désinstallation yac

[vincegag]

Bonjour,

J'ai été infecté par Yac et je n'arrive pas à le désintaller. J'ai essayé avec ccleaner, adwcleaner, malwarebytes anti-malware et emsisoft. J'ai aussi essayé de le désinstaller depuis l'explorateur et depuis le panneau de configuration. Tout ça sans aucun résultat.
Quelqu'un a t-il des conseils à partager pour supprimer ce logiciel malveillant ?
Merci de votre aide,

[Malekal_morte]

Salut,


Suis ce tutoriel FRST: https://www.malekal.com/tutorial-farbar ... tool-frst/
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.

[vincegag]

Merci ! Voici les trois liens :
http://pjjoint.malekal.com/files.php?id ... 5c10d12k11
http://pjjoint.malekal.com/files.php?id ... 14d13g1411
http://pjjoint.malekal.com/files.php?id ... p9z13s11x8
Merci encore de votre aide !

[Malekal_morte]

Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutorial-farbar ... -frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
2015-01-12 20:20 - 2015-01-12 20:20 - 00001939 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk
2015-01-12 20:20 - 2015-01-12 20:20 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Elex-tech
2015-01-12 20:20 - 2015-01-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-01-12 20:20 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2015-01-12 20:19 - 2015-01-12 20:19 - 00729280 _____ (Elex do Brasil Participações Ltda) C:\Users\aseli_000\Downloads\yet_another_cleaner_brof.exe


Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur

[vincegag]

J'ai fait l'opération. Voici le contenu du message :
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Vincent at 2015-02-22 20:49:16 Run:1
Running from C:\Users\Vincent\Desktop\désinstallation yac
Loaded Profiles: Vincent (Available profiles: Vincent & aseli_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-12] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
2015-01-12 20:20 - 2015-01-12 20:20 - 00001939 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk
2015-01-12 20:20 - 2015-01-12 20:20 - 00000000 ____D () C:\Users\Vincent\AppData\Roaming\Elex-tech
2015-01-12 20:20 - 2015-01-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-01-12 20:20 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2015-01-12 20:19 - 2015-01-12 20:19 - 00729280 _____ (Elex do Brasil Participações Ltda) C:\Users\aseli_000\Downloads\yet_another_cleaner_brof.exe
*****************

iSafeKrnl => Unable to stop service
iSafeKrnl => Error deleting Service
iSafeKrnlKit => Unable to stop service
iSafeKrnlKit => Error deleting Service
iSafeKrnlMon => Unable to stop service
iSafeKrnlMon => Service deleted successfully.
iSafeKrnlR3 => Unable to stop service
iSafeKrnlR3 => Error deleting Service
iSafeNetFilter => Unable to stop service
iSafeNetFilter => Error deleting Service
C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk => Moved successfully.

"C:\Users\Vincent\AppData\Roaming\Elex-tech" directory move:

Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\preference.ini" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\log\iSafeStarts.log" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\log\iSafeTray.log" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\desk.ini" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\icons\aswBoot_3811390742_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\icons\Avast Free Antivirus_4123289713.ico" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\icons\Avast Free Antivirus_4123289713_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\icons\Avast Free Antivirus_4123289713_48_48.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\0c087c52421859bf15015f72fcf051ee.ico" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\0c087c52421859bf15015f72fcf051ee_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\1735c1d67cb0b84524d4ddf267823ce3_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\1ee5dc284c300f052471945e3e36b668_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\25c1f59f3b5a18f4cf35ea6cb897f980_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\4adb4b83ba7ca8f7af17c1a9b0344310_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\71ffcfe5ca934d41ac4bb3d24cddf61c_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\946163703a4f46466cebdcbf39fdd3e9.ico" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\946163703a4f46466cebdcbf39fdd3e9_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\9a6c404db9564c3b13aa842a066d6843_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\a73eb71bce16c207f32a2bfe112e30b9.ico" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\a73eb71bce16c207f32a2bfe112e30b9_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\b576e1009d55942b11154eccc8c64c2d.ico" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\b576e1009d55942b11154eccc8c64c2d_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\b62a338dbb91dae6895b1810ba83c3d6_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\d8b04e790cb2059f18f43a05251e7820.ico" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\d8b04e790cb2059f18f43a05251e7820_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\da2802dad0fc5c2f45fc425d7844ba15_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\fca1f97bb06728e23f42435f01a75c0b.ico" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\fca1f97bb06728e23f42435f01a75c0b_16_16.png" => Scheduled to move on reboot.
Could not move "C:\Users\Vincent\AppData\Roaming\Elex-tech" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-22 20:51:10)<=

==> ATTENTION: System is not rebooted.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\preference.ini" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\log\iSafeStarts.log" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\log\iSafeTray.log" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\desk.ini" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\icons\aswBoot_3811390742_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\icons\Avast Free Antivirus_4123289713.ico" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\icons\Avast Free Antivirus_4123289713_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\iDesk\icons\Avast Free Antivirus_4123289713_48_48.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\0c087c52421859bf15015f72fcf051ee.ico" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\0c087c52421859bf15015f72fcf051ee_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\1735c1d67cb0b84524d4ddf267823ce3_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\1ee5dc284c300f052471945e3e36b668_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\25c1f59f3b5a18f4cf35ea6cb897f980_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\4adb4b83ba7ca8f7af17c1a9b0344310_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\71ffcfe5ca934d41ac4bb3d24cddf61c_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\946163703a4f46466cebdcbf39fdd3e9.ico" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\946163703a4f46466cebdcbf39fdd3e9_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\9a6c404db9564c3b13aa842a066d6843_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\a73eb71bce16c207f32a2bfe112e30b9.ico" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\a73eb71bce16c207f32a2bfe112e30b9_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\b576e1009d55942b11154eccc8c64c2d.ico" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\b576e1009d55942b11154eccc8c64c2d_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\b62a338dbb91dae6895b1810ba83c3d6_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\d8b04e790cb2059f18f43a05251e7820.ico" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\d8b04e790cb2059f18f43a05251e7820_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\da2802dad0fc5c2f45fc425d7844ba15_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\fca1f97bb06728e23f42435f01a75c0b.ico" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech\YAC\ico\fca1f97bb06728e23f42435f01a75c0b_16_16.png" => File could not move.
"C:\Users\Vincent\AppData\Roaming\Elex-tech" => Directory could not move.

==== End of Fixlog 20:51:13 ====

[Malekal_morte]

il reste quoi comme soucis ?

[angelique]

Télécharge RogueKiller 32 Bits_system > http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe -- ou 64 Bits_System > http://www.sur-la-toile.com/RogueKiller ... lerX64.exe sur ton Bureau
» execute le option suppression apres scan (tout cocher) .... le rapport est sauvé sur ton bureau << poste le et refait la correction fixlist.txt de Malekal

[vincegag]

Merci mais je n'arrive pas à mener le scan à terme. Il plante arrivé à 80 %. Le logiciel YAC reste installé et actif.

[Malekal_morte]

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!


<gras>DESACTIVE LA PROTECTION ANTIVIR DURANT LA PROCEDURE</gras>

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Code : Tout sélectionner

driver::
iSafeKrnl
iSafeKrnlKit
iSafeKrnlMon
iSafeKrnlR3
iSafeNetFilter
folder::
C:\Users\Vincent\AppData\Roaming\Elex-tech 
C:\Program Files (x86)\Elex-tech 
file::
C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk 
C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys 
C:\Users\aseli_000\Downloads\yet_another_cleaner_brof.exe 
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
 C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys
C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
C:\Windows\System32\DRIVERS\iSafeNetFilter.sys

Enregistre ce fichier sous le nom <gras>CFScript</gras>

[*]Fait un glisser/déposer de ce fichier <gras>CFScript</gras> sur le fichier ComboFix.exe

[*]Combofix se lance, laisse toi guider..

[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu sur http://pjjoint.malekal.com/ et donne le lien ici dans un nouveau message.