30 replies to this topic

[Zepx]

Hi,

after trying all sorts of instructions from a tech, I'm still unable to remove this stubborn spy-ware. It's well hidden and yet there is no true solution to it out there in the net. Even if there is, it's outdated which can't be applied to Vista.

I believed it is necessary to explain everything again from fresh.

First and foremost, the link to my topic as requested by the technician,

http://forums.whatth...er_t100493.html

Before I begin, here are the details of what my browser is:
- Mozilla FireFox 3.0.7 (default browser and 99% what I used for internet activities)
- Internet Explorer 7
- Opera Browser

1. As I hit my blog site, http://zepx.co.cc, I noticed a pop-up ad. As the ad loads, I found it to load several websites such as adserving.adxinteractive.com, ad.yieldmanager.com, www.adoutput.com, ad.mozzi.biz/ all those nonsense ad sites, which I've never even registered myself to them!
2. As my plan was NOT to have any pop up ads for my blog, I decided to read through the source code. To my shock, I found no adcode that should provide pop up ads! The only ad that should be there is googleads and nuffnang.
3. I continue my hunt by finding everything I can to counter this stubborn ad.yieldmanager.com.... yet I could not find a suitable solution to it.
4. I also found out that this pop up ad does not only appear on my blogsite, but some other site as well, it will load up the ad.yieldmanager.com
5. I've tried many things, that include clearing my cookies and etc.
6. I then tried with IE and Opera.
7. I found out that Opera DID NOT display the pop up ads each time I clear my cookies! Instead, IE and Firefox always dispaly these ads as I clear my cookies!
8. I blocked out the permission to store ad.yieldmanager.com cookie. yet again it did not solve anything.
9. I figured it could be my website, so I requested 3-4 people or friends of mine to access my website with their cookies cleared. All of them told me no pop up ads was shown. If you do not believe me, visit my blog. My conclusion brought me to infected spyware as most net users said it was.
9. I went through the thorough instructions by the Technician.
10. Till today it was requested that I posted here.

[Ztruker]

Hi Zepx, read through your arduous malware thread ... lots of work, lots of fixes, no change to the basic ad.yieldmanager.com popup problem, yuck Please try booting to Safe Mode with Networking, then connect to your blog site with FF and see if the popup still occurs.

[Zepx]

Yes it seems to still pop up.

[Ztruker]

Okay. Create a new user account on your system with the same authority as the account you normally use (Control Panel / User Accounts). Logoff your current account and login with the new account. Try FireFox and see if the popup occurs.

[Zepx]

Yes it still does.

[Ztruker]

Looking through your malware thread again, I see a few things that concern me. Can you tell me what they are, other than Limewire, which is a file sharing (P2P)software that accounts for a good percentage of viruses and other malware on computers. If you're still using it, you need to be very, very careful. 2009-02-22 15:43 <DIR> --d----- c:\program files\O2ANGEL 2009-03-08 11:06 <DIR> --d----- c:\program files\LimeWire 2009-03-08 11:06 <DIR> --d----- c:\users\zepx\appdata\roaming\LimeWire 2009-03-08 16:19 <DIR> --d----- c:\program files\Outspark 2009-03-09 08:44 <DIR> --d----- c:\programdata\IJJIGame 2009-03-09 08:44 <DIR> --d----- c:\progra~2\IJJIGame 2009-03-09 08:46 <DIR> --d----- C:\ijji 2009-03-09 08:52 <DIR> --d----- c:\users\zepx\appdata\roaming\Raptr 2009-03-09 08:52 <DIR> --d----- c:\program files\Raptr I'm not a gamer so this may be why none of these are familiar to me.

[Ztruker]

Also, I just realized that ad.yieldmanager.com is a tracking cookie and not a popup window. I'm sure you've looked at this, but just in case: http://www.spywarere...dmanagercom.htm

What Add-ons are you using in FireFox? Are you using Noscript? If not, give it a try.

[Zepx]

Looking through your malware thread again, I see a few things that concern me. Can you tell me what they are, other than Limewire, which is a file sharing (P2P)software that accounts for a good percentage of viruses and other malware on computers. If you're still using it, you need to be very, very careful.

2009-02-22 15:43 <DIR> --d----- c:\program files\O2ANGEL
2009-03-08 11:06 <DIR> --d----- c:\program files\LimeWire
2009-03-08 11:06 <DIR> --d----- c:\users\zepx\appdata\roaming\LimeWire
2009-03-08 16:19 <DIR> --d----- c:\program files\Outspark
2009-03-09 08:44 <DIR> --d----- c:\programdata\IJJIGame
2009-03-09 08:44 <DIR> --d----- c:\progra~2\IJJIGame
2009-03-09 08:46 <DIR> --d----- C:\ijji
2009-03-09 08:52 <DIR> --d----- c:\users\zepx\appdata\roaming\Raptr
2009-03-09 08:52 <DIR> --d----- c:\program files\Raptr

I'm not a gamer so this may be why none of these are familiar to me.

O2angel is an online private server game. O2Jam, Outspark is also a game company, currently installed Project Powder. Ijji Game is also a gaming company, I installed DriftCity, and Raptr just seems to be something like steam.

Just downloaded noscript it works fine to prevent the pop up. However, I still wish to fix it back to default. I've follow spywareremove.com, even downloaded SpyHunter and tried. It seems that nothing fix my problem to prevent ad.yieldmanager to still show it's pop up.

I'm going to attach what I still see even with noscript.

another thing, I noticed that IE no longer shows the ad.yieldmanager pop up. However, my firefox still does!

Edited by Zepx, 29 March 2009 - 01:54 AM.

[Ztruker]

I'm afraid I'm out of ideas so I'll toss these out, see what you think.

• Empty FF cache
• Flush DNS cache - ipconfig /flushdns
• Flush ARP cache - netsh interface ip delete arpcache

[Abydos]

Just throwing my 2 cents in. ad.yieldmanager.com is a sort of Smitfraud variant, and the removal procedure are nearly identical. For this reason, I suggest you post in the malware removal section. The ad usually comes with infected codecs or downloaded videos, if this will help you locate a possible culprit. Regards

[Zepx]

Just throwing my 2 cents in.

ad.yieldmanager.com is a sort of Smitfraud variant, and the removal procedure are nearly identical. For this reason, I suggest
you post in the malware removal section. The ad usually comes with infected codecs or downloaded videos, if this will help you
locate a possible culprit.

Regards

lol but i just redirected here from there! Hm... so what should I do? find out how to remove smitfraud?

[Ztruker]

Abydos, LDTate sent him here from the malware forum. If you read through the malware thread (link in Zepx's first post here) you'll see he's been cleared.

[Abydos]

Well. I might be slightly off here, but the procedure are still the same as removing smitfraud. I should know, as I have had it once myself...It took a good deal of various tools to get the job done, and the rules here prohibit us (the tech-team) and anybody else from using malware removal tools, and even giving in-depth advice regarding malware-removal. I can't see how we should accomplish removing it without Short of finding the program / data containing the original ad. file, and extensive use of file-shredders....*sigh* If it just were a ordinary cookie, it would'nt re-populate itself in the manner that it does. Hence my advice to contact malware removal once again. Cheers

[LDTate]

Zepx, Your topic in the Malware forum is still open. Please follow the instructions I posted for SmitfraudFix

[Zepx]

http://forums.whatth...0493.html&st=30

LDTate says there's no symptom of any kind of problem.