Win32.Load Money and Yandex removal advice please

[wendyseana]

........is unnecessary if it is meant to address the problem I reported on saving stuff to notepad. I think it is my own fault as I have subsequently tried again but this time removed the asterix * from its place before the stop . whereas before I had allowed it to stay there. So now without it I have saved your directions to notepad and can proceed to carry them out. If you agree that is ?

Btw was that sudden shutdown without any warning after inserting that text into OTM to be expected or not ?

Best regards, Wendy

[Juliet]

There was a reboot command script in the OTM log, can you please post
C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Can you proceed with the other directions?

Are you still with me?

[wendyseana]

Hi Juliet, Its been several days since I could check in and am still with you and will proceed with that last suggested direction.

Cheers, Wendy

[wendyseana]

Dear Juliet,
In the period since I last contacted you ie., a several days ago, I have run Spybot every day and the Win32.LoadMoney threat SEEMS to have disappeared - although some registry changes are still taking place- and I wonder whether this is real or not ?

Will still go ahead with the OTM scan and paste the log.

All the best Wendy

[Juliet]

Dear Juliet,
In the period since I last contacted you ie., a several days ago, I have run Spybot every day and the Win32.LoadMoney threat SEEMS to have disappeared - although some registry changes are still taking place- and I wonder whether this is real or not ?

Will still go ahead with the OTM scan and paste the log.

All the best Wendy

Without being able to see any logs, or scan results, I have no idea what registry changes are there.

[wendyseana]

Hi Juliet, Here be that OTM log.


All processes killed
========== FILES ==========
File/Folder C:\Users\gokarna\AppData\Roaming\sweet-page not found.
File/Folder C:\Users\gokarna\AppData\Local\Temp\ose00000.exe not found.
File/Folder C:\Users\gokarna\AppData\Local\Temp\Quarantine.exe not found.
File/Folder C:\Users\gokarna\AppData\Local\Temp\_is76F.exe not found.
File/Folder C:\Users\gokarna\AppData\Roaming\Yandex not found.
File/Folder C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\vb@yandex.ru not found.
File/Folder C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\searchplugins\yqs-barff-yandex.xml not found.
File/Folder C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\vb@yandex.ru not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: gokarna
->Temp folder emptied: 1372 bytes
->Temporary Internet Files folder emptied: 171 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 295453038 bytes
->Google Chrome cache emptied: 16697053 bytes
->Flash cache emptied: 2251 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33298 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18549435 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 38352540 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 352.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 04262014_144732

Files moved on Reboot...
File C:\Users\gokarna\AppData\Local\Temp\etilqs_Yd4NrjxtxC1QCww not found!
File C:\Users\gokarna\AppData\Local\Temp\etilqs_zBg5wxOLa7Pc0NL not found!
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Juliet]

Good deal
Can you give me an update?

[wendyseana]

H Juliet,

Yesterday I saw that contrary to what seemed to be that that awful browser Yandex is still with me and was managing the download of a program. Now this morning I botted up and discover that Yandex has completely hijacked Mozilla . I am scanning with SB as I write and will post result of that re Win32.LoadMoney when I its completed two scans as soon as done.

Is there anything else should I be doing and updating you on because you know I never went through with all your directions after the OTM thing ??

Best regards, Wendy

[wendyseana]

.......as I just discovered trying to circumvent the Mozilla take-over !! For a long while ie., 2 months multiple Chromes have opened at a double click each with an error type message saying it saying :

" Your profile could not be opened correctly. Some features may be unavailable. Please check that the profile exists and that you you have permission to read and write its contents "

I didn't like the sound of that and had no idea what it meant but as I only use Chrome sometimes and have a busy life I didn't get round to following it up and forgot altogether to mention it to you. But I now see that it probably has a lot to do with this TOTAL Yandex invasion ?

I am very apprehensive about what Yandex is capable of doing

[wendyseana]

.....but then I haven't a clue about waht might actually be going on as I can't understand the unauthorised changes it does report. I saved the scan logs just in case you were interested

Talk again soon Juliet, Wendy