cancel
Showing results for 
Search instead for 
Did you mean: 
manuvela
Level 7

C:\Users\*****\AppData\Roaming\Ygevlu\obpou.exe. startup menu included: HKCU:RunOnce .

Jump to solution

Is this the real stinger.exe as said in file description??

The container folder was created on 10-10-2014.

Since then, iexplorer odd behavior and unable to set a startup homepage.

always back to "about:blank", even if set up in internet preferences on control panel.

HKEY_USERS\S-1-5-21-884309652-2622151242-4189872518-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce

"C:\Users\*****\AppData\Roaming\Ygevlu\obpou.exe"

Any help will be appreciate.

Regards.

Manuel Velasco.

0 Kudos
1 Solution

Accepted Solutions
exbrit
Level 21

Re: C:\Users\*****\AppData\Roaming\Ygevlu\obpou.exe. startup menu included: HKCU:RunOnce .

Jump to solution

Assuming you are using the home version of the software I moved this to Malware Discussion > Hoem User Assistance.

I'm guessing this is malware so run a few extra tools such as Adwcleaner, and Malwarebytes Free (see last link below) and note well:

to keep Malwarebytes actually free do not accept the free trial at any stage.

Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers

Consumer Technical Support (alter Country @ top right as needed)

Consumer Customer Service (Accounts, Billing, Registration, etc.)
Anti-Spyware/Malware/Hijacker Tools

5 Replies
exbrit
Level 21

Re: C:\Users\*****\AppData\Roaming\Ygevlu\obpou.exe. startup menu included: HKCU:RunOnce .

Jump to solution

Assuming you are using the home version of the software I moved this to Malware Discussion > Hoem User Assistance.

I'm guessing this is malware so run a few extra tools such as Adwcleaner, and Malwarebytes Free (see last link below) and note well:

to keep Malwarebytes actually free do not accept the free trial at any stage.

Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers

Consumer Technical Support (alter Country @ top right as needed)

Consumer Customer Service (Accounts, Billing, Registration, etc.)
Anti-Spyware/Malware/Hijacker Tools

SafeBoot
Level 21

Re: C:\Users\*****\AppData\Roaming\Ygevlu\obpou.exe. startup menu included: HKCU:RunOnce .

Jump to solution

Impossible to say - where did you get it from? Maybe simply submit it to Virustotal?

Moderator
Moderator

Re: C:\Users\*****\AppData\Roaming\Ygevlu\obpou.exe. startup menu included: HKCU:RunOnce .

Jump to solution

Could you try a Reset of Internet Explorer (iexplore.exe) and post back if home page stays Google or any. If you are able to view the executable in above said Temp directory right click and scan using McAfee or you can upload to VT and see its behavior.

Tier 2.5 Technician
0 Kudos
manuvela
Level 7

Re: C:\Users\*****\AppData\Roaming\Ygevlu\obpou.exe. startup menu included: HKCU:RunOnce .

Jump to solution

thanks you all for your answers...

It seems McAfee SecurityCenter does not solve everything... my mistake...

I took Peter advise and run malwarebytes. Here´s the log.

Detected. Erased. Problem solved.

Thanks you all again from Sevilla, Spain.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/10/2014
Scan Time: 17:55:01
Logfile: log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.16.04
Rootkit Database: v2014.10.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Manuel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294416
Time Elapsed: 11 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Inject, HKU\S-1-5-21-884309652-2622151242-4189872518-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|{EFA1888B-66C9-D81D-FCE2-9BD44681D259}, "C:\Users\Manuel\AppData\Roaming\Ygevlu\obpou.exe", , [1351ca4be3994fe7cc614c8421e0dc24]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Inject, C:\Users\Manuel\AppData\Roaming\Ygevlu\obpou.exe, , [1351ca4be3994fe7cc614c8421e0dc24],

Physical Sectors: 0
(No malicious items detected)


(end)

0 Kudos
exbrit
Level 21

Re: C:\Users\*****\AppData\Roaming\Ygevlu\obpou.exe. startup menu included: HKCU:RunOnce .

Jump to solution

No antivirus is perfect and such things as Malwarebytes for instance are meant to supplement them, never replace them.

You should post that log on Malwarebytes Forum for analysis as we don't analyse them here.

0 Kudos