Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot disable ad.yieldmanager.com pop up. [Moved]


  • Please log in to reply
6 replies to this topic

#1 riklydon

riklydon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 20 June 2009 - 12:55 PM

Hey all

My first time on here. I am using windowsxp/firefox.

I have had ad.yieldmanager pop up on yahoo pages for 5 months and I cannot disable it.

It says it is an st file and an application/octet-stream and gives the option to save/open the file.

I would have a pic of pop up here but I don't know how to do it but there are pics of it all over net.

It is extremely persistent, invasive and very very annoying as I use yahoo mail/games.

To remove it I have tried:

AVG antivirus
Avira antivirus
Adaware
Spybot search&Destroy
Malaware Bytes
Paretologic
Ccleaner
Atfcleaner

I have disabled all cookies on firefox, cleaned all caches on firefox/ccleaner/Atfcleaner, cleared all registries, updated all databases regularly, deleted histories and even removed it manually using regedit and all search tools on xp including hidden files (I did look at dllcache but that was beyond me), disabled startups and basically anything I am capable or can think of. I regularly use Ntregopt to back up registry and use diskkeeper lite and run scans/cleans so as far as I can tell all is ok except for this pop up.




It has me beaten so I hope somebody can help.

I have read the newbie guides and I think I've done everything requested, apologies if not.

Ty all
Riklydon

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 33,468 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:27 AM

Posted 20 June 2009 - 02:05 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum where you can get more immediate assistance.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript


#3 acelsolcier

acelsolcier

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manila , Philippines
  • Local time:04:27 AM

Posted 20 June 2009 - 05:15 PM

Go to Start->Settings->Control Pangel->Security
- Then Turn On Windows Firewall
- Open your browser then click on to Tools located at the upper-right of your browser
- Select Internet Options
- Click on Privacy Tab check the box on Pop-up blocker
- Set the setting to Medium

You mention you used Malware Bytes can you post the log cause sometimes it can be the cause of Malware.

#4 riklydon

riklydon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 20 June 2009 - 06:36 PM

Hi Acelsoldier thankyou for your response, I am no expert with pc's so I'll do my best to answer your post.

I have done as you said but I already had the firewall on and I could not find a medium setting in the options on firefox tools/options.

This could be because I can't find it but in 'content' on tools window for internet options (firefox) I have already blocked all pop ups with the only exception being yahoo for my email accounts and games, should I block this as well? (I play online games but through yahoo as I thought it would be ok on yahoo?)

In privacy in firefox options I have I have unchecked accepting cookies (except yahoo cookie) from any sites and cleared everything except saved pass words, all other sites are blocked

I don't know how to create a log for the malware byte's anti malware so I will need instructions please! Also I only installed it recently in an attempt to remove the pop up.

( I tried avg, uninstalled that and tried antivira which I still have and spybot and Paratelogic so I think I'll have conflicts between them but I've installed them all to try and kill the pop up.)

PS I used to have bittorrent I uninstalled both it and the DNA part of it ( I don't know what that is though) and removed every trace of it I could find from history.

Thankyou for your time and I'm happy to be corrected on mistakes I've made through my ignorance!

Oh and just to make things worse I have a new pop up, exactly the same in design as yield manager pop up, but it is says 'specificclicknet'.

Regards

Riklydon

#5 acelsolcier

acelsolcier

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manila , Philippines
  • Local time:04:27 AM

Posted 21 June 2009 - 01:23 AM

Download Malwarebytes Anti-Malware and save it to your desktop.
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy


* Make sure you are connected to the Internet.
* Double-click on mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

* If an update is found, the program will automatically update itself.
* Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply and exit MBAM.

Notes: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. Click this link to see a list of programs that should be disabled.

Edited by acelsolcier, 21 June 2009 - 01:46 AM.


#6 riklydon

riklydon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 21 June 2009 - 05:34 AM

Hi acel

I uninstalled mozilla firefox after latest pop up and am now using internet explorer and have set it as per instructed in your first post. (medium and pop ups blocked).

I followed your instructions and here is the log.
It looks ok to me?


Scan type: Quick Scan
Objects scanned: 88552
Time elapsed: 15 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 acelsolcier

acelsolcier

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manila , Philippines
  • Local time:04:27 AM

Posted 23 June 2009 - 07:44 PM

Please try a full scan. or download IE8

Edited by acelsolcier, 24 June 2009 - 06:45 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users