i have a motherboard jetway 867AS with sb live onboard sound, it was working with xp then after dl xp service pack it stopped being recognised. there is also a trojan called trojandropper.yat on my drive nothing recognises it except one piece of software which will not remove it, which may be messing my sb up, i have dl the latest drivers, maybe i did this wrong. any ideas

trojandropper.yat this would concern me very much

this is very hard to get rid of .yat Yet Another Trojan

this copy's it'self to multiple places as backups, and installs batch files to check for the trojan, and reload it from a backup if not found.

The main body of the trojan, stays where its installed from.


Click on your Start Menu, and choose Run. In the box, type regedit and click OK.
When RegEdit starts, you will see two panels in the window.
On the Left panel, you will want to click on the box with a + sign, to open a folder. Follow the folder path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\Curr entVersion\RunServices\
and find an item titled Batterieanzeige = 'c:\pathnamehere\server.exe /nomsg'

Its the c:\pathnamehere\setup.exe part you will need to write down or note for a future step below.
Close RegEdit.

Next you must change to dos mode to stop the trojan from running and remove it.
Click Start, and choose Shutdown. Select the option 'Restart computer in MS-DOS mode'.

In dos mode, you will want to delete two files.
The first is the file from the above step. You can do this by typing:
del c:\correctpath\server.exe

Next, you will want to delete the file 'winstart.bat' from c:\windows\.
You can do this simply by typing: del winstart.bat

Last type exit to return to windows.


When windows restarts, you will not be infected.
However there is still some cleanup that should be done.

In c:\windows\ there will be a file with the name y.bat (the y having two dots over it.)
This, as well as wininit.ini can be deleted.
Also, there will be a line in your c:\autoexec.bat which runs the above y.bat file. You will need to remove that line.

you should be done....

it is called trojandropper.yabinder

it is called trojandropper.yabinder

the most i can find on the exact wording are the links below

http://translate.google.com/translate?hl=en&sl=de&u=http://board.protecus.de/showtopic.php%3Fthreadid%3D957&prev=/search%3Fq%3Dtrojandropper.yabinder%26hl%3Den%26lr %3D%26ie%3DUTF-8%26sa%3DN



http://216.239.39.120/translate_c?hl=en&u=http://www.ravantivirus.com/pages/dldupdate.php%3Ftype%3DDaily&prev=/search%3Fq%3Dtrojandropper.yabinder%26hl%3Den%26lr %3D%26ie%3DUTF-8%26sa%3DN



On this one they claim to get rid of it???with there up-date.. read the fine lettering
http://216.239.39.120/translate_c?hl=en&u=http://www.google.de/search%3Fq%3Dcache:tSaMULDeDTYC:www.avp.ch/E/daily.stm%2BYabinder%26hl%3Dde%26ie%3DUTF-8&prev=/search%3Fq%3Dtrojandropper.yabinder%26hl%3Den%26lr %3D%26ie%3DUTF-8%26sa%3DN

thanx, it has been deleted it for now, but i am not sure if some movies i dl have this trojan embeded, if this is possible, is it possible to get rid of an embeded trojan in an mpeg?

i still have no sound and after 2 days this is really frustrating, i like dl music, i have lots of vinyl and i want to dl the equivalent and burn it to cd, i had thought of capturing the vinyl and putting it onto cd, but my l.p.s are abit past it. but when i try to play the songs it wont even play tells me no soundcard. any ideas.

yabinder is not really a trojan itself, but a delivery system for trojans.

Most likely you will need to manually kill it. Which will mean killing the process and tracing it down and deleting it from everywhere it is found. Then you will need to do a manual search in your registry for any occurences of it and then remove those also.

The one problem with it is that there are not many products that will detect it, because by itself it isn't harmful.

i just used a trojan program to rid the program, do not know where to look for remnants