Tech Support Forum Yandex.ru
 Site Map Posting Help Register Rules Search Today's Posts Mark Forums Read Advertise

# Yandex.ru

This is a discussion on Yandex.ru within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I accidentally downloaded myself yandex.ru. I tried to update my sound drivers and then suddenly it was there. My

 11-29-2015, 04:20 AM #1 Registered Member   Join Date: Oct 2008 Location: Tallinn, Estonia Posts: 203 OS: Windows 10 Hi, I accidentally downloaded myself yandex.ru. I tried to update my sound drivers and then suddenly it was there. My bad, I know. But this yandex is now impossible to get rid of! Yeah, I followed every advice in the internet to disable yandex search bar and so on, but my Firefox is still in Russian only, Extermanite It! finds every time again a file called yandex.ru which is impossible to kill even manually and there is nothing I can do. Most of the help on the net tries to explain how to get rid of the yandex search bar which is actually just the tip of the iceberg. I also downloaded AdwCleaner which didn't help me at all. Hence the question - how to get rid of it for real? What am I supposed to do?

 11-30-2015, 12:30 AM #7 Registered Member   Join Date: Oct 2008 Location: Tallinn, Estonia Posts: 203 OS: Windows 10 Here they are: CKScanner 2.5 - Additional Security Risks - These are not necessarily bad c:\games\world_of_tanks\res\audio\objects_ice_crack.fsb c:\program files (x86)\steam\steamapps\common\dying light\dw\data\menu\movies\skills\blueprintsfirecrackers.bik c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\decals\airstripconcretecracks1a_diffuse.crn c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintburned1a_diffuse.crn c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintburned1a_normal.crn c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintwhite1a_diffuse.crn c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintwhite1a_normal.crn c:\program files (x86)\steam\steamapps\common\how to survive\island_06\assets\puit01_\compiled\puit01_crack01.mat c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\sounds\fire_small_crackle_slick_op.ogg c:\program files (x86)\steam\steamapps\common\mountblade warband\sounds\fire_small_crackle_slick_op.ogg c:\program files (x86)\steam\steamapps\common\napoleon total war\data\ui\campaign ui\pips\military-crackdown-repression.tga c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock5_lavacrack.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock5_lavacrack.uasset.z.uncompressed_size c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock6_lavacrack.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock6_lavacrack.uasset.z.uncompressed_size c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock7_lavacrack.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock7_lavacrack.uasset.z.uncompressed_size c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock9_lavacrack.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock9_lavacrack.uasset.z.uncompressed_size c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock_lavacrack_basemic.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock_lavacrack_basemic.uasset.z.uncompressed_size c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock5_lavacrack.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock5_lavacrack.uasset.z.uncompressed_size c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock6_lavacrack.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock6_lavacrack.uasset.z.uncompressed_size c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock7_lavacrack.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock7_lavacrack.uasset.z.uncompressed_size c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock9_lavacrack.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock9_lavacrack.uasset.z.uncompressed_size c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock_lavacrack_basemic.uasset.z c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock_lavacrack_basemic.uasset.z.uncompressed_size scanner sequence 3.ZZ.11.SOAAM0 ----- EOF -----
11-30-2015, 12:59 AM   #8
Security Team
Moderator, Analyst

Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10

Are you running a pirated(illegal) version of DayZ:

Quote:
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015

 11-30-2015, 01:07 AM #9 Registered Member   Join Date: Oct 2008 Location: Tallinn, Estonia Posts: 203 OS: Windows 10 It cannot be! I bought it on Steam! I don't know what to say.
 11-30-2015, 01:09 AM #10 Registered Member   Join Date: Oct 2008 Location: Tallinn, Estonia Posts: 203 OS: Windows 10 Weird - when I check my Download folder, the said folder and this file wont even show up. Could it be, it's some kind of virus or malware concealed as a keygen file?
 11-30-2015, 01:09 AM #11 Security Team Moderator, Analyst Rangemaster, TSF Academy     Join Date: Oct 2007 Location: Georgia Posts: 29,790 OS: XP/Win7/Win10 Someone downloaded the cracktool to your Downloads folder. Are you the only user? __________________ Our services are free, but you may contribute to the author of ComboFix via PayPal Proud member of UNITE Microsoft MVP - Consumer Security 2014, 2015
 11-30-2015, 01:10 AM #12 Registered Member   Join Date: Oct 2008 Location: Tallinn, Estonia Posts: 203 OS: Windows 10 I am the only user of this computer. Noone ever uses it beside me. Does it mean someone hijacked my computer? What is the date of this keygen file? The thing with yandex happened on Saturday, Nov 28.
 11-30-2015, 01:23 AM #13 Security Team Moderator, Analyst Rangemaster, TSF Academy     Join Date: Oct 2007 Location: Georgia Posts: 29,790 OS: XP/Win7/Win10 Hello again, Keefan. Your computer wasn't hijacked, and no, it isn't malware concealed as a keygen file. There is no date as the file no longer appears to be on the machine. Do you still have your license key for DayZ? ------------------------------------------------------ __________________ Our services are free, but you may contribute to the author of ComboFix via PayPal Proud member of UNITE Microsoft MVP - Consumer Security 2014, 2015
 11-30-2015, 02:57 AM #14 Registered Member   Join Date: Oct 2008 Location: Tallinn, Estonia Posts: 203 OS: Windows 10 It doesn't have a cd key. Not in this form at least. When I try to view it on Steam, it is not showing anything. I can find my receipt for paying for it etc., but no key whatsoever. Just googled the thing - some other players are wondering as well and the only answer found on the internet is, that the CD-key is locked to my Steam account (which is Peeter1978, if You want to check it out).
 11-30-2015, 04:34 AM #15 Security Team Moderator, Analyst Rangemaster, TSF Academy     Join Date: Oct 2007 Location: Georgia Posts: 29,790 OS: XP/Win7/Win10 Hello again, Keefan. We'll move on. ------------------------------------------------------ Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper. ------------------------------------------------------ If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution. Back up your files - Windows Help Also, if you haven't done so already, create a system repair disc. It's really easy and quick. How To Create a Windows 7 System Repair Disc [Easy] ------------------------------------------------------ I see you have SpyHunter installed on your system. This application was previously listed as a rogue program because of deceptive advertising. Please read here Although no longer listed as such, we recommend uninstalling it via Programs and Features in your Control Panel and downloading antispyware programs that have proven themselves tried and true. See here for a list of trustworthy antispyware products. If you decide to uninstall it, also delete this Folder if it still exists: C:\Program Files\Enigma Software Group ------------------------------------------------------ CCleaner JetClean We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner or JetClean. Our colleague miekiemoes has an excellent writeup here ------------------------------------------------------ I see you have P2P software ( BitTorrent and eMule ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. A reference for the risk of these programs is here and here I would strongly recommend that you uninstall them. You can do so via Control Panel >> Programs and Features. ------------------------------------------------------Open Notepad (Start > All Programs > Accessories > Notepad). Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste). Save it as fixlist.txt next to FRST64.exe If asked to change 'Encoding:' to 'Unicode:', please agree and save it. NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work. Code: start createrestorepoint: AVG 2014 (Version: 14.0.3614 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden Task: {0D3F368D-D05C-49D1-93B3-7D1D5F287D05} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-11-28] (Enigma Software Group USA, LLC.) Task: {63FC0EE2-4022-48EC-B0C6-ED55760B67D5} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe C:\Program Files (x86)\hide.me VPN Task: {6ACF1C97-40C6-4BD4-AA47-502741FE15EA} - System32\Tasks\id updater task => id-updater.exe Task: {6E59FA48-6F72-4DDD-8722-D61687F533E3} - System32\Tasks\{232E0771-2B33-4F16-8B64-662E93111750} => C:\Users\kasutaja66\Downloads\day_z_keygen\day_z_keygen.exe C:\Users\kasutaja66\Downloads\day_z_keygen Task: {93003542-57F6-4A9D-A7D0-E6E4EC8456D3} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {A55FCF84-C201-4C6F-AC0B-CB928FE64B7A} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit) Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe C:\Program Files (x86)\IObit AlternateDataStreams: C:\Users\kasutaja66:Heroes & Generals AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="" Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\MountPoints2: {71c9595b-f7de-11e0-a8fb-4487fc548dae} - F:\Setup\rsrc\Autorun.exe HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\MountPoints2: {788f14d9-d006-11e2-a411-4487fc548dae} - F:\setup.exe AppInit_DLLs-x32: c:\users\kasutaja66\documents\iterra\jgzaryb.dll => No File HKU\S-1-5-21-2796324459-3983397100-315245851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?win=204&clid=2100767-002 Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx OPR StartupUrls: "hxxp://www.yandex.ru/?win=204&clid=2100767-002" S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] EmptyTemp: end Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version. Click the Fix button just once, and wait. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after the restart. When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply. NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system ------------------------------------------------------ __________________ Our services are free, but you may contribute to the author of ComboFix via PayPal Proud member of UNITE Microsoft MVP - Consumer Security 2014, 2015
 11-30-2015, 06:39 AM #18 Registered Member   Join Date: Oct 2008 Location: Tallinn, Estonia Posts: 203 OS: Windows 10 I don't know if it's gone. Firefox is still in Russian and even when I try to change the language settings, nothing happens, it won't obey. And once more, thank You - I hadn't noticed I still had AVG in my computer. I used it years ago and then for some reason I have forgotten, not anymore. Well, I will now run ComboFix.
 11-30-2015, 08:56 AM #20 Security Team Moderator, Analyst Rangemaster, TSF Academy     Join Date: Oct 2007 Location: Georgia Posts: 29,790 OS: XP/Win7/Win10 Hello again, Keefan. You're very welcome. What language do you want in FF? Sorry, but I have no experience with Exterminate It!, so I can't say. If you haven't already, please uninstall AVG via Programs and Features in your Control Panel. ------------------------------------------------------ Please download AVG Remover and Save it to your Desktop.Close all programs and double-click avg_remover_stf_x64_2015_5501.exe then click Run In Vista/Win7, right-click and choose 'Run as administrator'. Follow the on-screen instructions. Reboot your computer if not prompted already. Then delete avg_remover_stf_x64_2012_1796.exe and the avgremover.log from your desktop. ------------------------------------------------------ It appears your Safe Mode is in need of repair. Please download SafeBootKeyRepair and Save it to your Desktop. Double-click on SafeBootKeyRepair.exe to run it. It will take a few minutes for it to finish running, please be patient. Please post the log it produces at C:\SafeBoot_Repair.txt in your next reply. ------------------------------------------------------ Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix. Open Notepad and copy/paste all the text in the codebox below into Notepad: Code: ClearJavaCache:: Folder:: c:\users\kasutaja66\AppData\Local\Xpom c:\users\kasutaja66\AppData\Local\Nichrome c:\users\kasutaja66\AppData\Roaming\Yandex Driver:: avgwd AVGIDSHA Avgloga Avgmfx64 Avgrkx64 Avgdiska AVGIDSDriver Avgldx64 Save this Notepad file as CFScript.txt to your Desktop and then close the file. Referring to the picture above, drag CFScript onto ComboFix. If you are prompted to update ComboFix and have an internet connection, please choose Yes Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply. Please re-enable your antivirus before posting the ComboFix.txt log. ------------------------------------------------------ __________________ Our services are free, but you may contribute to the author of ComboFix via PayPal Proud member of UNITE Microsoft MVP - Consumer Security 2014, 2015

 Posting Rules You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is on Smilies are on [IMG] code is on HTML code is OffTrackbacks are Off Pingbacks are Off Refbacks are Off Forum Rules

 » Recent Discussions