Home & Home OfficeBusinessPartnersClubAbout Security Stronghold

Get rid of Zero day attack and yes[1].exe

Be prepared to find your problem with Zero day attack disappeared and recover yes[1].exe just now!

You can write a message to our support team with the form below. Try to describe your problem in brief and specifically. Thanks to your well-done description our support team will answer all your questions and propose a suitable solution just in several minutes after we receive your enquiry. If you describe your problem with Zero day attack completely enough our assistants will give you a step-by-step recommendation on how to solve it.

Ask your question below and we'll answer you in 10 minutes or even less. Don't forget to check your mailbox!

We'll reply you in 10 minutes or less
* Name:
* E-mail:
* Problem summary:
* Detailed problem
description:
Attach suspicious file:
Here you can attach file you suspect to be virus or source of problem. If you want to attach several files, put them into one archive and attach it instead.

We'll contact you in 10 minutes or less after you click on this button! Individual solution guaranteed!

Notification:

1) Spam is the such annoying thing for us as it is for you. We won't use your email in any ways besides supporting you to solve Zero day attack problems or anything assosiated with them. We'll close your email for any third party and ban off-site access.
2) You should fill all fields in this form for succesful support.

Software Industry Professionals Member
Problem solving service is provided by Security Stronghold company which is member of «Software Industry Professionals». Give us your problem and get back for your solution!

Effective solution is guaranteed

Download FREE Removal Tool

Specification and description of Zero day attack and ways to repair yes[1].exe file

Solve the problem manually

Get free of a problem by downloading automatical solution

Ask a question about Zero day attack and yes[1].exe error

Threat's dossier

Threat indicator: HIGH
 Name of the threat: Zero day attack
Command or file name: yes[1].exe
Threat type: Spyware/trojan
Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista)

Ways for invasion

The ingressed threat makes its copy on your computer and launches Zero day attack system process using the names similar to yes[1].exe or Zero day attack. It initiates a creation of new startup key under the name Zero day attack and value yes[1].exe.

If you need more information about yes[1].exe you should contact to us with the form above .

» Fix yes[1].exe with FREE Removal Tool

Recommended Solution

You may use our quick and easy solution which we developed specially to solve Zero day attack and many other malicious programs. 3329523 malicious programs will be destroyed with the help of Removal Tool. You will forget what are worms, trojans, adware, spyware/trojans, badware/spyware, dialers, hijackers, rats, spyware/adware, viruses, parasites, keyloggers, downloaders and other types of malicious programs. Removal Tool ensures your security and trouble-free work at any time. As a rule anti-virus software can't cope with some malicious programs and you are lost unprotected. On contrary, tool will destroy adware, spyware, rats and viruses easily and quickly. Thanks to this program you are sure for your privacy. All malware becomes harmless when True Sword is installed.

» True Sword Free Download

Manual solution of Zero day attack problem

In order to make progress in getting rid of yes[1].exe manually you should delete all files assosiated with Zero day attack infection, including destruction of its registry keys and invalid DLLs. It is also recommended to delete files with names similar to Zero day attack from startup list. Sometimes Zero day attack can corrupt DLLs that can become a cause of unstability of your Windows. You will have to recover it from distribution to make it work correctly.To get rid of this threat, be assured to follow next points:

1. Destroy the malicious process and all associated files:

no information

Notification: Be careful while deleting anything from system files. This is dangerous to destroy a valid process that can carry result in Windows disfunction. It is a cute trick of malware to hide behind valid files and use some names similar to the ones DLLs use. To escape unpredictable results we suggest you to use Removal Tool to ensure your system.

2. Destroy all assosiated malware:

no information

3. Clean up all infected registry keys and\or values:

  • Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
    Value: jpeg
  • Key: CLSID\{855875B5-93F3-429D-FF34-660B206D897C}
    Value: ThreadingModel
  • Key: SOFTWARE\Classes\CLSID\{855875B5-93F3-429D-FF34-660B206D897C}\InProcServer32
    Value: ThreadingModel
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dcdf22a6.exe
  • Key: Software\Microsoft\Sft
  • Key: CLSID\{31909793-B14A-18FA-1007-0265051CFC2B}\InprocServer32
    Value: ThreadingModel
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\708adabe.exe
  • Key: CLSID\{297A111E-5C7F-2744-37B7-08F8EEF35CC6}\InprocServer32
  • Key: CLSID\{523455E4-ABCD-ABCD-1114-D709ADD3DDAB}\InProcServer32
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: Type
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: Start
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: ErrorControl
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: ImagePath
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: DisplayName
  • Key: System\CurrentControlSet\Services\hide_evr2\Security
    Value: Security
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000\Control
    Value: *NewlyCreated*
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: Service
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: Legacy
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: ConfigFlags
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: Class
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: ClassGUID
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: DeviceDesc
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
    Value: Count
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
    Value: NextInstance
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value: AppInit_DLLs
    Data: e1.dll
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Startup
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Shutdown
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Impersonate
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Asynchronous
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Image
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value: AppInit_DLLs
    Data: e1.dll dpmomspr.dll dminupnp.dll
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: Type
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: Start
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: ErrorControl
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: ImagePath
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: DisplayName
  • Key: System\CurrentControlSet\Services\aspi113210\Security
    Value: Security
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: ObjectName
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000\Control
    Value: *NewlyCreated*
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: Service
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: Legacy
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: ConfigFlags
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: Class
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: ClassGUID
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: DeviceDesc
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
    Value: Count
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
    Value: NextInstance
  • Key: System\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000\Control
    Value: ActiveService
  • Key: Software\Microsoft\swprodte
    Value: RepB
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: ImagePath
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    Value: {855875B5-93F3-429D-FF34-660B206D897C}
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: DllName
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: Startup
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: Shutdown
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: Impersonate
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: Asynchronous
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value: AppInit_DLLs
    Data: dpmomspr.dll dminupnp.dll
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value: AppInit_DLLs
    Data: dpmomspr.dll dminupnp.dll e1.dll
  • Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
    Value: fake
  • Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
    Value: inject
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_HIDE_EVR2\0000\Control
    Value: ActiveService
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: ImagePath
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: DisplayName
  • Key: System\CurrentControlSet\Services\CsdDriver\Security
    Value: Security
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000\Control
    Value: *NewlyCreated*
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: Service
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: Legacy
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: ConfigFlags
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: Class
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: ClassGUID
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: DeviceDesc
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
    Value: Count
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_CSDDRIVER\0000\Control
    Value: ActiveService
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: Type
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: Start
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: ErrorControl

Notification: It is unsafe to make any changes amongst registry entries when you are not sure what to do. It is strongly recommended to keep out of them. You should only delete registry entries using professional guidance. If you use Removal Tool you will have no need in manual changes in Registry.

» Get Removal Tool for FREE

Next threat: »

Learn more about Zero day attack and yes[1].exe »

« Back to catalog

Solution: 3724
Home | Partners | Shop | Support | Contact Us | Privacy Policy | Sitemap

Copyright © 2003-2012 Security Stronghold. All Rights Reserved.