Options
YoYo virus- Sony VAIO
HI all, glad I found this forum while searching for answers. My computer has the YoYo virus- although I'm not real sure it IS a virus.
Here's the timeline:
Computer runs XP with 150g HD only approx 10% full, 1mg ram
Slowing down a bit
Update and run AdAware
Update newest version AVG Free- perform a full scan
All scans clean (I'm pretty careful about possible malicious code)
Use computer for 1 day with no problems
Go on vacation 4 days
Return and boot up computer
Freezes in DOS with YoYo (infinity sign) prompt, won't load Windows
Everything I can find on the net suggests this is a boot virus. I can't find anywhere HOW it is acquired. AND I can't find anything definitive about cleaning it. Seems like it had a huge surge in 06 and then just recently, end of March/early April, 07.
My situation is complicated by the fact that I got this computer in exchange for an HP that the repair shop fried instead of upgrading! I have NO documentation, no Recovery disks, nothing. The repair shop went out of business within a week and before they could 'find' the stuff for me. (big surprise) Sony no longer makes Recovery disks for the machine and has been unhelpful.
I THINK that the solution is to slave the current drive to a virgin 40g that I have, boot with a new copy of XP, transfer the data, and then reformat. However this raises some questions:
1. Is there another way to solve without a reformat?
2. Will a reformat really get rid of YoYo?
3. How on earth did I get the dang virus to begin with?
4. And the biggest- how on earth do I do the repairs myself?
While I know the 'theory' behind all of this I have limited experience with the actual manipulations required. I live in a small remote town and am leery to take it to a local repair shop (for obvious reasons).
I appreciate that everyone here is a volunteer! Your time is valuable. Just looking for answers and similar experiences! Any help appreciated!
Thanks in Advance!!:)
Here's the timeline:
Computer runs XP with 150g HD only approx 10% full, 1mg ram
Slowing down a bit
Update and run AdAware
Update newest version AVG Free- perform a full scan
All scans clean (I'm pretty careful about possible malicious code)
Use computer for 1 day with no problems
Go on vacation 4 days
Return and boot up computer
Freezes in DOS with YoYo (infinity sign) prompt, won't load Windows
Everything I can find on the net suggests this is a boot virus. I can't find anywhere HOW it is acquired. AND I can't find anything definitive about cleaning it. Seems like it had a huge surge in 06 and then just recently, end of March/early April, 07.
My situation is complicated by the fact that I got this computer in exchange for an HP that the repair shop fried instead of upgrading! I have NO documentation, no Recovery disks, nothing. The repair shop went out of business within a week and before they could 'find' the stuff for me. (big surprise) Sony no longer makes Recovery disks for the machine and has been unhelpful.
I THINK that the solution is to slave the current drive to a virgin 40g that I have, boot with a new copy of XP, transfer the data, and then reformat. However this raises some questions:
1. Is there another way to solve without a reformat?
2. Will a reformat really get rid of YoYo?
3. How on earth did I get the dang virus to begin with?
4. And the biggest- how on earth do I do the repairs myself?
While I know the 'theory' behind all of this I have limited experience with the actual manipulations required. I live in a small remote town and am leery to take it to a local repair shop (for obvious reasons).
I appreciate that everyone here is a volunteer! Your time is valuable. Just looking for answers and similar experiences! Any help appreciated!
Thanks in Advance!!:)
0
Comments
I hadn't read anything on a Y∞Y∞ boot virus before, and even doing searches related to that character sequence is pretty meaningless. I did check against "YoYo", and cans see the various guesses and mistaken references to things like vague Trend naming for something they found as this supposed boot virus. I am pretty sure those refer to an entirely different infection issue. We can take a look now at our usual diagnostic scans, since being sure on infection in general is a smart choice, but will likely get around to discussing your BIOS and Motherboard more than anything infection related. Do you leave the computer then running the entire time you are gone, and if so, is it set to go into hibernation, or some power setup shutdown sequence?
Please download HijackThis from Here. Then click on the downloaded file to install HijackThis. After it is installed open HijackThis and select Do a system scan and save logfile. Use copy/paste and post that log back here for review.
Also Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your protective software queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here. Here are guidelines for using Silent Runners. You can use separate posts here when replying and posting the log files if needed.
There is another post on this forum also discussing the YoYo virus- same description as mine:
http://icrontic.com/forum/showthread.php?t=55473
And a few other web references describing the same thing:
http://www.computing.net/security/wwwboard/forum/22587.html
http://discuss.extremetech.com/forums/1004304692/ShowPost.aspx
http://forums.techguy.org/malware-removal-hijackthis-logs/434113-serious-virus-problem-yoyo-1271-a.html
I'll keep looking but from what I can distill I will end up reformatting. I would like to know where it came from and how to make sure the infection is entirely gone. I'm waiting to hear back from AVG tech department as well.
Here's McAfee's threat description for what it's worth:
http://vil.nai.com/vil/content/v_113736.htm
I do appreciate your willingness to help. Thank you.
Here's poor Marty, a block-press operator who lost all his family pictures due to a "virus Yoyo.Mp.1271". But Marty recommends you click on any of those security software links, so you won't suffer his sad fate.
And here's Jackson, a commissary production supervisor, who also lost all his photos, but for him it was the nefarious "virus 889". Hey, wait a minute - that's the same guy in the photo!
:thumbsdow Lame as it gets, but feeds the rumor mills. Other than a pathetic come-on to get anyone to land on those pages web surfing for solutions, just another scam for the domain owner to earn $$ hoping you will click those legit software links of his, instead of going to the vendor's sites and downloading their actual trials there.
Since google/yahoo bots do read these forum pages, and their results show in future web searches, let's just go ahead and post some word associations here for them:
curethevirus.info scam
curethevirus.info rip-off
:smiles:
(Please do not actually click on any links on that page, both to keep the scam artist from making anything from that, and the google-ads at the bottom can include other scams like stop-sign and noadware).
This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead