yt8a.exe virus?

[btfanusa]

Last night I turned on my computer and immediately after Windows XP started, my Spybot Search and Destroy warning popped up and warned me that a change has been made in the registry "C:/WINDOWS/system32/yt8a.exe". I clicked "Deny Change" but 5 seconds later, the same thing happened again so I denied it again and then again and again because it continued repeatedly. I ticked the box "Remember my decision" so now it automatically denies the spyware or virus or whatever that thing is. I can use my computer fine, but it is obviously very annoying because every 5 second something is trying to screw with my computer and my spybot would pop up the message "Change is on your black list and has been automatically denied" and I now always have like 4 or 5 spybot warning windows lined up on the right side of my screen! Does anyone know what this yt8a thing is and how do I get rid of it? Thank you so much in advance. 

[senthilvalli]

this is virus problem.. so scan full system using kaspersky anti virus.

[btfanusa]

Ok...when I get home from work tonight, I will try to run that kaspersky anti virus program...

[senthilvalli]

k fine..

[Carbon Dudeoxide]

Senthilvalli, if a user comes here with a Virus/Malware problem, please direct them to this guide:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Btfanusa, please follow that Malware Removal guide.

[btfanusa]

Carbon Dude, actually I read that guide before but I was afraid to follow it, because it says I need to turn off the spybot first right? But in my case, the spybot is blocking the virus every 5 seconds, so if I turned it off, wouldn't the virus actually be able to get to my computer?! Thanks

[Carbon Dudeoxide]

I would still do so. There must be source on the computer that is giving these warnings.

[btfanusa]

I am not sure if I am knowledgeable enough to handle this

If this virus turns out to be pretty nasty after I turn off the spybot then I am screwed because I don't know much about computers 

[Carbon Dudeoxide]

What exactly does Spybot say?

[CBMatt]

I understand your concerns, btfanusa.  If it will make you feel better, then just follow Step 6 for now, which is the HijackThis log.  You don't have to disable the Spybot TeaTimer for this part.  Just get the log posted and we'll take it from there, okay?

[btfanusa]

Sorry for taking so long to reply but the problem has gotten WAY WORSE and my computer has been practically unusable.

The original deal with the yt8a spybot thing disappeared on its own the day after I posted this. I never allowed the change with spybot, it just disappeared by itself. But then, the following new symptoms took over my computer instead:

- my Norton sometimes says Bloodhound packed found, but since it is expired I don't think I can use it to kill the virus
- when my windows starts, it says something like "Ordinal 11 (or 32 sometimes) not found in MAPI32.dll"
- my computer has become SO SLOW it takes 5 seconds after I click something for it to register!
- my computer fan is now always on! it's very loud and annoying and driving me nuts...
- and you won't believe this...but whenever I come to my thread on the Computer Hope Forum, my IE brower will automatically quit! I finally solved this problem by opening a 2nd tab. With the 2nd tab opened, when I come to this thread, my IE will actually ask me "Sure you want to close all tabs?" so I have to keep choosing "Cancel". And this keeps happening repeatedly so you can imagine the *censored* I went through just to come here (but the good part is, the problem stops after I clicked Post Reply). It's like the computer knows I am asking for help and it's ****ing with me!!!

Now attached is the Hijack this blog I made. THank you all so much for helping this computer idiot out.

[Saving space - attachment deleted by admin]

[btfanusa]

I swear there is like a freakin ghost. I just tried to click on every other thread here on Computer Hope Forum, and everything goes smoothly. THen when I click on my own thread, the IE keeps force closing me!! How is this possible?!?! This is the biggest mystery I have ever countered!!!!

[BC_Programmer]

it's probably the fact that the title has the word virus, and the virus installed a browser hijacker that will close the IE window when a page is loaded with certain words in the title- one of them being virus.


In any case- you should perform the malware steps from the beginning now.

[evilfantasy]

You need to follow the guide step for step including disabling Tea Timer. It didn't do much good with it on so no need to worry about turning it off.

The PC is BADLY infected!

http://www.computerhope.com/forum/index.php/topic,46313.0.html

[CBMatt]

Sheesh, no kidding!  btfanusa, please do as evilfantasy has instructed.  Like he said, you are badly infected, and we're gonna have to do some heavy-duty cleaning on your machine.

[btfanusa]

Hello everyone! Sorry for not following the guide at first as suggested. I have done so now, and my computer "feels" normal again (at least to the untrained eyes of a novice like myself)! It is running at full speed, the computer fan has stopped, and the browser no longer quits automatically when I come to this thread! Well, here are more details:

1. I uninstalled Norton to install Avast. For some reason, the uninstall process deleted my spybot also.

2. The SuperAntiWare said I had no infection, so I don't have a log for that.

3. The MalwareByte said I had 200+ infections! Please see the log.

4. After I restarted, I ran MalwareByte again to see if I would still have any infection. It turns out I do. This time it says I have 130 infections. Attached is log #2, I know you guys didn't ask for this but I thought it wouldn't hurt to include it here.

5. I got the latest Java Runtime and then deleted all old versions.

6. Hijack this wouldn't work for some reason. Then I saw you guys said to change the file name to sniper and then it worked again. Cool! Can someone explain why changing the file name worked? Anyway, attached is the new log.

Thank you guys so so much. I know I still have tons of infections but my PC seems to be working perfectly again and that's all I can ask for.

Please let me know what to do next! I will listen I promise

[Saving space - attachment deleted by admin]

[CBMatt]

6. Hijack this wouldn't work for some reason. Then I saw you guys said to change the file name to sniper and then it worked again. Cool! Can someone explain why changing the file name worked? Anyway, attached is the new log.

This is done by some infections.  When they see that hijackthis.exe is running, they will either hide or cause it to crash.  It's a very popular tool when it comes to malware removal, so they know to look out for it.  But when it's named to something else such as sniper.exe, the infection doesn't know what it is, so it doesn't do anything.  Does that make sense?



In any case, your computer is looking quite a bit better, but there are still some things we need to take care of.  The first thing I'm going to have you do is download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.