MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #1  
Old 10-19-05, 20:55
Curtis Curtis is offline
Private E-2
 
Join Date: Oct 2005
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Help removing yieldmanager

So I've performed everything recommended to do in the sticky thread above, including online scans, running all of the programs, etc. I have successfully removed a few spyware threats recognized, however, it seems these damn persistent ad.yieldmanager pop ups are still occuring. From what I've read, I believe this can be removed using Hijack This, so I'm hoping someone can take a look my log and help me out a bit.
Thanks in advanced.
Sponsored links
  #2  
Old 10-19-05, 21:01
Curtis Curtis is offline
Private E-2
 
Join Date: Oct 2005
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Help removing yieldmanager

Here's the log.
Attached Files
File Type: log hijackthis.log (7.6 KB, 5 views)
  #3  
Old 10-19-05, 23:15
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,840 Times in 4,257 Posts
Default Re: Help removing yieldmanager

MessengerPlus3 can (if not extremely careful what you are doing when installing) add all sorts of malware to your PC including a LOP infection. We do not believe sneaky software like this can be trusted. We recommend uninstalling this.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\Program Files\shue\dbtc.exe
C:\WINDOWS\system32\l?gonui.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {295B34E6-AE0C-ABAF-2DF4-A5F8FE90CFC7} - C:\WINDOWS\system32\gjrxiks.dll
O2 - BHO: MPEG Support Dll - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} - C:\WINDOWS\system32\mpegcore.dll
O4 - HKCU\..\Run: [Lmst] "C:\Program Files\shue\dbtc.exe" -vt rbnd
O4 - HKCU\..\Run: [Xmcvbkku] C:\WINDOWS\system32\l?gonui.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\gjrxiks.dll
C:\WINDOWS\system32\mpegcore.dll
C:\Program Files\shue <--- the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
  #4  
Old 10-19-05, 23:50
Curtis Curtis is offline
Private E-2
 
Join Date: Oct 2005
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Help removing yieldmanager

Here's the new log.
I was unable to locate c:\windows\system32\gjrxiks.dll and c:\windows\system32\mpegcore.dll even with show hidden files and folders checked, and hide protected operating system files unchecked, however everything else was removed successfully.

So far, no pop-ups.
I appreciate the help, thanks alot.
Attached Files
File Type: log hijackthis.log (7.1 KB, 1 views)
  #5  
Old 10-19-05, 23:54
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,771
Thanks: 62
Thanked 7,840 Times in 4,257 Posts
Default Re: Help removing yieldmanager

You're welcome! Other than MessengerPlus3, you are clean and should now look at the below:

How to Protect yourself from malware!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Sponsored links
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 07:45.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger