Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yourtv.link


  • Please log in to reply
1 reply to this topic

#1 dariansdad

dariansdad

  • Banned
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 27 June 2015 - 10:50 PM

Windows 8.1 (that's another story for another thread)

MSI i7-4700MQ via HDMI through VSX-820 to LG 55LM6700-UA

Logitech K400 wireless KB/touchpad

8GB RAM

1 TB HD

Firefox 38.0.5

Chrome Browser v?? (gotta clean it up first, used to use it before infection and cleaning was such a problem)

IE 11 (never, ever use it)

 

I read through a couple of threads about the yourtv.link "infection".  (It doesn't come up in the local search bar but found the thread via privatelee search) Unfortunately, the most recent and complete analysis of this topic (see user FerretLaw) was left hanging as the user became frustrated with being unable to effectively use the browser due to the infection and in the last place said he/she would just restore the system and never posted again.  That was June 2, 2015 and the topic is locked so I am posting here to try to get more help on this invasive little bugger. Please find and read through that post before continuing and we'll all be on the same page and not have to repeat the unhelpful processes. My symptoms are very similar except I can fix Firefox if only temporarily.

 

First, I am not a novice but would not consider myself an expert as I do not invest the time required to keep up with all of the changes.  So, I have tried all of the valid "cleaners" and "anti-whatevers" (my fav Malwarebytes) and they either find nothing or supposedly clean up the infection only for it to return.

 

This friggn' yourtv.link completely kills Chrome browser whereby clicking on a Chrome icon or shortcut brings up the User Account Control.  Answering "Yes" tries to execute the program once and fails with no message whatsoever while answering "No" simply leaves the user in an endless loop of UAC requests.  Killing the UAC process in Task Manager forces the UAC window to close and leaves the program (Chrome or UAC - not sure which) to attempt to start possibly hundreds of times in the background.  How do I know you may ask? Keeping the Task Manager open after killing the Consent UI process shows the spinning wheel beside the cursor and periodically the Consent UI process will appear and disappear in the list for about 4 to 5 minutes.  Trying to select and kill the process again when it appears is fruitless. It seems that the process is started and ended quite rapidly and the display happens every X iterations as the Task Manager window updates. 

 

Even though I've done it twice successfully, I have not documented the steps on cleaning and restoring Chrome.  I just "follow my nose" removing the program, renaming config files, etc. and reinstalling until it finally works.  Usually by then I don't even remember why I wanted the GD thing in the first place much less which step was effective in fixing (if only temporarily) the problem.

 

Firefox is easier.  Going to the options and removing the http://yourtv.link from the Homepage, resetting the "Startup: When Firefox starts" to "Show my windows and tabs from last time" and resetting the search to Privatelee HTTPS by re-adding the search engine and making it my default.  This holds until the next computer restart, usually.

 

Now, I'm sure that the "infection" originated from watching some bootleg TV from somewhere.  Maybe RipSink or Nowwatchtvlive.me or some such.  Yes, I have surfed some porn but I don't think it came from there as the first time I saw it was after watching NASCAR on one of the aforementioned servers.

 

So, I use Firefox 99% of the time but like to use Chrome for watching my morning news live feed in full screen so FF is free to browse whatever else
I need.  Also, during my NASCAR I like to have multiple browsers running so I can have, say, live TV in one and in-car audio on the other and control volumes and streams independently.  Thus, I may have Ripsink streaming FOX Sports 1 running in FF and NASCAR Racebuddy in Chrome.  Other than that I use FF almost exclusively.

 

Whaddy think?



BC AdBot (Login to Remove)

 


#2 dariansdad

dariansdad
  • Topic Starter

  • Banned
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 28 June 2015 - 06:31 PM

Update: Even though FF was running fine, after the race was over today, I closed all apps and ran Malwarebytes.  It found two registry entries from yourtv.link and quarantined them.  Then I restarted Windoze. FF was not hijacked this time. But, I've just spent 30 minutes trying to get Chrome back up but to no avail.  I'll probably try again later unless someone responds to this thread and solves the problem. Clicking on the taskbar pinned icon brings up the UAC and you have read that story.  Clicking on the desktop shortcut or the program file in the folder causes Chrome to start for just about one second before closing and bringing up the UAC.

 

Cheers.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users