, the file is STILL there... Unlocker has not removed it. To add to my woes, MSE has just detected Trojan:winNT / Bubnix.gen! In c:ProgramData/Microsoft/Search/Data/Applications/Windows/tmp.edb

Anyone know of a place I can get a decent laptop for free? That's a joke btw.

Help

I am running ESET scan (advised one of the other forums members) which is more than 48% full.  I'll post the results later.

Hello

Here malware complete verification methods, including rootkits.

No one program cannot be used to detect and remove any malware. Added that often easy to
detect malware is often accompanied by a much more difficult to detect and remove the payload. If it is better
to be too full now than paying the price much later. Check with them to an extreme overdose
point and then run the cleaning only when you are sure that the system is clean.

It can be made repeatedly in Mode safe - F8 tap that you start, however, you must also run the
in the regular when windows you can.

Download malwarebytes and scan with it, run MRT and add Prevx to be sure that he is gone.
(If Rootkits run UnHackMe)

Download - SAVE - go to where you put it-right on - click RUN AS ADMIN

Malwarebytes - free
http://www.Malwarebytes.org/

Run the malware removal tool from Microsoft

Start - type in the search box-> find MRT top - right on - click RUN AS ADMIN.

You should get this tool and its updates via Windows updates - if necessary, you can download
It's here.

Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
(Then run MRT as shown above.)

Microsoft Malicious - 32-bit removal tool
http://www.Microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Microsoft Malicious removal tool - 64 bit
http://www.Microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495e-94E7-6349F4EFFC74&displaylang=en

also install Prevx to be sure that it is all gone.

Download - SAVE - go to where you put it-right on - click RUN AS ADMIN

Prevx - Home - free - small, fast, exceptional CLOUD protection, working with other security programs.
It is a single scanner, VERY EFFICIENT, if it finds something to come back here or use Google to see how
to remove.
http://www.prevx.com/   <-->
http://info.prevx.com/downloadcsi.asp  <-->

Choice of PCmag editor - Prevx-
http://www.PCMag.com/Article2/0, 2817,2346862,00.asp

Try the demo version of Hitman Pro:

Hitman Pro is a second scanner reviews, designed to save your computer from malicious software (viruses,
Trojan horses, rootkits, etc.). that has infected your computer despite all security measures that you have
taken (such as the anti-virus software, firewall, etc.).
http://www.SurfRight.nl/en/hitmanpro

--------------------------------------------------------

If necessary here are some free online scanners to help the

http://www.eset.com/onlinescan/

http://OneCare.live.com/site/en-us/default.htm

http://www.Kaspersky.com/virusscanner

Other tests free online
http://www.Google.com/search?hl=en&source=HP&q=antivirus+free+online+scan&AQ=f&OQ=&AQI=G1

--------------------------------------------------------

Also do to the General corruption of cleaning and repair/replace damaged/missing system files.

Run DiskCleanup - start - all programs - Accessories - System Tools - Disk Cleanup

Start - type this in the search box-> find COMMAND at the top and RIGHT CLICK – RUN AS ADMIN

Enter this at the command prompt - sfc/scannow

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe)
program generates in Windows Vista cbs.log
http://support.Microsoft.com/kb/928228

Run checkdisk - schedule it to run at the next startup, then apply OK then restart your way.

How to run the check disk at startup in Vista
http://www.Vistax64.com/tutorials/67612-check-disk-Chkdsk.html

-----------------------------------------------------------------------

If we find Rootkits use this thread and other suggestions. (Run UnHackMe)

http://social.answers.Microsoft.com/forums/en-us/InternetExplorer/thread/a8f665f0-C793-441A-a5b9-54b7e1e7a5a4/

I hope this helps.

Rob - bicycle - Mark Twain said it is good.

Tags: Windows

Similar Questions

  • After Malware that my login is disabled cannot start in safe mode

    Hi if anyone can help.

    A friend tried to watch movies online, I'm not sure of the site they visited, but were asked to install MacKeeper and I believe that they did, as I noticed it was to download and installed the following day and I asked them why they did this and they said it was the only way to watch movies!

    Anyway to cut a long story short my friend then called me to say they received a "pop" window to say that my computer has a virus and call a number of 1800... I told them to do nothing certainly not call the number and I would like to sort.

    So basically since then that then I can not connect to my main account at the start, the section where you type your password won't let me type into it and there is a symbol of the brand of 'question' next to it. If I hold my mouse over the question mark I get a dialog box stating "Please enter your password to iCloud as... as well as the date. I can only login as a guest and I cannot connect in 'safe' mode by holding down the SHIFT key.

    I deleted the MacKeeper Application (and also another OS player application that is newly installed the same day!) and empty the memory cache of my browsers and also now upgraded to 10.11.6

    I also run disk utilities, but still I'm getting this problem trying to connect to my main user account!

    I think that it is some kind of malware, does anyone have ideas how to solve at least the connection problem?

    If I could stamp out to see if there is any malware stuff going on behind the scenes it would be too great!

    All suggestions welcome.

    Thanks, Ciaran

    How did you uninstall the MacKeeper application? Please be as specific as possible, unless you have followed the steps, I suspect that your system has installed to uninstall. If this is the case then you will need to re-install and uninstall immediately by following the instructions of developers. Otherwise, the best thing to do is to do a wipe and installing OS X and then manually install your applications and restore your data from your Time Machine backup.

    I'm sure you probably learned to not let this 'friend' enter the 100' of your computer.

  • Malware

    Ive seen discussions on a future message that "Your Mac has blocked please call this number + 44 8000 988 382" and then the State of my login information and Facebook credit card were stolen. An address bar is where I guess that ready to go into the details if you call the number of someone trying to access the remote Mac. I force quit safari and has no dial, I'll do something else with the Mac? Apple will consider it if I had to give them the address that comes is not official apple? Visitnewyorkcity.Club/?source=47452_58884_trhzc.com

    I had checked a picture of star wars on Google.

    Thanks for any help.

    The whole thing looks like similar scams where they want you

    your tax and private volunteer information and perhaps even

    allow them to hijack your computer too.

    A search revealed a few ideas on what to do about the issue,

    and also how to or where to report them. To solve any problem of

    the actual visit to a wrong page, is probably more important

    that reports the website of Apple, for your own use of Mac. See:

    https://www.Google.com/search?q=report scam + web + pages + to + apple

    https://www.Google.com/search?q=report + malware + web + pages + to + apple

    • A popup browser scam took more than Safari - Apple Club

    https:// site.google.com/site/ clubfhs/support/advice.../browser-popup-hijack-safaapple...

  • The malware removal

    Hello

    I think that I was not careful enough and that you have installed a malware on my mac. To many sites that I visit, the ads appear, and when I click somewhere on the page (not even on ads) a couple new tabs open and talk a bit about Flash or suggest antivirus,... ads are usually 'TurboMac' and 'DealTop '. I do not see the extensions in my browser, but I have this problem with all my browsers.

    Please help me get rid of this problem and I promise to be more careful in installing apps!

    (I use OS X El Capitan and I have enabled FileVault)

    Thanks in advance.

    Hello M4appleS,

    I wrote a small diagnostic program to help show what adware is installed. Download EtreCheck from http://www.etrecheck.com, run it and paste the results here. EtreCheck is perfectly safe to run, don't request your password to install and is signed with my developer Apple ID.

    If adware is installed, EtreCheck will help remove you, although you may need to provide a password. If you are not comfortable with that, just after the report of EtreCheck here and other AIDS can tell you exactly which files should be deleted and the way to do it.

    WARNING: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.

  • The fake Flash Update malware removal

    Over the weekend, my iMac received the fake local saying Adobe Flash needs an update. I checked that I was indeed the last version for OS X. Now I get the pop up every hour or so and I want to get rid of.

    I have never clicked on the download button. I tried Malwarebytes, but it found no malicious software, which could be because of me is not clicking on download.

    I'm sorry if this is off topic for OS X, but perhaps someone can direct me where to go for help.

    Thank you

    Bart

    Using Chrome and El Capitan

    Try MalwareBytes Anti-Malware (formally AdwareMedic)

    <https://www.malwarebytes.org/>

    There is a free option for Macs

  • Malware pop up message

    How do you prevent this message appear on my desk, on my macbook pro?

    -Quit Safari and reopen it with the SHIFT key.

    -The popup may be javascript on the Web site. If that's true, you can turn off javascript but many site need javascript to work

    -You can check if the adware is on your computere:

    First try

    How install (really delete) adware

    https://discussions.Apple.com/docs/doc-7471

    Stop advertising and pop-up advertising windows in Safari

    https://support.Apple.com/en-us/HT203987

    Adware removal Guide: Identification

    http://www.thesafemac.com/arg-identification/

    Next if necessary:

    Malwarebytes Anti-Malware for Mac

    https://www.Malwarebytes.com/antimalware/Mac/

    https://www.Malwarebytes.com/mac-download/

  • Gray screen of malware and 'voice' to dial 1 888 to fix the malware? What should I do?

    This morning I opened the email m and there was one that looked like it came from apple... I clicked it and a gray screen appeared with a voice that tells me to call the number 888 a1.  I can't get rid of the email.  Can I get rid of it by stopping?  In the message my access to my hard drive appears and asks me to enter the password etc... I didn't get this because I want to make sure that it does not allow malware to enter my hard drive like that.  Please help me with what I can do.  I have "silenced" the voice and he has declined so that I can continue on...

    See this tip Phony 'technical support' / 'ransomware' popups and web pages

  • Why my blog site is in the list of site Web Malware in Safari

    When I access my blog site: http://blog.dreamtobe.cn in Safari, it jumps on the site of "Attention site Web Malware" automatically. I even confuse on it, because there's just tech messages in my blog Web site, it is very clear and safe with the https://hexo.io/ framework, and even, I already opened the source code of my website in the Github: https://github.com/Jacksgong/Blog .

    Also, when I check "malware"101.200.173.217"status" on the page of diagnosis of safe browsing Google, it shows his "not dangerous".

    Please give me some ways to solve this problem, it is very important for me, thank you very much.

    I do not receive this warning when I go to the site you posted.

    Try to run this program, copy and paste the result in a response. The program was created by Etresoft, a regular contributor.  Use please copy and paste the screenshots can be difficult to read. On the screen with the Options, please open Options and tick the boxes in the bottom 2 before the race. Click on the button "Report share" in the toolbar, select "Copy to Clipboard" and then paste into a response. This will show what is running on your computer. No personal information is shown.

    Etrecheck - Information System

  • Windows malware is really harmless under Mac?

    Hello!

    New Mac owner. Coming from bottom of Windows, I have to ask the following question:

    Even if my Mac Windows malware, nothing is really happening? He can't steal passwords, spy on me etc.?

    http://www.InfoWorld.com/article/2617132/Mac-OS-x/why-Mac-users-should-care-Abou t-windows - malware.html

    The good news is that even if Mac are able to host Windows viruses and Trojans targeting, these machines cannot be harmed by the malware in almost all cases.

    Is this article the right there is a possibility or...?

    -L' user who suffered years of Windows security flaws

    The article is accurate. Work of the malware order must run on the computer. The malware is Widnows only she can't run OSX. However, it can infect Windows Boot Camp and facilities of machine virtual windows.

  • cannot get rid of malware

    My macbook pro has been infected by malware. I can detect it, but can not delete and continues to move whenever I open my mac. Is there a solution?

    You can install and run Malwarebytes scan https://www.malwarebytes.com/antimalware/mac/

    After the scan removes all found items, it must remove all malware.

  • Malware on my MacBook? !!

    How to remove malware from my system? :

    Earlier today, I was typing a Word with Safari open in the background document. Suddenly, I noticed that the Safari window had become black. When I click on the Safari window to see what was going on, I noticed that the window that was opened had been replaced by a message from the thesofttic [dot] com asking me to "install the new Flash Player".

    It looked suspicious, so instead of following the instructions, I have google thesofttic [dot] com. I found that he is, apparently, a distributor of malware. Worse still, once he "digs its way into your computer," it can cause everything * to detach.

    Sources for the claim above:

    http://malwareremoved.com/how-to-stop-www-thesofttic-com-fake-upate-popup-Comple tely.

    http://pcthreatskiller.com/How-can-i-remove-thesofttic-com/

    So, I have several questions about this.

    First of all, have malware on my MacBook, even if I didn't click on the links to thesofttic [dot] com? How can I check for malware? If my MacBook has malware, how can I remove it?

    Secondly, I have had my iPad connected to my MacBook when thesofttic [dot] com window appeared. My iPad is now infected by malware as well? How will I know? If my iPad malware, how can I remove it?

    The two links above suggest you use MacBooster or MacKeeper, but these sounds like malware themselves!

    What should I do?

    Thanks in advance for your help.

    Effective defenses against software malware and other threats

    Phony 'technical support' / 'ransomware' popups and web pages

    Do not install third-party applications that claim win in performance or clean your computer.

    It is safe to download and use malwarebytes for Mac https://www.malwarebytes.com/antimalware/mac/

  • Research of Windows malware?

    Hello!

    I heard that Mac can have Windows malware, and although it is harmless for Mac (Windows malware can´ ' t really steal passwords?) it can move for users of Windows through mail or such?

    I Don t want to infect windows using buddies then the advice? I have Malwarebytes and Avast for Mac, but they assume Don t look for malware from Windows?

    I can't speak from personal experience about Malwarebytes and Avast for Mac, but I can say that Sophos Anti-virus for Mac detect and report the Mac and Windows malware.

    I am surprised that a horde of people not already jumped in and said Macs do not need anti-virus software anti-virus itself is a real nuisance. However they seem to still do not understand is that companies often have to ensure that they do not spend on malware to these unfortunate people using Windows.

  • virus Malware on my Iphone 5

    I was search the web yesterday and an alert out said I had a spy virus of malware on my phone.  Now, safari will not change and is enclosed in it.  I restarted my phone several times even a hard reboot with no luck in my phone back to normal.  This problem can be corrected or is the unwanted phone now?

    unless your phone is jailbroken, you don't have a virus or malware.

    See the information about clearing your browser settings here

    Safari web settings on your iPhone, iPad and iPod touch - Apple Support

  • Pouvez utility disk scan for malware?

    Utility scan disk for malware? And it can search the malicious software on an external hard drive?

    # It is not find malware.

  • FedEx malware message received message is that my MacBook is locked

    On trying to unsubscribe from receipt of all other e-mail from FedEx, I received a message that my MacBook is locked and he has a virus and I should call a number. I restarted my MacBook and everything looks fine, but I fear, if I must indeed, a virus/malware in the system. Help?

    It's a scam, you have made the right choice.

    Report Phishing

    http://www.Apple.com/legal/more-resources/phishing/

    Identify the fraud email

    https://support.Apple.com/en-us/HT204759

    Identify legitimate email Apple on iTunes store

    https://support.Apple.com/en-us/HT201679

Maybe you are looking for

  • It says sync on, but I was not asked for the code "pair device".

    I have the code of pc1 but pc2 has already said "sync on. Aren't my favorites from pc1 on pc2. What should I do? Mick

  • iCloud, do not sync photo

    Hello I use an Iphone 4S and since my internal storage became full I bought / upgraded my default 50 GB storage plan. But no pictures are synchronized. I restarted my iphone and icloud, but nothing happens. Does anyone have some advice on how to forc

  • HP Pavilion 15-e021nr: need drivers

    So, my old hard drive broke and I got a new. I decided to install windows 7 instead of the OEM 8 win (thought it was a good time to finally do that I hate to win 8). I can't find the drivers for this model on the support page, any help? Where can I g

  • How to keep caps lock come on laptop as soon as it starts

    original title: capital lock comes on laptop as soon as it starts, do not know how to change capital Lock lights as soon as laptop starts. changing lowercase to capitals does not work. don't know how to change it. can anyone help?

  • Windows Update works only on windows 7

    Suddenly getting an error code 80244019 windows when I try to use windows update. It all started yesterday when Microsoft gave me 15 updates... Can not find answers as to what to do to solve this problem - I use windows 7 and I don't want windows 10!