Yahoo Re-direct Rootkit Virus - Iobit Advanced System Care

  RegScriv 21:02 20 Dec 2013

I've been hit three times now by the Yahoo Re-direct Rootkit Virus, each time following the downloading of Iobit's Advanced System Care. There's no way of eradicating it other than a complete overwrite of the HD - thank God for disc imaging tools such as Acronis & Macrium Reflect. I believe it depends on which site ASC is downloaded from. I downloaded from a site which appeared to be the genuine Iobit site. Better I think to download from a CNet or Softonic site. For now, I'm leaving ASC well alone.

  lotvic 22:22 20 Dec 2013

Watch out for 'extras' from

"The Installer securely delivers software from's servers to your computer. During this process, the Installer may offer other free applications provided by our partners. All offers are optional: You are not required to install any additional applications to receive the software you selected. For more information, please refer to our FAQ."

  Woolwell 22:37 20 Dec 2013

I would avoid cnet. There have been reports in this forum of people getting more than they bargained for eg malware.

Why do you want IOBIT's Advanced System Care? Many of these registry cleaners create more problems than they solve. I would only use ccleaner.

  michaelw 08:49 21 Dec 2013

Why do you want IOBIT's Advanced System Care? Many of these registry cleaners create more problems than they solve. I would only use ccleaner.

I've been using ASC for years and it's a good bit of kit. But as always with these cleaners, my advice is to leave the reg cleaner alone.

  RegScriv 10:29 21 Dec 2013

I agree that reg cleaners should not be used and had them switched off when using ASC along with other bits like the defrag.

Any advice on the safest source from which to download ASC. It seems hit & miss & I've downloaded it safely as many times as I've downloaded it & caught this virus.

  RegScriv 14:29 21 Dec 2013

I used your link Jock1e to download ASC & immediately got the Yahoo virus again. Don't know what's going on but that's me finished with ASC for good. As luck would have it I had a Macrium image from yesterday so was able to restore. I wonder if there's some way of informing this site what's happening so that they can fix it.

  rdave13 14:39 21 Dec 2013

RegScriv, I thinks that's wise, I tried from Softonic, just for the heck of it, and Malwarebytes blocked it and removed a load of Pups.

  RegScriv 20:54 21 Dec 2013

I picked up the Yahoo virus just after I'd upgraded from Window 7 to Windows 8.1. Everything was running fine, then I downloaded ASC, along with the Yahoo Re-direct virus. Nothing would get rid of it, not even a complete re-install of Wondows 8.1. As luck would have it, one of the first things I did after upgrading was to take an image using Macrium Reflect. Thank God I did, because reinstating an image it the only way that I've been able to get rid of this awful virus. I understand that it's some form of root kit, whatever it is it gets deep into the system and you can't move it.

  rdave13 21:07 21 Dec 2013

RegScriv , a new campaign by the virus yobs I think. Your AV is useless if you agree to terms and conditions to download a freebie. I don't blame IOBIT's program but I do blame their web developers in allowing what is going on, not only with Iobit, but a lot of others as well. Started with C|Net I believe.

  RegScriv 09:59 22 Dec 2013

Yes, and I use NIS as my AV, supposed to be one of the best. It's not clear on the Iobit site where you're signing up to any TACs, but I guess it's implied when you press the download button.

Any idea why the virus would re-direct to Yahoo? Can't be doing Yahoo any favours.

One hard lesson; ensure you have an up-to-date disc image.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Samsung Galaxy S9 review

Explore Milton Glaser's iconic poster designs from the 1960s to present, including Bob Dylan, I…

What to expect at Apple's 27 March education event

Idées cadeaux pour geeks et tech addicts