Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about how ycm.exe virus installs


  • Please log in to reply
5 replies to this topic

#1 Contender

Contender

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 December 2011 - 03:38 PM

I am an administrator of a fairly large internet forum. We run VBulletin software, out of 20K new views every day we have had 50 users over the last moth get infected with this ycm.exe virus. It seems like a very small percentage and I thought they were nuts, that is until it happened to me. Luckily I had my rescue flash drive handy. I used RKILL and Malwarebytes to stop the infection. My question is where does this virus come from, and how does it get through our forum security? Could it be coming through the adds on the forum? Thanks for taking the time to read this cry for help and for any information.

Regards
Guy Smith

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,880 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:45 PM

Posted 31 December 2011 - 04:11 PM

Google Results

Louis

#3 Contender

Contender
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 01 January 2012 - 06:27 AM

Thanks but Google was where I went first, and it does not answer the question. It tells me what the virus does mostly through nefarious cleanup sites, but not how it moves through the forum software. That is why I asked the question.

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 AM

Posted 01 January 2012 - 07:00 AM

It tells me what the virus does mostly through nefarious cleanup sites, but not how it moves through the forum software. That is why I asked the question

.
Would you care to name your site so that we can look at the protection enabled for it ??

EDIT -
Why was this posted in the XP area of the forum ?? Are XP systems more involved ??

Edited by noknojon, 01 January 2012 - 07:02 AM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,880 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:45 PM

Posted 01 January 2012 - 08:38 AM

This is the XP forum :).

While varying levels of knowledge may be held by the many members...asking questions about malware topics are not likely to provide an appropriate answer to any of your queries.

You might try the forum at http://www.bleepingcomputer.com/forums/forum25.html .

I will move your topic there.

Louis

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:45 PM

Posted 01 January 2012 - 05:46 PM

Malwarebytes classifies ycm.exe (and similar files) as Trojan.FraudPack. That classification usually indicates it is related to rogue security software, a common source of malware infection. Rogues typically infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. The Trojan is distributed via the Internet in a variety of ways to include email spamming and visiting infected websites that use drive-by download tactics.

Please read How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users