Author Topic: Yabector-B[adw]  (Read 2820 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Yabector-B[adw]
« on: June 26, 2014, 11:47:10 PM »
Hi guys,

I recently installed avast on my old laptop, and i found 3 occurences of the virus Yabector-B[adw]

i've got 2 questions :
- if it is an adware virus, how can it be tagged as "high severity" ?
- Is that possible to get more information about this virus ?

Thanks in advance !!

Bye


REDACTED

  • Guest
Re: Yabector-B[adw]
« Reply #2 on: June 27, 2014, 11:46:26 AM »
Hi Pondus,

Thanks for your help !
In fact, I had already seen these links. But thank you !
If i understand, Yabector-B doesnt permit someone to take the control of my PC ?

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Yabector-B[adw]
« Reply #3 on: June 27, 2014, 11:53:27 AM »
Payload
Notifies remote web server
When run, the installed component checks for the file "%APPDATA%\Desktopicon\config.ini" and creates it if it does not exist. It creates a section within the configuration data file named "[Shortcut]" with content as in the following example:
 
[Shortcut]
<LocaleString>=<number of times this program has been run>
 
The component then starts a Web browser instance (Internet Explorer) and connects to the domain "adon-demand.de" and sends the above content as a string, as in the following example:
 
adon-demand.de/<path>/?s=<LocaleString>&c=<runcount>
 
Upon visiting the website, the user is then redirected to the online auctioning site "ebay.com".
 
Analysis by Dan Kurc

So, no.

Do you commonly get redirected?
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

REDACTED

  • Guest
Re: Yabector-B[adw]
« Reply #4 on: June 27, 2014, 12:04:17 PM »
Hi Michael,

I dont think so.

Whats the aim of sending the counter ?
adon-demand.de/<path>/?s=<LocaleString>&c=<runcount>

I dont understand :D

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Yabector-B[adw]
« Reply #5 on: June 27, 2014, 12:36:24 PM »
If you want a check .... attach Malwarebytes and OTL diagnostic logs   https://forum.avast.com/index.php?topic=53253.0

When done, a malware expert will check those logs and help you fix/remove any issues he see

Make sure you save OTL log as ANSI (not unicode) or it will look chinese


REDACTED

  • Guest
Re: Yabector-B[adw]
« Reply #6 on: June 27, 2014, 01:25:28 PM »
I have deleted with Avast the files :-/

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Yabector-B[adw]
« Reply #7 on: June 27, 2014, 01:34:01 PM »
I have deleted with Avast the files :-/
I am thinking of leftover files / anything not detected and crap files that need to ve removed


REDACTED

  • Guest
Re: Yabector-B[adw]
« Reply #8 on: June 30, 2014, 01:06:00 PM »
I have deleted with Avast the files :-/
I am thinking of leftover files / anything not detected and crap files that need to ve removed

In other words ?
 :-\