Solved Suspected virus shutting down audio

[Tipiford]

I have several files named yk***.* which I believe to be virus related. If I get rid of the folder yklf my sound is back to normal, but the folder returns in a day or two. I also have two yk62x64.sys files (one in "Windows\System32\DriverStore\FileRepository\" and one in "Windows\winsxs\amd64***") which I can't delete, and which seem to point to a Yukon program which I don't have. These two files cannot be deleted in safe mode. Is there a fix for this persistent problem?

 

[Berkey]

I have several files named yk***.* which I believe to be virus related. If I get rid of the folder yklf my sound is back to normal, but the folder returns in a day or two. I also have two yk62x64.sys files (one in "Windows\System32\DriverStore\FileRepository\" and one in "Windows\winsxs\amd64***") which I can't delete, and which seem to point to a Yukon program which I don't have. These two files cannot be deleted in safe mode. Is there a fix for this persistent problem?

Have you run any scans to determine if they are Malware related? Malwarebytes and AdwCleaner are a couple of great programs to run on demand scans.

If it is a bug, more steps may be needed (there was a recent thread with similar suspected malware, which will require a few more stpes for potential removal. I'll take a alook a link if I find it) But malware can replicate itself much like other malware, so deletion of a file may not take care of the problem. First step would be to identify the issue. Do a scan with either the suggested above or your choice and post back please

 

[Tipiford]

Thanx, So far I have run McAfee and Security Essentials, both of which clean several trojans, but not the yk***.* files or folder (which I have removed manually), but which they all reappear on the next restart. I will run the two programs you mention to see what they discover and will reply with the results.

 

[cyrilhubert]

Sometimes, the best method is reinstall Windows 7 all over again.
It's solved by reinstalling Windows as there is no other way round it.
Backup all data then reinstall.
I did the stupid thing by system restore to factory defaults which were useless.

The system restore will not wipe clean any infection as the malware is already residing in the system and changed your sysconfig and MBR.
The malware will download a lots packed stuffs.
Read this virustotal.com report https://www.virustotal.com/en/file/...040800eaf01ef53214ef9dab53aeff1cff0/analysis/

How to do it? Download MS SysInternal Process Explorer to see what is going on.

It's useless to do any salvaging when the malware is already residing in your system and changed your sysconfig and MBR like using some software that scan your system while adding more trojans,viruses,etc to it especially BackDoors virus.

 

[Tipiford]

Sometimes, the best method is reinstall Windows 7 all over again.

Re-installation is last resort stuff to me, like invasive surgery. If absolutely necessary, I'll do it as I have had to do it a time or two in the past, but with trepidation.
But as of now, I've deleted all yk*.* files and searched the registry for anything "Yukon*.*" (files of a system I don't have and which resided in winsxs and DriverStore which I'm supposing were adding the malware back to the Prefetch folder after each restart), and so far everything is looking good, the volume level is holding steady, so my fingers will stay crossed a for day or three.

 

[cyrilhubert]

Hope you can solve this problem.Whenever you download a new anti whatever make sure you upload and scan it at https://www.virustotal.com to check if it's packed with other malware before running it.

Like this analysis
https://www.virustotal.com/en/file/...b7ce3e5982fdfcba0ebd2bd7b4bc2a64b76/analysis/

And this one packed with one nasty stuff.
https://www.virustotal.com/en/file/...c1cc432ff0f0f38ff4a3314f2604f3554c1/analysis/