Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Hackers Don't Give Site Owners Time to Patch, Start Exploiting New Drupal Flaw Within Hours

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Help me get rid of ytasfw rootkit

Started by ytasfw , Aug 22 2009 05:39 AM

Please log in to reply

1 reply to this topic

#1 ytasfw

Members
1 posts
OFFLINE

Local time:09:29 PM

Posted 22 August 2009 - 05:39 AM

Problem:
Continous hard drive access even when pc is idle.
C: disk space goes down about 10MB every 30 seconds until reach 0MB.
Very slow performance, takes 3 minutes just to open FireFox.
Whenever login to any site, FireFox freezes for about 5 seconds.

MBAM, Symantic, SpyBot, HijackThis all come up clean.

GMER found the hidden service ytasfw followed by several random characters.
When I clck to delete the process and the confirmation popped up, I clicked No by accident.
The ytaswf entry vanished and GMER can't find instances of ytaswf on subsequent scans.
Did it get added to ignore list?

So far I read that the latest Root Repeal released 08-14-2009 can remove the rootkit but I can't run the program, it just eats up all my memory without starting and I renamed it same thing. I read that somebody on this forum also had the ytaswf rootkit about 20 days ago but still can't get it removed as of now.

Are there any other tool available that can remove this rootkit?

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 garmanma

Computer Masochist

Staff Emeritus
27,809 posts
OFFLINE

Location:Cleveland, Ohio
Local time:10:29 PM

Posted 23 August 2009 - 09:26 PM

Download Sophos ARK to your Desktop from here:
http://www.sophos.com/products/free-tools/...ti-rootkit.html

Sophos does not update itself, so be sure to download the latest version from their website.

Double-click on the icon and the wizard will guide you through the installation

It is recommended that you close down all non-essential programs

Depending on the individual computer the scan can take anywhere from 5 minutes to over an hour

Start the scan by clicking Start>Programs>Sophos>Sophos Anti Rootkit>Sophos Anti Rootkit

Select the checkboxes for the areas you wish to scan
Select the Extensive scanoption

Click Start scan or hit Enter

The names of suspicious files are displayed in the results list in the upper panel

The results list may also display registry keys or values. these items should not be marked for removal

If you have any question on a file not automatically marked, go to the Sophos website: www.sophos.com
Type in the name ofthe file in the searchbox at the top of the homepage and click Search

Click Clean up checked itemsand when the dialog box appears, click yes
When the dialog box reappears, reboot the computer

A second scan is recommended

To remove Sophos ARK from your computer, go to [b]Start>Programs>Sophos>Sophos Anti Rootkit>Uninstall Sophos Anti Rootkit

Edited by garmanma, 23 August 2009 - 09:27 PM.

Mark

why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter