Anyone know about this? It appears in the lower right of the screen when in my Yahoo inbox. It says something like: “ wants to add you to his Online Contacts list on Yahoo Messenger”. It has buttons for “accept” and “decline.” The first time I encountered it I clicked “decline” and got a second “are you sure?” popup. Since then it still appears with a different name and this time I just click the X to close the popup box. It doesn’t happen often but shows up at least once per log-in.
Odd thing is that I’ve only encountered it in my main Yahoo account. I have several other Yahoo mail accounts and I haven’t encountered it in any of them. Avast doesn’t pick up anything when I run a scan.
Recent activity was getting hit by a virus a while back when I didn’t have Avast set on a daily scan (I thought it was a default setting). Avast caught it with the scan but since then there have been intermittent troubles, such as Firefox crashing, and I can’t get into IE at all. I’m running XP on a Dell Inspiron 1521 laptop.
I should also add that I’ve never used Yahoo Messenger, never even enabled it or whatever is done to set it up for use.
Thanks Pondus, just ran MalwareByte and showed nothing. Also ran AdAware and showed nothing either.
This popup only shows up in one of my Yahoo Mail accounts, not the others. It doesn’t appear in my Yahoo account when accessed from two other computers. I don’t even click it off now because I’m afraid it might trigger something, so it remains in the corner of the screen for however long I have Yahoo Mail open.
Here’s the HijackThis logfile. I have no idea how to interpret it…
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:52 PM, on 12/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
I don’t see anything obvious in your log other than your OS is out of date, SP3 has been out for well over a year and your copy of Java is also out of date, both of which leave you more vulnerable.
I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.
I also don’t see a firewall and the XP firewall doesn’t provide outbound protection.
AdAware has long had its day, personally I would get rid of it and replace it with both MABM and SAS.
Have you run SAS yet ?
I don’t know what version of Acrobat PDF Reader you are using but that is another big target for malware, especially if it is out of date.
What were the file names and locations of these files, since the detections look like they are generic (the Gen- bit) detections, it is best to investigate further.
Pondus, I just cleared the temp files and I don’t see the popup!! I clear the temps regularly but hadn’t since running SAS a few hours ago. Perhaps SAS quarantined the offender and clearing the cache prevented a repeat performance.
thanks again to you and David, hopefully this is the last of it…
To me this is the same as spam, somehow your messenger account has got on to a list and this is the equivalent to getting spam email trying to get you do do something likely to get you in trouble as opposed to something actually on your system.
This more so when you say this doesn’t effect your other accounts.
I don’t use ‘any’ messenger service, never saw the need, so excuse my ignorance, but isn’t there a setting for you to automatically deny or even block the pop-up in the message in the first place. If there isn’t I wouldn’t put up with that kind of restriction and possible vulnerability and it would be history, removed from my system and seeking another alternative.
David,
I don’t use Yahoo Messenger or any messenger service either. I’ve never activated or used one. It’s asking to be added to my Yahoo messenger list (which doesn’t exist because I’ve never created one) and wants to add me to “its” Online Contacts list.
It’s gotta be something on this laptop as my PC on the other side of the room can log into the same account and not get the popup. And none of my other Yahoo accounts, viewed on either computer, get the popup.
It can be moved about the screen, I try to move it out of the way so I can read things, but it doesn’t go away unless I click the little X in the corner of it… but I’m reticent to click that X anymore cuz not sure what it’s doing, maybe using my email list to send spam or something.
Can’t find any reference to this on the net. Weird… :-\
So you don’t have messenger installed even though you don’t use it ?
When does this happen and what are you doing at the time ?
It could be a spoof pop-up that if you click add it would carry out alternative actions rather than add to a contacts list.
Here’s the screenshot of the popup. It shows up smaller in the lower right hand corner of the screen but it can be dragged to a larger size, which I did so you can see it better. The first time I saw it I clicked “Decline”, which opened another “are you sure?” popup. After that it appeared on next log-in with a different phony person’s name, and that time I just clicked the “X” and it went away. But now I just leave it there without clicking anything because I’m afraid of what the clicks might be doing.
No, I’ve never activated Yahoo Messenger or used it.
You know, just looking at that screen shot, I just realized… behind it on the left… is a Messenger type of dialogue box. I always assumed Yahoo Messenger was the old way, where it was a separate icon on your desktop that you had to knowingly install. Apparently this is now part of your email package. It has an option on whether you want to be “available” to other people on your Address/contacts list, or “invisible”, i.e. so they don’t know when you’re online. I’ve never really paid attention to this feature other than to have it set on “invisible.” And I’ve never received any instant messages from people on my address/contact list.
I notice it has a Settings feature and when I open it there’s a check box for “Enable connection-related features(Messages, suggestions, updates)” and its checked. I’m going to uncheck it and see what happens.
EDIT: well, that didn’t clear it either, still shows up…
Never having activated yahoo messenger is somewhat different to is it installed ?
I don’t know if simply having it installed but not activated would still have the functionality to allow these pop-ups, so if installed I would suggest if you have no intention of using it that you uninstall it or at least block the pop-ups, one thing I did see was to set it to off-line.
Perhaps there is an email in the mailbox that has this request/function pop-up.
Unfortunately not using yahoo messenger I have zero practical experience of it to offer any practical help.
My major point is that if this is only happening on one account and not the others then it is account related and not on your system. Though it is strange it doesn’t happen if logging on from the other system, you would need to check out any differences between the two.
What happens if you use a different browser the the one in the image, though again with firefox I would have though that you would have less chance of it being browser hijack related, but then theoretically it would happen on the other accounts. It is this inconsistency that is baffling me.
If you aren’t already using the NoScript add-on in firefox I would do so, not that this may be the resolution.
Pondus, yes that’s what I see also, its a box called “chat and mobile text” and I have myself set to “invisible”. I don’t know how to shut it off altogether except for the step where I unchecked that “enable connection-related features”, but the box is still there. And I don’t know if this is the same thing as Yahoo Messenger, which I never used back when it was a feature you could download and install and have as a desktop icon.
David, I can’t try it from another browser because all I have working on this laptop now is Firefox. Got hit by the “superantispyware pro” virus (I forget the name exactly) a few months ago - its the one that gives you endless fake antivirus popups and causes your IE homepage to open to “porno.com”… nice, eh? Ever since corralling that one with Avast, IE is no longer able to access the wireless connection I use (a freebie in the neighborhood that I latch onto), so I can’t check it with IE…
