Unable to remove w32/yahlover on business networked computer.

Status
Not open for further replies.
Hi, one of our colleagues has managed to infect his laptop with w32/yahlover. We have the appropriate DAT for Mcafee but the worm disables MC from running. (our network machines have the common framework for mcafee stored locally, and mcshield and the rest are located on our network) Obviously we don't want to connect to the network to try and get Mcafee running, incase others are infected.

Does anyone have any ideas how we can remove it manually? Enabling task manager, cmd, etc?

I've tried copying regedit.exe as regedit.com and opening it and editing it but had no joy.

Any help would be appreciated.

Thanks.
 
Hello and welcome to Techspot.

This is a very serious infection, see HERE.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of danfitz2007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
You can boot into SAFE MODE to get control OR
Programs->Accessories and right-click on Command Prompt to allow Run As ...
select an Admin Login and the proper password.

The command prompt will then be running with ADMIN credentials.

ANYTHING you launch from that command prompt will inherit Admin credentials too, eg:
control
explorer​
 
when ur infected by YahLover virus u can't use control, task manager and command prompt if ur not in safe mode in command prompt so you should remove it only when ur in safe mode command prompt. The problem is when ur infected by other virus aside from YahLover like bRontok which blocks command prompt even in safemode. So u need to remove rontok virus before yahlover.
 
Status
Not open for further replies.
Back