I'm having a great deal of trouble with these two problems. Please help!!
Ad yield manager continually diverts me to a search engine results page when I try to attempt to open my Yahoo email making it impossible to read my email.
Just today started having trouble with Security System appearing in my task bar and with continual pop ups saying my computer is infected with spyware and then attempts to run a antispyware/antivirus program that is not mine. Please help.
I've run KIS 2009 without these problems being detected.
Full Version: security system and ad yield manager
I'm having a great deal of trouble with these two problems. Please help!!
Ad yield manager continually diverts me to a search engine results page when I try to attempt to open my Yahoo email making it impossible to read my email.
Just today started having trouble with Security System appearing in my task bar and with continual pop ups saying my computer is infected with spyware and then attempts to run a antispyware/antivirus program that is not mine. Please help.
I've run KIS 2009 without these problems being detected.
Ad yield manager continually diverts me to a search engine results page when I try to attempt to open my Yahoo email making it impossible to read my email.
Just today started having trouble with Security System appearing in my task bar and with continual pop ups saying my computer is infected with spyware and then attempts to run a antispyware/antivirus program that is not mine. Please help.
I've run KIS 2009 without these problems being detected.
Try the settings for a scan as follows
Settings-Threats and Exclusions-Threats-Settings-Check the box "other malware"
then
Settings-Full Scan-Settings-Additional-Heuristic analysis-deep scan
and the option
Rootkit scan-Deep scan
Then attempt a full scan and see if that helps with detection. The "other malware" category should detect what is actually spyware you have been infected with.
Also once done can you do the following for the experienced people here to look at
Support-Support tools-Create system state report, then once completed, "view" will show the folder you need to upload to the next post here for the team to look at.
Settings-Threats and Exclusions-Threats-Settings-Check the box "other malware"
then
Settings-Full Scan-Settings-Additional-Heuristic analysis-deep scan
and the option
Rootkit scan-Deep scan
Then attempt a full scan and see if that helps with detection. The "other malware" category should detect what is actually spyware you have been infected with.
Also once done can you do the following for the experienced people here to look at
Support-Support tools-Create system state report, then once completed, "view" will show the folder you need to upload to the next post here for the team to look at.
Run this script, instructions linked in pinned topics at top of this forum page, PC will reboot:
After run script, attach a Combofix log, please review and follow these instructions carefully.
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete
scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\Users\Rivera\AppData\Local\Temp\~tmpa.exe','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
DeleteFile('F:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('C:\Users\Rivera\AppData\Local\Temp\~tmpa.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\Users\Rivera\AppData\Local\Temp\~tmpa.exe','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('F:\autorun.inf','');
DeleteFile('F:\autorun.inf');
DeleteFile('D:\autorun.inf');
DeleteFile('C:\Users\Rivera\AppData\Local\Temp\~tmpa.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After run script, attach a Combofix log, please review and follow these instructions carefully.
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete
scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.
i'm sorry RichBuff, I'm not quite sure what you mean by Run script, While I feel comfortable with using computers, I'm not tech savvy enough to know the inner workings so much. Elementary step by step please....
edit:del quote.
edit:del quote.
QUOTE
instructions linked in pinned topics at top of this forum page,
Top of this forum page, three Important topics pinned at top, instructions are linked in the first topic; and the middle topic, if you click it, scroll down a little bit, "How to create and execute..." > "By using the built in..." > "Executing an AVZ script" > those are where the detailed instructions are located.
Hi Richbuff, I executed the script and followed the instructions. See attached Combolog. BTW the problem still exists with my email page being diverted to the search page. The System security problem seems to be gone.
QUOTE(richbuff @ 25.01.2009 02:51) 
Top of this forum page, three Important topics pinned at top, instructions are linked in the first topic; and the middle topic, if you click it, scroll down a little bit, "How to create and execute..." > "By using the built in..." > "Executing an AVZ script" > those are where the detailed instructions are located.
Run this one:
A file called quarantine.zip should be created in C:\. Then please zip up it to a filehost such as http://rapidshare.com/ Then, Private Message me the download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: pause Kaspersky > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok. Restart Kaspersky.
Also, if you use Windows System restore, turn it off > reboot and do a full scan with Kaspersky. Then turn system restore back on, if you wish; this to remove malware
from system volume information files.
Scan with SuperAntiSpyware: http://www.superantispyware.com/ and post it's log, but please don't fix anything until the log is reviewed.
CODE
begin
CreateQurantineArchive('c:\quarantine.zip');
end.
CreateQurantineArchive('c:\quarantine.zip');
end.
A file called quarantine.zip should be created in C:\. Then please zip up it to a filehost such as http://rapidshare.com/ Then, Private Message me the download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: pause Kaspersky > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok. Restart Kaspersky.
Also, if you use Windows System restore, turn it off > reboot and do a full scan with Kaspersky. Then turn system restore back on, if you wish; this to remove malware
from system volume information files.
Scan with SuperAntiSpyware: http://www.superantispyware.com/ and post it's log, but please don't fix anything until the log is reviewed.
I've completed your instructions and will post the log from SuperAntispyware.com.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/26/2009 at 10:54 PM
Application Version : 4.25.1012
Core Rules Database Version : 3730
Trace Rules Database Version: 1700
Scan type : Complete Scan
Total Scan Time : 00:39:13
Memory items scanned : 824
Memory threats detected : 0
Registry items scanned : 7723
Registry threats detected : 0
File items scanned : 31484
File threats detected : 62
Adware.Tracking Cookie
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\rivera@youporn[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\rivera@adtrafficstats[2].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\rivera@virusremover2008-offer[1].txt
.adbrite.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adbrite.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adbrite.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ads.adbrite.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.atdmt.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.doubleclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ads.revsci.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.tribalfusion.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
freecodesource.advertserve.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.statcounter.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.insightexpressai.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.insightexpressai.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.zedo.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
adopt.euroclick.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@atdmt[2].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@ad.yieldmanager[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@richmedia.yahoo[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@interclick[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@questionmarket[2].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@2o7[2].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@insightexpressai[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bravenet[1].txt
edit: del quote.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/26/2009 at 10:54 PM
Application Version : 4.25.1012
Core Rules Database Version : 3730
Trace Rules Database Version: 1700
Scan type : Complete Scan
Total Scan Time : 00:39:13
Memory items scanned : 824
Memory threats detected : 0
Registry items scanned : 7723
Registry threats detected : 0
File items scanned : 31484
File threats detected : 62
Adware.Tracking Cookie
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\rivera@youporn[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\rivera@adtrafficstats[2].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\rivera@virusremover2008-offer[1].txt
.adbrite.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adbrite.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adbrite.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ads.adbrite.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.atdmt.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.doubleclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
ads.revsci.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.specificclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.tribalfusion.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
freecodesource.advertserve.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.fastclick.net [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.statcounter.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.insightexpressai.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.insightexpressai.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.zedo.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adrevolver.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.trafficmp.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
adopt.euroclick.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Rivera\AppData\Roaming\Mozilla\Firefox\Profiles\k04r0ghk.default\cookies.txt ]
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@atdmt[2].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@ad.yieldmanager[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@richmedia.yahoo[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@interclick[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@questionmarket[2].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@2o7[2].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@insightexpressai[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bravenet[1].txt
edit: del quote.
You can delete those, and delete the C:\qoobox\quarantine and C:\quarantine.zip if they are still extant.
Richbuff, I really thought that things had cleared up, but the ad.yield manager problem is still there. I was able to use my email for a little while and then it came back. Help??
QUOTE(CindyR @ 28.01.2009 01:56)
Richbuff, I really thought that things had cleared up, but the ad.yield manager problem is still there. I was able to use my email for a little while and then it came back. Help??
I have attached a new AVZ log as you requested.
Run this script, instructions linked in pinned topics at top of this forum page, PC will reboot:
After run script, attach a fresh, new Combofix log, please review and follow these instructions carefully.
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete
scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('G.exe','');
QuarantineFile('F:\autorun.inf','');
DeleteFile('F:\autorun.inf');
DeleteFile('G.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('G.exe','');
QuarantineFile('F:\autorun.inf','');
DeleteFile('F:\autorun.inf');
DeleteFile('G.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After run script, attach a fresh, new Combofix log, please review and follow these instructions carefully.
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete
scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.
I've done as you've directed, here's the logfile.
edit: del quote.
edit: del quote.
Uninstall Combofix by: pause Kaspersky > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok. Restart Kaspersky.
Also, if you use Windows System restore, turn it off > reboot and do a full scan with Kaspersky. Then turn system restore back on, if you wish; this to remove malware
from system volume information files.
Delete AVZ and combofix quarantine folders if they are still extant, and if you come across them. Post back and confirm Combofix uninstalled, and Windows system restore was turned off, then reboot.
Also, if you use Windows System restore, turn it off > reboot and do a full scan with Kaspersky. Then turn system restore back on, if you wish; this to remove malware
from system volume information files.
Delete AVZ and combofix quarantine folders if they are still extant, and if you come across them. Post back and confirm Combofix uninstalled, and Windows system restore was turned off, then reboot.
Combofix uninstalled, System restore has been turned off, rebooted, Scan done w KIS then System restore turned back on.
Hi Richbuff, I continue to have the same problem with ad yield manager diverting me to a search result page when I check my Yahoo email. see attached AVZ. I've been trying to attach a screen print of the search page but I'm having trouble doing it. Is this a virus or spyware??? Why are we having such a hard time getting rid of i? SuperAntispyware finds and removes it temporarily but it comes right back.
Hi,
What exactly does SAS find? (give the location of the object it detects)
What exactly does SAS find? (give the location of the object it detects)
QUOTE(Baz^^ @ 31.01.2009 02:12)
Hi,
What exactly does SAS find? (give the location of the object it detects)
What exactly does SAS find? (give the location of the object it detects)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/30/2009 at 06:53 PM
Application Version : 4.25.1012
Core Rules Database Version : 3737
Trace Rules Database Version: 1706
Scan type : Complete Scan
Total Scan Time : 00:35:16
Memory items scanned : 788
Memory threats detected : 0
Registry items scanned : 7724
Registry threats detected : 0
File items scanned : 31546
File threats detected : 6
Adware.Tracking Cookie
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@cache.trafficmp[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@ad.yieldmanager[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@trafficmp[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@chitika[1].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@questionmarket[2].txt
C:\Users\Rivera\AppData\Roaming\Microsoft\Windows\Cookies\Low\rivera@insightexpressai[1].txt
All those are are cookies that you're getting from the advertisements, as revealed by the path and by the detection name (Adware.tracking cookie). Those are safe to delete. Advertisers like to remember which ads you've seen. Users usually don't like that. 
QUOTE(B3llit0 @ 31.01.2009 13:36)
All those are are cookies that you're getting from the advertisements, as revealed by the path and by the detection name (Adware.tracking cookie). Those are safe to delete. Advertisers like to remember which ads you've seen. Users usually don't like that.
But I'm getting ad yield manager diverting me away from my Yahoo email. I can't read my email without being hijacked to another page!!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.