Stale DNS?

For the last four days on certain websites I've been seeing this message...for example on Yahoo, my local news website, etc. I use Chrome 99% of the time, so I tested it on IE and Firefox and have gotten the same statement.

"For example:This webpage is not available.

The webpage at http://ad.yieldmanager.com/st?_PVID...3500/K=WaNzTaoEXF31HoBi3G_d8A/A=6261169/R=0/* might be temporarily down or it may have moved permanently to a new web address.

+ More information on this error"

Strangly this is not appearing on every website and on the same webistes on all three browsers.

I also have a laptop and tested to see if it was an issue with my ISP and everything is working fine on there...thought I didn't install Paint.net or 7-zip on it.

I have installed only two new programs Paint.net (to replace older version, as it kept crashing) and 7-zip as Paint.net has a issue with allowing Al Zip extracting it's files.

Hopefully I am posting this in the correct forum.

I am running Windows Xp. Avast and MalwareBytes which show no malicious items detected. Also ran CC Cleaner.

It was suggested that the DNS Cache might be stale and need to be flushed. I did this and that did not clear up the issue.

I ran HiJackThis and have saved the file in case there might be something showing on there that is the issue.

Any help is greatly appreciated and if I'm in the wrong forum, please direct me to the correct one.

 

LauraR

Thanks for the welcome.

Running a search for ad.yieldmanager now.

All browser are set to now allow third party cookies. I ckecked to make sure those settings didn't get changed somehow.

Will let you know the results of deleting ad.yieldmanager.

I never had this issue before is there a way to prevent this from happening again.

I have both a laptop and a desktop and run them both and it only occurred on the desktop.

Thanks.

 

All three browsers are set to not accept Third party cookies and yieldmanager is blocked.

A search for ad.yieldmanager showed no files found.

So I sent back to the websites that have been showing the issue, so website that I visit often won't even load and if they do I see the statement I posted below.

Actually they are not all ad.yieldmanager connected. I just noticed at the top of each one in very tiny print it states: AdChoice (then there is this tiny symbol to click on to a link...here is where it takes you . It has taken me to doubleclick and other places and seems to be associated with Yahoo.

But I'm also block from going to for example my local news website www.nbc40.net and others and as I stated it's with all three browsers.

 

Try opening a command prompt and entering ipconfig /flushdns

 

Yes, still being blocked from legitimates sites. No problem.

Yes, I have a active Ebay account. I followed your link and the instructions and of course, you have a accept third party cookies. So I went in and allowed that, so I could opt out and am now getting a error message from the opt out that I am block cookies even though I have allowed third party cookies. Grr!

Will send them a email and hopefully they will send a fix asap.

 

This was done already with no results.

 

Is it still the same if you use OpenDNS?

208.67.222.222 and
208.67.220.220

 

Ok...you lost me on that one. lol!

 

You are probably using your ISP's default DNS servers and it's possible they are the problem. As an alternative you could use OpenDNS and you would do this either by configuring your router to use the DNS servers above and setting the adapter to automatic, or you could set the adapter to use manual settings for IP and DNS which will override DHCP.

 

The opt out worked following those instructions but left alot to be desired...tons of advertisements not included like ad.yieldmanger,doubleclick, etc. And sadly it was not the solution to the issue...it is still there and I still can't access websites.

For example here is what I get when I attempt to view my local news site:http://www.nbc40.net



Takes you here: Google Chrome could not connect to www.nbc40.net (and similar message on IE and Firefox)

Then it will allow you to view a cached copy which looks like this...http://webcache.googleusercontent.com/search?q=cache:http://nbc40.net/

And that occurs on many websites.

Thank you so much for your help and patiences.

 

Oh, I see.

But I've had the same ISP for about 12 years...would this suddenly be a issue and causing this kind of problem? As far as I remember it is set to automatic but I could check that out.

 

Just wondering if a corrupt or modified HOSTS file could be involved.

With XP, it's located here:
C:\WINDOWS\system32\drivers\etc

Here you can get MVPS HOSTS file.

 

I've got to leave for work so I'll reply within your reply...it will save me time. Thanks for your help and I'll stop back asap.

I'll download and run SUPERAntiSpyware tonight and if it finds anything will post results there. I will also let you know if it finds anything.

This is just a real puzzle...new had a issue with this pc and strange that it is affecting just the desktop and not the laptop. Grrr!

 

You say this happens in all of your browsers, so unless either your HOSTS file (mjnc #17) or malware is blocking these sites then the problem is external I believe so nothing to lose by trying OpenDNS. If that's no good then Super AntiSpyware as suggested, or MalwareBytesAntiMalware. Update any scanners before going ahead.

 

I disagree that it is a DNS problem with the ISP because this statement was made in the first post.

So the laptop works but the desktop does not. There is a problem with the desktop computer rather than the ISP.

The desktop has problems with two different browsers also so it isn't an IE or a FF problem.

 

Still happening in all three browsers.

I ran Super AntiSpyware and MalwareBytes again and they both came back with zero infections.

I ran Avast and zero infections.

How do I go about doing the OpenDNS?

This has been almost five days and about ready to throw pc over the balcony.

Would uninstalling the browsers fixed the issue? Or is not related at all?

 

plodr has pointed out something I just missed - that it's only your PC with this problem, and that your laptop is OK. If that is the case it isn't DNS related and trying alternative servers isn't going to help.

 

Re: Unhappy Update

Grrr!

Today I could not get online.

Went through the usually routine. Called to see if there was a issue in our area. No.

Turn off router. Reset for 10 seconds. Turned back on. Lights came back on but the DSL light did not. Net step is always...pull the router from it's life source, so I unplugged from wall and shut the computer down. Walked away for 10 minutes and put everything back on. DSL light did not come back on.

Call internet provider. 45 minutes later. That issue was fixed and I mentioned the issue what has been discussed on here. Very nice man and he said, I can take a peak if you want. Put the pc in safe mode. And type this ___________into the address bar. Low and behold it redirected to a party store. So we tried it on IE and Firefox and the same thing.

He asked about Trojans, Virus, Spyware and Malware all of which have came back clean all week.

He said....sorry but your browsers have been hijacked. I can't help you fixed those from here. You need some help with those.

What now?

 

Thank you for all this information. I followed and completed all of it.

TDSSKiller did not show any issues.

My DSL was down today and after speaking with the technician he was attempting to send me to a Verizon site to see if he could take a look on my pc and see the issue. It would not allow me to go instead sending me to a see for party goods. We tried it on all three browsers and was taken to the same place.

He feels all three browsers have been compromised severely despite my diligent daily run of Avast, MalwareBytes and SuperAntiSpyware. These have been showing now infections for many many weeks.

What is the alternative now?

 

Sounds like the HOSTS file to me. mjnc told you how to find it, so open it in Notepad and delete everything other than local host 127.0.0.1. You may need to unhide system files and folders first.

 

Looks like a typo ... now instead of no?

 

Sorry....there have been NO infections showing on Avast, MalwareBytes, or SuperAntiSpyware.


TDSSKiller shows no infection.

Sorry for the typo.

New to opening those files....located it and there are about 6 files in that folder but I'm unsure which one to open in order to find the ones to delete. If you could steer me in the right direction, that would be super.

Thanks in advance.

 

Make sure that you have unticked the option in Windows Explorer to hide extensions for known file types - you need to see them for this. Now you should see just one HOSTS file with no file extension at all. Open that with Notepad and edit it as I said above.

I'm disappearing for a while but others will help with this bit if you get stuck at all.

 

A real quick question and something that I just noticed.

I never noticed this before...and wonder if this is the issue.

I just looked up in the Chrome browsers which I use 99.8% of the time.

I'll use your site for example but it is the same on every site I go on. Not sure if this is the issue or I just never noticed it before.

<snip>


If I right click on the symbol to the left of "forum" it states your sites has not been verified, is not encrypted and when I visited it last.

If you don't see the symbol on your site, I found the info here: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95617

Of course, it could have nothing to do with the issue. I just don't remember seeing that on any site I go to before.

 

OK, back at my post Pls let us know when you have completed the edit of the HOSTS file so we can cross it off.

 

Ok...Grr! Either I'm just furious at this pc and what is going on. Or being a moron. But just went blank on how to even attempt to do this. Went to start and went duh! :-o

LauraRSo sorry about that link....was not my intention.

 

OK, step by step.

Start > All Programs > Accessories > Windows Explorer
Tools > Folder Options > View > Untick Hide Protected Operating System Files and also untick Hide Extensions for Known File Types > OK out
Navigate to C:\Windows\System32\Drivers\etc
Right click hosts (no extension) and Open > Open with > Notepad
Delete every line except 127.0.0.1 localhost
File > Save

Now see if your problems have gone away, and let us know.

 

Fantastic!

Everything appears to be working perfectly. Wow! That was one long list to delete. Thanks for the instructions....not sure why I went blank on that...lol!

One problem is the AdChoice. Still can't get rid of that. I Opt Out yesterday and it's still showing. And ironically the only way to contact the company is to be a member but I see no way of becoming one. Hopefully they aren't part of what caused this issue.

I'll keep an eye on everything and if something looks wacky I'll post back here.

I can't thank all you enough..next round of drinks is on me....

 

Thanks for the update Pearl.... That is one huge black mark for Avast I'm afraid. No one program can protect you from every threat, but protecting the HOSTS file is the first duty of any security program. If you are sure it was up-to-date I would be thinking of using something else.

But really pleased your problem is now sorted

 

LauraR

Thought I'd stop back. The issue seems to be fixed. I've had no more signs of what was going on. I did take a peak in the HOST still only showing the local host.

I did uninstall Avast and installed Avg AntiVirus (Free) it has a great deal more coverage options than Avast offers. The scan showed no infections.




Ultimately, the AdChoice is ebay's fault. They implemented with the default to opt in. I'm not sure why on earth they would think people would want targeted ads. :

This is something you can try since you use Chrome. It's an addon to block ads: https://chrome.google.com/extensions...ibdccddilifddb

I will do that tonight...thanks for that advice. I might resort back to using Firefox. I hate the toolbar though. I have a smaller monitor and it tends to take up more than I like.

It's beta, but everyone here uses adblock plus for Firefox and it's awesome.
__________________

Oh, and another addon you should try: http://www.mywot.com/en/download

It's also available for Chrome. It's based on user feedback and helps with knowing if you should click on a link. It's not perfect, but it helps in this day and age of malware and infected websites.

Again...thanks. I did that right away.

 

That to me is just Bizarre. An antivirus with a decent reputation and also
high marks in the AV-Comparatives test.

Was this Avast 5.0.677 ?
Were the shields turned ON?

I'd like to know. rolleyes
I'm sure many other people would also.

 

https://forum.avast.com/index.php?topic=69225.0
https://forum.avast.com/index.php?topic=64646.0
Cheers..

 

Yes it was version 5.0.677.0 and up to date.
And yes all shields were turned on.

 

Thanks, once more for the info on Firefox. Will do that and see if that makes a difference.

Hmm..never heard of Pale Moon.

Never would have gotten this sorted with the help of all of you.

 

Don't suppose it makes a difference at this point, but isn't the current version Avast 5.1.889? Don't know if they have added monitoring of the hosts file and the tcp reg entries or not.

 

Yes, that is the latest version.
I mentioned 5.0.677 in my post at 1:31 AM, Jan. 14th,
and I see that the 5.1.889 version is dated Jan. 13th.

Guess I need to jog a little quicker.

 

After reading the response in sikvik's second link, I thought the issue might have been addressed since there have been at least a few version updates since Oct. 3rd. After re-reading his first link though, it doesn't seem as if they have.

At least you're jogging forward, I'm going backwards.