How to remove Yelloader

February 15, 2016 on 4:04 pm | In Malware analysis | No Comments

After noticing a certain vbs file being dropped as one of the first during an infection cycle, I decided to go hunting for the file.
Name and location: C:\Windows\TEMPcoral.vbs
With some help from my online friends I found two different copies.

Both files were obfuscated in the same way.
obfuscation
About the simplest way I’ve ever seen, but it may have discouraged some people.

The result of the infection was a set of Clickers, Droppers and Downloaders. Most of which we detect as PUP.Optional.Yelloader.

How do I remove Yelloader?

Visit our forums for detailed instructions. You can also get help there should you need it.

And note that the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Pieter Arntz

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^