I’m not quite sure what I did but I can no longer get into YAHOO any more (and only Yahoo). Hopefully someone will be able to let me know what I did wrong and how I can correct the problem.
I have the home version of avast! (4.7). I ran it Sunday nite to check for viruses and it came up with two. I deleted 1 as it was a “worm” (WindowsWinHlp32.BMK). It also showed (this time…never had it before) that there was “ad-ware” in one of my program files (NewDotNet) which i tried to move to the chest but it would not let me. I was worried since ad-ware had not shown up in previous scans of this program to delete it so I tracked down the program and deleted it via “add/remove” through the “my computer” (which it did). I also had a previous (memory) virus detected by avast! which i deleted but the icon remained on my desk top (hot_tarts_ca). After doing the above two other things I decided to remove this icon by rite clicking and going “delete” which put it into my recycling bin. I shut the machine down for the nite and when I went to log onto the net the next day I could no longer get to the Yahoo website. Whenever I tried typing www.yahoo.com it would come up saying “this page can not be displayed”.
I did a file search on my comp. with the word “undelete” and it came up with one file called “Yserver” as a text document.
Does anyone know why I’m having problems getting into the Yahoo website and how to solve it.
Please post back to us with any results. If this fails to help, you can try posting a HJT log and someone who is knowledgable can help you deal with the findings.
It also showed (this time.....never had it before) that there was "ad-ware" in one of my program files (NewDotNet) which i tried to move to the chest but it would not let me.
A lot of new signatures were added recently many adware and spyware detections, so that is likely why it has only now been picked up the NEWDOTNET has featured heavily in recent days in the forums.
Check out this topic http://forum.avast.com/index.php?topic=21608.0 and a forum search for NEWDOTNET will also return more info. This however, isn’t selective on just Yahoo but internet connection.
I went to the forum link you gave about NewDotNet. I found it very interesting reading. I am happy to say that I have sucessfully removed NewDotNet from my computer (it was already on this [used] comp. when I bought it. Also deleted another ad-ware program called save.com that was also on here when I got it)
I’m still having problems trying to get onto Yahoo but am now wondering if this was because on IE my default home/start page was www.yahoo.com?
There could be something blocking access to yahoo, What is your firewall ?
You should also check your hosts file C:\Windows\Hosts (no file extension), it can be opened with a text editor like notepad, check and see if there is any line entry for yahoo, if so delete them, save and exit the file.
I don’t have any firewall(s) so that can not be the problem.
I did try the C: Windows\Host as you suggested but could not find any folder containing the word “Host”.
I did find a file that might be causing it. It’s in C: and it’s called “YServer” and it’s a “text” file (doc) 1kb size. I opened it up and it contains mostly alpha/numbers (fffb5b7d fffb58ed WinMain). which gets repeated a few times. It also says "lpCmdLine: ‘/UNREGSERVER’ " and farther along says “nCmdShow: 1$ fffb5b7d fffb58ed leaving WinMain”
I did have YIM on my system which I have since removed after incurring probs trying to connect to anything Yahoo related so I don’t know if this file (YServer) has anything to do with that. I’ll wait to hear your thoughts on this file (YServer.txt) before I do anything.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
The word host is a file in the Windows folder and you may have found it but perhaps not there should be a HOSTS file (see image). You could cut and paste this line into a text file or do a save as in the host file saving it to hostOLD as a backup copy just in case you need to restore it. Now you can edit the host file removing the line and saving the file, reboot and see if that resolves anything.
I have never used YIM or any other IM program so I can’t really offer any advice, other than it may retain your YIM details/preferences perhaps.
I did some more looking around my comp. and I did find that “Host” file you mentioned and it was in “C:”. Mine shows up as a 1kb size file as a “.SAM” type file. When I click on it to open it up it says it needs to know what program I want to use. Which program should I use to open those type of files? (I’ve never heard of “.sam” type files)
Hi “coolguy” :
Thank you for the “reality check,” as they say. Never assume the OS one has in assisting them 