ytbb.exe is infected........endless warnings from windows....
I cut my system off within 5 seconds of the attack. I'm pretty sure it was malware.
Main Topics
Browse All Topics
Loading Advertisement...
Question
system infected can not open any desktop icons, AVG, IE, ETC.
I was able to get here thru Firefox.
I know these files are infected::
windows\syssvc.exe
system32\iehelper.dll
Windows keeps telling me I'm infected but all these "unknown virus scanners pop up"
I think it is Malware. but Malwarebytes won't open from my desktop, nothing opened except Firefox
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Subscribe now for full access to Experts Exchange and get
Instant Access to this Solution
- Plus...
- 30 Day FREE access, no risk, no obligation
- Collaborate with the world's top tech experts
- Unlimited access to our exclusive solution database
- Never be left without tech help again
Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.
- "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
- "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
- "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.
See what Experts Exchange can do for you.
Got a question?
We've got the answer.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
Need individual assistance?
Our experts are ready to help.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Want to learn from the best?
Read articles from industry experts.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Working on a long term project?
Store your work and research.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Trusted by the world's most respected brands.
Faithfully serving IT professionals since 1996.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Free Tech Articles
-
WARNING: 5 Reasons why you should NEVER fix a computer for free.
It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
-
SCCM OSD Basic troubleshooting
SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
-
Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
-
Create a Win7 Gadget
This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
-
Outlook continually prompting for username and password
There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
-
Backup Exchange 2010 Information Store using Windows Backup
There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...
Cloud Class Webinars
- Avoiding Bugs in Microsoft Access
Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
- Top 10 Best New Features in Visio 2010
Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
- IT Consultant Business Secrets Revealed
Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
- Disaster Recovery and Business Continuity
Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
- Organize Your Visio Diagrams with Containers and Lists
Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
- How to Us Objects, Properties, Events and Methods in Microsoft Access
Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Answers
A couple other files said to be infected are:
logonIE.exe and rundll.32
I rebooted in safe mode
did a system restore to Oct. 4th.
rebooted in safe mode
doing an AVG scan but it on the "command" page and I have not used this much so not sure if AVG will remove any infections or I'll need to give some command.
Anyone with detailed help on what should I do next?
custom made, I have Intel Express Installer driver CD, Windows XP disc, never heard of a restore disc.
This is not my first attack....maybe the 4th, so gotten thru them before with a series of steps........without safe mode......
This one could be unique.
Is all my safe mode scans zero value since I am in safe mode?
Hello Nick.... I feel bad for you... you have been dealing with all these issues for months now....
Although, on the bright side.....you've learned a lot about your system, viruses, startup items, services, etc....
My last advice on your initial post, after clearing out all the malware and spending days on it remains......After a severe infestation.....many files are damaged.......at this point you have repaired, got infested again....repaired.....if you want to go through this again....trust me.....it's a can of worms........
I would reccomend....and let me post this again just to avoid the "Die Hard" repair advocates.... a clean install:
We repair several thousand machines every year and my opinion on this is sometimes controversial but I will keep saying it again and again unless someone convinces me otherwise.
Most of us, including myself, tackle a repair as a challenge... we enjoy the fight , the satisfaction of being able, the knowledge acquired on every repair..... this said, when a virus or any other malware attacks a computer it does a lot of damage. Most of this damage can be reverted by removing and replacing the infected files and reverting some of the changes made to the registry (notice I said most).
The problem is with multiple infestations and automatic removals. You get the machine back to a "working" level but it is always left somewhat limping.... with some kind of a "...lingering problem...".
As a challenge, ideally you would address each one of these infestations and correct each one of the issues (if you know them) created by these malwares. The problem is that every one of these malwares does different damage, behaves differently and even the same one is created sometimes to name itself at random and make different changes so, in reality, it is very seldom when you can address every one of the issues created......it is just not cost and time efficient.
It is a task that requires a trained and knowledgeable individual, someone who has to keep himself updated and trained of all the new technologies and threats, which would theoretically make him an "expensive" individual. This person would have to have the time to invest in performing these repairs and someone willing to pay for this time.
Look at your own example.....you've spent a minimum of "...7 hours...." (I know that probably much more) trying to get your pc back to normal. Time-wise it would have been better and more efficient if you backed up all your data and did a clean install of Windows XP. Reinstalled your drivers and favorite programs. It would have taken you about 2 or 3 hours if you did not have a previously made image of your computer.......15 to 20min if you have an image of your computer.
My point is....... if you ask me .....a clean install is most often the best solution. Not always, but "generally".....
My advice again: backup your important files such as pictures, documents, favorites, etc..... after this....WIPE OUT the computer completely...
All I know to do is locate the thread from many months ago on my last infection and follow the instructions, if I can find it, but this infection seems to make all shortcuts on the desktop to be unable to be opened.
I can wait here in safe for for some instructions.
BitsBytesandMore:
what is your advice as I wait for others who might want to jump in?
I've got to remove these infections one way or the other.
I've got my system, monitor, on a surge protector, and that button is a few inches from my left knee. I saw the warning of a malware attack and immediately killed power to everything.
How can I run Malwlarebytes? Is that any help?
Firefox lost it's ability to locate the EE server, so I'm using IE.
"Time-wise it would have been better and more efficient if you backed up all your data and did a clean install of Windows XP. Reinstalled your drivers and favorite programs".
Can you provide a list of the drivers you mention above?
backup data is totally unknown to me. I've been asked to do that many times. Do not know how. PERIOD. and the instructions were too advanced except for me. I've never used a floppy.
I have no problem spending the next many hours fixing things. Nothing better to do.
>>>> ok, suppose I'm ok doing that, many hours, what is the current answer on how to access diagnostic tools in normal mode?
So, what has been infected? My Windows XP?
The drivers are specifically for your system....this is why I asked you before if you had the drivers disc....
You can download them from this site and save them to a safe place.....an external drive, a flash drive.....
http://www.intel
These are the drivers you will need..... make sure you save them onto a CD, external hard drive...anywhere off the computer that you can later access.... Also make sure you download the ones for "YOUR" OS .... if you are using XP, it would make no sense to download the one for Vista......(some of the drivers say that will work on several OS's.... this is Ok..)
save them onto a CD, external hard drive...anywhere off the computer that you can later access
download them from this site and save them to a safe place.....an external drive, a flash drive
do not know how to save anything like above.
-----------------
After spending many hours ... you can probably repair your computer.....but again: after spending many hours or days. At the end....it will be in a working condition but you will have all kinds of "bugs" and/or "lingering problems"....
Can the above be Step 1.....and re-install, driver's etc. be step 2...?
here are 2 threads from last time:
http://www.experts-exchang
and another thread within the one above.
Nick... when you are in safe mode you are not loading anything else but the most essential drivers and services for Windows to work. This is why IE is working fast.
If you do not know how to save files, it might not be a good idea to do a clean install because if you get stuck on the way and loose access to the internet ......without someone to advise you, ... you will be in deep trouble.
At this point I would suggest you click on the "Request Attention" button at the top of the screen (at the right of your question).... try to request that rpggamergirl look into this issue and assist you....she is the most knowledgable person I know in regards to removing and repairing virus and malware damage.
Make sure she is aware ....(make her aware) ....of the history of this issue. You do not have to type everything out....just point her (copy the links of the questions) to the last 3 or 4 threads so she can review the repair steps taken and the results.....
Hello nickg5,
Running ComboFix as already advised would be a good idea at this point in time, but don't run it in safe mode unless the computer cannot actually boot into normal mode.
The URL to download ComboFix is here:
http://www.bleepingcompute
Make sure to read the instructions carefully before running ComboFix. If ComboFix runs for a second, then disappears then download it again and rename it to jabba.exe and run it again.
rpg is probably going to ask you to run ComboFix as well, so it would be best to do it anyways.
Hope it helps.
Experts,
If I may, and with all due respect....before replying to this question, it would be wise and would help a lot more if you would please take a look at the background of this problem. We have been driving Nick "Nuts"......
This is the first one I saw.....but it is my understanding that there was a previous one:
This
http://www.expert
Bits.
Scan ur pc with the bootable rescue cd
Download FREE Bootable Rescue CDs from Kaspersky, BitDefender, Avira, F-Secure and Others
http://www.askvg.com/downl
Personally i recommend
Kaspersky Rescue CD:
warturtle:
I can boot in normal mode, but when I first booted today, Any attempts to download anything from the desktop resulted in alot of popup warnings and unwanted websites opening themselves.
I've been in safe mode since.
Kelly:
I could not open up Malwarebytes in safe mode.
I went into safe mode and ran AVG. It found some locked files but as far as it removing anything I'm not sure it did.
Are you saying to run Combofix in safe mode and re-boot and do the other steps in normal mode?
I did not think Combofix would FIX anything until it's results were looked at and certain entries removed.
pankusareen:
does Download FREE Bootable Rescue CDs from Kaspersky involve burning to a CD?
Also been away from my pc for 3 hours...........sorry.
Hello again Nick,
I thought I had been through before when I explained how to remove viruses and/or malware..... I guess I wasn't:
Go into Safe Mode.
Then go to this website and download these programs:
MalwareBytes Anti Malware.... http://www.malwarebytes.or
and/or SuperAntiSpyware http://www.superantispywar
Make sure you update to the latest versions.
Once downloaded (you may need to rename MalwareBytes, Combofix or other tools before saving their files to the desktop as Malware can recognize the name and block them unless renamed)
While still in Safe Mode, Go to Start-Run and type:
Msconfig
Once in the application, go to the services tab and "hide all microsoft services" select the remaining and disable". Then go to the Startup Tab and disable all entries.
Reboot.
After the system boots it will give you a warning regarding the changes made by msconfig. Select do not warn me again.
Now you can run the anti Malware applications recommended above.
If the problem persists...go to http://www.bleepingcompute
BitsBytesandMore:
sure I knew all those instructions, did them last week.
However, that was just a couple IE issues and not an actual attack like I had last night.
I thought last night's REAL attack was totally different than the reason for what we did last week.
--------------------------
warturtle:
I was in safe mode and ran Combofix. (my error on a log, I was thinking of HijackThis - but I do have the combo fix log from today).
I had to proceed without disabling AVG. I could not disable it and tried to just remove it and re-download. I could not un-install AVG because 1 file could not be found.
The Combofix deleted 2 files:
Windows\Installer\1283ffc.
Windows\system32\msblcd32.
Do they mean anything to anyone?
It rebooted my system in normal mode, and there is a log if someone should see it.
I am not getting any security alerts or anything. No current indication of infiltrations.
I should be able to run Malwarebytes.com and
repeat the process I did last week with help from BitsBytesandMore:
BitsBytesandMore:
Since that article on yahoo answers about the "sigmatel shutdown end of program" thing, did not work, I'll try disabling all the entries in the startup tab within Msconfig (as suggested by the 1st responder in that other thread) and see if that helps. If so, I can go back and re-enable them one at the time to eliminate the one causing the problem.
Nick.... really .... I'm serious about this.... I posted a set of instructions for you to follow in order...... you are not following them..... first you've got to get the machine clean..... NO TESTING OF THIS OR THE OTHER..... it first has to be clean......
Follow the instructions above..... then ..... after we know it's clean... you troubleshoot any "lingering issues".....
By the way Nick.... Once you see the message about Malware ..... your already infected. Things like:
".....I've got my system, monitor, on a surge protector, and that button is a few inches from my left knee. I saw the warning of a malware attack and immediately killed power to everything...."
can actually damage your hard drive.....never ....never....kill it like that....Those things are only on TV......
BitsBytesandMore:
sorry....I do not see any instructions above, where you told me to repeat last weeks fix. I see instructions about drivers and backup disc, re-install, etc. I asked if getting things in workable condition could be step one and then re-install step two.
I see the below: (after someone suggested combofix and those other 2 members posted their comments) >>> I will now do the following <<< (I could not do the below because I could not boot in normal mode due to the popups and warnings and unwanted sites opening up very quickly, I could not run Malwarebytes, it could not be opened from my desktop).
I can now do the below (vvvvvvvv) since my system seems stable and no indications of any problems. I apologize for not knowing how to do those other things, drivers, etc. before the Combofix comment.
(vvvvvvvv)
Go into Safe Mode.
Then go to this website and download these programs:
MalwareBytes Anti Malware.... http://www.malwarebytes.or
and/or SuperAntiSpyware http://www.superantispywar
Make sure you update to the latest versions.
Once downloaded (you may need to rename MalwareBytes, Combofix or other tools before saving their files to the desktop as Malware can recognize the name and block them unless renamed)
While still in Safe Mode, Go to Start-Run and type:
Msconfig
Once in the application, go to the services tab and "hide all microsoft services" select the remaining and disable". Then go to the Startup Tab and disable all entries.
Reboot.
After the system boots it will give you a warning regarding the changes made by msconfig. Select do not warn me again.
Now you can run the anti Malware applications recommended above.
If the problem persists...go to http://www.bleepingcompute
There are many ways of dealing with Malware.....the problem is that everyone will tell you a different way.... and most of them are right.....there are 100 ways of doing the same thing...just stick to one way until you understand it.
The most basic thing you need to do is to disable the startup items, disable all non microsoft services and sometimes even disable system restore.....depending on the malware.....
I remember talking about this with you......this is the most basic approach to diagnosing any problem whether it be malware or other issue.....
I'll repeat the above, and then run combo fix again.
My system shows no indication of virus.
I ran AVG in safe mode before any comments were made. That may or may not have removed anything.
The scan results disappeared.
I'll leave the sigmatel thread open until the rest is done.
If no one here has a comment on the two files removed by Combofix or seeing the Combofix log, I guess I can close this.
I did not do pankusareen's idea but it can be given poiints as something that can be of future help.
I am not knowledgable on doing backup disc, etc.
I do have two Kingston USB data traveler's one is 1GB and the other is 2GB (never used).
The most basic thing you need to do is to disable the startup items, disable all non microsoft services and sometimes even disable system restore.....depending on the malware.
ok...............good.....
I'll run Malwarebytes again and also check those IE problems from last week, but as I said yesterday, they were back, and the only hint I had as to why was my system had not been re-booted for 11 hours.
I have not been able to review that thread or any others.
The attack last night was after I had detected a return of the IE browsers that can not load pages.
with things workable I can aggressively explore the re-install of XP?
Once you have all your drivers......you can play and play knowing that you can recover your system withing an hour or so if you make any mistake or get attacked by any malware.... but you need to learn first....how to install your XP and how to install the drivers.... do a Google search..... it's easy..
Everything seems to be working the way it was before the attack.
Before any one responded to my question, I ran AVG in safe mode and did a system restore back to Oct. 4th, 2 days before the attack.
I ran Combofix and will also complete the process detailed in comment 25509330 above.
I have not used Kaspersky Rescue C or a registry cleaner at this point:
3 Ways to Join
Business Accounts
- Perfect for organizations
- Multiple users
- Save over 36%
- Create a Business Account
Answer for Membership
- Earn free access
- Showcase your knowledge
- No credit card required
- Sign Up to Answer
Loading Advertisement...
by: nickg5Posted on 2009-10-06 at 06:24:17ID: 25504690
barely able to submit this question due to all the popups.