Impossible to rid Vista of ad.yieldmanager.com!! Help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by NotGeekEnough, Apr 16, 2008.

  1. NotGeekEnough

    NotGeekEnough Private E-2

    Hi,
    I hope someone can help me with this. IE and FF are both infected with ad.yieldmanager.com. My system is sluggish, runs hot and none of the programs I have run are working to rid me of it. Pages either won't load and re-route me to my gateway search page, or I get a message saying I have connection problems. Mostly, when a page loads, in the boxes where legitimate advertisements usually are I see the message "cannot connect to the server at ad.yieldmanager.com" I think this tells me that something on my system wants to connect there, but I think Vista prevents it from actually doing so. At any rate, I have cleaned my system and followed the instructions and completed the steps you have outlined. Nothing was found and none of the things I did helped. It's still there, hiding as legitimate is my guess. Anyway, I have attached the resulting info for you. Maybe I'm just missing something really basic??? I appreciate any help you can offer me!!! Thank you!!!
    Karyn
     

    Attached Files:

    NotGeekEnough, Apr 16, 2008
    #1
  2. NotGeekEnough

    NotGeekEnough Private E-2

    P.S. I need to add that I did not run Panda, it's not compatible with Vista and I was unable to complete MGTools. Even after telling it to run as administrator, it only wanted to install to my desktop. Would not let me save to C. I had major problems with Spybot S&D, not working properly. It had a mind of its own. Did not adhere to the settings I gave it. It was unstable and I removed it. (That was a chore in itself to completely get rid of it.) One last thing, I get routed to my Gateway search page and it gives me the message: cannot find: http://ad.yieldmanager.com/st?ad_type. My gateway search page is powered by Google?? Thanks and sorry if my original post wasn't clear enough about the steps I have taken. I did follow the cleaning procedure and your related steps before posting. Thanks!
     
    NotGeekEnough, Apr 17, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    That's fine because we did not ask you to. ;)

    You have some of your terminology confused. MGtools does not install to your Destop. It will always install to the same location and that is the root folder of your Windows boot drive which for your is drive C.

    What the READ ME requested is that you save the MGtools.exe file to C:\ which allows the program to run more reliably. If you cannot figure out how to do this, then just download MGtools.exe to your Desktop and run it from there. It will still install to the correct location which is a folder named C:\MGtools

    Then attach the C:\MGlogs.zip file.

    Make sure you have UAC disabled and have rebooted after disabling. And make sure you use Run As Administrator.

    You also need to attach the requested log from SUPERAntiSpyware.
     
    chaslang, Apr 18, 2008
    #3
  4. NotGeekEnough

    NotGeekEnough Private E-2

    Hi
    Thank you so much for taking the time to help! (sorry, I meant download, not install.) At any rate, I believe I did it correctly and have attached the MGLogs.zip file. Again, thank you. I will wait for further instructions. It's getting to the point where I am having a lot of trouble opening any of my mail (aol, yahoo) without being routed to the gateway search page. Have a great day!
    Karyn
     

    Attached Files:

    NotGeekEnough, Apr 18, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still forgot to attach the requested log from SUPERAntiSpyware. Please attach it.

    Note: You put MGtools.exe here. C:\My Download Files\MGtools.exe Which is definitely not where we want it. It ran OK but you should delete the above file now.

    Also right click on the ComboFix program on your Desktop and rename it properly. You named it cf.exe.exe and it should be cf.exe

    I'm not seeing any obvious reasons for your problems. I will give you a few things to do. Some of them will be steps to collect more info.

    First a question! The below were just recently installed
    Code:
    "C:\Program Files\"
DREAMC~2      Apr 12 2008         "Dream Chronicles 2 - The Eternal Maze"
NATALI~1      Apr 12 2008         "Natalie Brooks - Secrets of Treasure House"
    Are you sure these are not related to your problem?

    Uninstall FireFox, then reboot and delete the folders for FireFox. Now download and install the current version of FireFox from: Mozilla Firefox

    If you run Internet Explorer and click Tools and select Manage Addons, do you see anything that looks strange in the addons?

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

    After clicking Fix, exit HJT.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run this: RogueRemover Free Did it find and remove anything?

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 19, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds