Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups from yieldx (yieldmanager) can't remove!


  • Please log in to reply

#1
pedro6994

pedro6994

    New Member

  • Member
  • Pip
  • 2 posts
Hi,
Every time I visit torrentspy.com among other sites I get a load of popups from yieldx which links to yieldmanager.com. I have ran cleanup, spywareblaster, spybot search and destroy, avg and adaware but am still getting the same blasted popups.

ewido anti-spyware detects and removes a load of cookies, but if I scan again a few minutes later all the cookies are back again, so I presume another program keeps on replacing the cookies or something.

Firstly here is the ewido log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:29:01 20/08/2006

+ Scan result:



:mozilla.33:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.34:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.35:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.97:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.63:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.64:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.37:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.103:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.104:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.53:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.57:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.91:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.21:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.22:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.23:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.24:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\ombm5pbf.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

And here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 09:34:11, on 20/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154248719921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I would love a fix for this as it is driving me crazy! :whistling:
  • 0

Advertisements


#2
pedro6994

pedro6994

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I have since found that torrentspy installs the following cookies:

ad.yieldmanager.com
ad1.clickhype.com
adbrite.com
revenue.net
shoutwire.com
spikedhumor.com

I have blocked these sites from setting cookies in firefox which seems to have done the trick. Dou you think this is the solution to my problem or is there more I ahould be doing?

Cheers

Peter
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP