Need help to remove Cws.Yexe

Welcome to Majorgeeks!

You have more problems than what you stated.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Per step 3 of the READ ME, make sure you uninstall all but one of your antivirus applications.


Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

 

Please attach logs properly as text files. It is actually easier than snapshots of the screen and they are smaller and easier to read too. The snaphot you posted from Panda is of no use to us because it is not a log file that shows the infections found.

Your HJT log is clean! Are you still having any malware problems?

 

It is as plain as the nose on your face. There is a See Report button highlight in Green and then on the next Window a Save Report button.

You can either run a new one, or forget about it if you believe everything is working okay now.

Since you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

There is something I did not notice in one of your earlier logs. Not malware ... but it is a problem. You seemed to have missed the point of step 3 in the READ & RUN ME.

You previously had AVG and Symantec antivirses installed. Now you have AVG and Bitdefender. You must use only one. Decide which one you want and uninstall the other.

Use Windows Explorer to locate the below file and delete it:

C:\WINDOWS\SYSTEM32\vx.tll

Then run only step # 8 in this link: SpySheriff (aka SpywareNo) Removal

Now check a Panda scan to see if it is clean (ignore cookies as they are not really problems and will always be around everytime you surf).

 

You seem to have a new file that Panda picked up this time. Locate and delete the below file:
C:\WINDOWS\SYSTEM32\kernels64.exe


Also have HJT fix the below line which is left over from BitDefender.
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"


You need to get the steps in the below complete ASAP. Especially getting a real firewall installed.

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Not really! This has been there all the way along and we just have not addressed it because what Panda is telling you is not very useful. It gives no indication of what and where it is finding something. In addition it is probably just a benign registry key that is just remaining after all the other cleanup.

We could search the registry for SpySheriff but we may not find anything because some keys do not always use the name of the software. We already tried one registry patch related to SpySheriff but it did not fix the problem. This could be for one of two reasons:
1) the appropriate key Panda is complaining about is not in that patch
2) something is blocking the patch (like SpyCatcher 2006 or similar). You could try the patch again after shutting down all protection programs like this. Did you purchase SpyCatcher? If not, why are you using it?