Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91913 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

A Stubborn Ad!


  • Please log in to reply
30 replies to this topic

#1 Zepx

Zepx

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 25 March 2009 - 07:18 AM

Hi,

after trying all sorts of instructions from a tech, I'm still unable to remove this stubborn spy-ware. It's well hidden and yet there is no true solution to it out there in the net. Even if there is, it's outdated which can't be applied to Vista.

I believed it is necessary to explain everything again from fresh.

First and foremost, the link to my topic as requested by the technician,

http://forums.whatth...er_t100493.html

Before I begin, here are the details of what my browser is:
- Mozilla FireFox 3.0.7 (default browser and 99% what I used for internet activities)
- Internet Explorer 7
- Opera Browser

1. As I hit my blog site, http://zepx.co.cc, I noticed a pop-up ad. As the ad loads, I found it to load several websites such as adserving.adxinteractive.com, ad.yieldmanager.com, www.adoutput.com, ad.mozzi.biz/ all those nonsense ad sites, which I've never even registered myself to them!
2. As my plan was NOT to have any pop up ads for my blog, I decided to read through the source code. To my shock, I found no adcode that should provide pop up ads! The only ad that should be there is googleads and nuffnang.
3. I continue my hunt by finding everything I can to counter this stubborn ad.yieldmanager.com.... yet I could not find a suitable solution to it.
4. I also found out that this pop up ad does not only appear on my blogsite, but some other site as well, it will load up the ad.yieldmanager.com
5. I've tried many things, that include clearing my cookies and etc.
6. I then tried with IE and Opera.
7. I found out that Opera DID NOT display the pop up ads each time I clear my cookies! Instead, IE and Firefox always dispaly these ads as I clear my cookies!
8. I blocked out the permission to store ad.yieldmanager.com cookie. yet again it did not solve anything.
9. I figured it could be my website, so I requested 3-4 people or friends of mine to access my website with their cookies cleared. All of them told me no pop up ads was shown. If you do not believe me, visit my blog. My conclusion brought me to infected spyware as most net users said it was.
9. I went through the thorough instructions by the Technician.
10. Till today it was requested that I posted here.

    Advertisements

Register to Remove


#2 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,807 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 26 March 2009 - 07:03 PM

Hi Zepx, read through your arduous malware thread ... lots of work, lots of fixes, no change to the basic ad.yieldmanager.com popup problem, yuck :pullhair: Please try booting to Safe Mode with Networking, then connect to your blog site with FF and see if the popup still occurs.

Rich

Artificial intelligence is no match for natural stupidity.


#3 Zepx

Zepx

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 27 March 2009 - 05:45 PM

Yes it seems to still pop up.

#4 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,807 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 27 March 2009 - 06:04 PM

Okay. Create a new user account on your system with the same authority as the account you normally use (Control Panel / User Accounts). Logoff your current account and login with the new account. Try FireFox and see if the popup occurs.

Rich

Artificial intelligence is no match for natural stupidity.


#5 Zepx

Zepx

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 28 March 2009 - 12:15 AM

Yes it still does.

#6 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,807 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 28 March 2009 - 06:18 PM

Looking through your malware thread again, I see a few things that concern me. Can you tell me what they are, other than Limewire, which is a file sharing (P2P)software that accounts for a good percentage of viruses and other malware on computers. If you're still using it, you need to be very, very careful. 2009-02-22 15:43 <DIR> --d----- c:\program files\O2ANGEL 2009-03-08 11:06 <DIR> --d----- c:\program files\LimeWire 2009-03-08 11:06 <DIR> --d----- c:\users\zepx\appdata\roaming\LimeWire 2009-03-08 16:19 <DIR> --d----- c:\program files\Outspark 2009-03-09 08:44 <DIR> --d----- c:\programdata\IJJIGame 2009-03-09 08:44 <DIR> --d----- c:\progra~2\IJJIGame 2009-03-09 08:46 <DIR> --d----- C:\ijji 2009-03-09 08:52 <DIR> --d----- c:\users\zepx\appdata\roaming\Raptr 2009-03-09 08:52 <DIR> --d----- c:\program files\Raptr I'm not a gamer so this may be why none of these are familiar to me.

Rich

Artificial intelligence is no match for natural stupidity.


#7 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,807 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 28 March 2009 - 06:53 PM

Also, I just realized that ad.yieldmanager.com is a tracking cookie and not a popup window. I'm sure you've looked at this, but just in case: http://www.spywarere...dmanagercom.htm

What Add-ons are you using in FireFox? Are you using Noscript? If not, give it a try.

Rich

Artificial intelligence is no match for natural stupidity.


#8 Zepx

Zepx

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 29 March 2009 - 01:06 AM

Looking through your malware thread again, I see a few things that concern me. Can you tell me what they are, other than Limewire, which is a file sharing (P2P)software that accounts for a good percentage of viruses and other malware on computers. If you're still using it, you need to be very, very careful.

2009-02-22 15:43 <DIR> --d----- c:\program files\O2ANGEL
2009-03-08 11:06 <DIR> --d----- c:\program files\LimeWire
2009-03-08 11:06 <DIR> --d----- c:\users\zepx\appdata\roaming\LimeWire
2009-03-08 16:19 <DIR> --d----- c:\program files\Outspark
2009-03-09 08:44 <DIR> --d----- c:\programdata\IJJIGame
2009-03-09 08:44 <DIR> --d----- c:\progra~2\IJJIGame
2009-03-09 08:46 <DIR> --d----- C:\ijji
2009-03-09 08:52 <DIR> --d----- c:\users\zepx\appdata\roaming\Raptr
2009-03-09 08:52 <DIR> --d----- c:\program files\Raptr

I'm not a gamer so this may be why none of these are familiar to me.


O2angel is an online private server game. O2Jam, Outspark is also a game company, currently installed Project Powder. Ijji Game is also a gaming company, I installed DriftCity, and Raptr just seems to be something like steam.

Just downloaded noscript it works fine to prevent the pop up. However, I still wish to fix it back to default. I've follow spywareremove.com, even downloaded SpyHunter and tried. It seems that nothing fix my problem to prevent ad.yieldmanager to still show it's pop up.

I'm going to attach what I still see even with noscript.

another thing, I noticed that IE no longer shows the ad.yieldmanager pop up. However, my firefox still does!

Posted Image

Edited by Zepx, 29 March 2009 - 01:54 AM.


#9 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,807 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 29 March 2009 - 07:32 PM

I'm afraid I'm out of ideas so I'll toss these out, see what you think.
  • Empty FF cache
  • Flush DNS cache - ipconfig /flushdns
  • Flush ARP cache - netsh interface ip delete arpcache

Rich

Artificial intelligence is no match for natural stupidity.


#10 Abydos

Abydos

    WTT Tech Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 1,736 posts

Posted 30 March 2009 - 04:45 AM

Just throwing my 2 cents in. ad.yieldmanager.com is a sort of Smitfraud variant, and the removal procedure are nearly identical. For this reason, I suggest you post in the malware removal section. The ad usually comes with infected codecs or downloaded videos, if this will help you locate a possible culprit. Regards

Abydos

Asking for Technical Help


Preventing Malware Slow PC? Recovery Console!

"I am not young enough to know everything" - Oscar Wilde

    Advertisements

Register to Remove


#11 Zepx

Zepx

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 30 March 2009 - 04:52 AM

Just throwing my 2 cents in.

ad.yieldmanager.com is a sort of Smitfraud variant, and the removal procedure are nearly identical. For this reason, I suggest
you post in the malware removal section. The ad usually comes with infected codecs or downloaded videos, if this will help you
locate a possible culprit.

Regards


lol but i just redirected here from there! Hm... so what should I do? find out how to remove smitfraud?

#12 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,807 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 30 March 2009 - 12:23 PM

Abydos, LDTate sent him here from the malware forum. If you read through the malware thread (link in Zepx's first post here) you'll see he's been cleared.

Rich

Artificial intelligence is no match for natural stupidity.


#13 Abydos

Abydos

    WTT Tech Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 1,736 posts

Posted 30 March 2009 - 01:56 PM

Well. I might be slightly off here, but the procedure are still the same as removing smitfraud. I should know, as I have had it once myself...It took a good deal of various tools to get the job done, and the rules here prohibit us (the tech-team) and anybody else from using malware removal tools, and even giving in-depth advice regarding malware-removal. I can't see how we should accomplish removing it without :( Short of finding the program / data containing the original ad. file, and extensive use of file-shredders....*sigh* If it just were a ordinary cookie, it would'nt re-populate itself in the manner that it does. Hence my advice to contact malware removal once again. Cheers B)

Abydos

Asking for Technical Help


Preventing Malware Slow PC? Recovery Console!

"I am not young enough to know everything" - Oscar Wilde


#14 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,172 posts

Posted 30 March 2009 - 04:48 PM

Zepx, Your topic in the Malware forum is still open. Please follow the instructions I posted for SmitfraudFix

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 Zepx

Zepx

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 01 April 2009 - 05:55 AM

http://forums.whatth...0493.html&st=30

LDTate says there's no symptom of any kind of problem.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users