Hi ! I just get this from Avast, once in a while when I am at my Yahoo email site. Is there anything I can do or is it Yahoo´s problem-issue.
Avast is blocking this, can I do anything to stop it on my end, thanks
Infection Details

URL: htxp://ad.yieldmanager.com/st?ad_type
Process: C:\Program Files (x86)\Internet Explorer…
Infection: HTML:Iframe-inf

http://www.avast.com/en-us/lp-pr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_pre_80_0&utm_medium=prg_systray&utm_content=.%2Fpaid%2Fen-us%2Fvirus-alert-default&p_vir=HTML:Iframe-inf&p_prc=C:\Program%20Files%20(x86)\Internet%20Explorer\IEXPLORE.EXE&p_obj=http://ad.yieldmanager.com/st?ad_type=iframe%26publisher_blob=${RS}|3ddDOGKL0mMk4nfrUh9zwAOSYuqCcFJEWYEAAieT|978500093|REC|1380211073.280575%26cnt=yan%26ad_size=180x150%26site=140464%26section_code=2299088051%26cb=1380211073.280575%26yud=smpv%3D3%26ed%3DzAomdEK4k1NCvIZx6Yq&p_var=.%2Fpaid%2Fen-us%2Fvirus-alert-default&p_elm=7&p_lex=563&p_lid=en-us&p_lng=en&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=3&p_bld=chr2&p_vep=8&p_ves=0&p_vbd=1497&p_hid=83e23412-3b3c-4359-beab-fc6269950939

Thanks!

The threat came up again and was stopped again by Avast, now while I was in gmail on google chrome, not IE, even thou I have IE browser open too.
I did the Avast Browser Clean up, for IE and Chrome, both came up clean…
It´s getting annoying, what can I do?. thanks :-\

Threat keeps coming up and avast blocking it…annoying…any suggestions? Thanks!

Hi,
Let’s check that.

Please download DDS and save it to your Desktop from here:
http://www.bleepingcomputer.com/download/dds/dl/104/

Double click to run the tool, click the Start button.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

Thanks Magna86! Here are the logs…

Hi,

DDS doesn’t show anything problematic. We shall run additional checks:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

---

From DDS I can see more than one DHCP servers. Can you tell me why do you have so many DHCP servers?

TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{4899D237-F5A1-4571-A176-416D6DAFC65F} : NameServer = 0.0.0.0 TCP: Interfaces\{F08E5D67-524B-450C-91DE-C3AD89988A2E} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{F08E5D67-524B-450C-91DE-C3AD89988A2E}\3456E647572797C496E6B603237393 : DHCPNameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{F08E5D67-524B-450C-91DE-C3AD89988A2E}\445454350234F464645454 : DHCPNameServer = 172.16.0.3 8.8.8.8 TCP: Interfaces\{F08E5D67-524B-450C-91DE-C3AD89988A2E}\94E647562736964797 : DHCPNameServer = 200.33.146.193 200.33.146.201 TCP: Interfaces\{F08E5D67-524B-450C-91DE-C3AD89988A2E}\96E66696E6964757D602D6F66796C6 : DHCPNameServer = 10.128.128.128 TCP: Interfaces\{F08E5D67-524B-450C-91DE-C3AD89988A2E}\E45445745414254383 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{F08E5D67-524B-450C-91DE-C3AD89988A2E}\E45445745414258373 : DHCPNameServer = 192.168.1.1

Thanks MAgna68! I have no idea about computers, so I don’t know what a DHCP server is or why I may have so many as you say… anything I should do about this?

Hello,
this alert means that malware is not on your computer, but on the site you are trying to load (htxp://ad.yieldmanager.com/st?ad_type…).

Yes, Tondah, I believe is at the Yahoo site, do you think it could be ads that they have appearing once in awhile?
so there’s nothing I can do about it I guess… I usually have my yahoo email and another yahoo site open all day, as zi check emails and stuff…

jokera, you could use a HOSTS file to block “ad.yieldmanager.com”…

here is a webpage with some information about using a HOSTS file:

http://winhelp2002.mvps.org/hosts.htm

if you used the “firefox” browser along with the “noscript” and “adblock plus” addons, i would think that “adblock plus” also would block “ad.yieldmanger.com”…

if “ad.yieldmanger.com” is blocked, “avast” won’t be flagging any content that is coming from it…

“ad.yieldmanager.com” has a long history of distributing malware… it should be blocked…

@jokera …
i think magna86 is still waiting for that farbar log…read his last reply again

Thanks redwolfe! I’ll read about it and I will try to block it…if I need any help, as I am pretty much computer illiterate , I will let you know…

Hi Pondus, yes, I am going to do that, I just been busy working all day and I like to do this type of tests when I am free, in case it takes a long time…I’ll do it on my break…Thanks for the reminder thou!

Hi Magna86! here are the logs… On the FTool there is a botton that says Fix It,should I click on it or wait till you let me know? Thanks!

the fix comes later… he have to see the log first.

OK! thanks Pondus, I will leave the Farbar tool open then till further instructions…

FYI: I am using Yahoo mail and there is no problem at all.

@ jokera

I don't know what a DHCP server is or why I may have so many as you say

DHCP are services [i](usually DHCP are in some separate devices such as routers)[/i] that assign/giving IP addresses. In order for a computer to be visible on the network it must have an assigned IP address.

DHCP are gateway for your computer to network.

DHCPNameServer = 75.75.75.75 75.75.76.76
DHCPNameServer = 192.168.0.1 205.171.2.25
DHCPNameServer = 172.16.0.3 8.8.8.8
DHCPNameServer = 200.33.146.193 200.33.146.201
DHCPNameServer = 10.128.128.128
DHCPNameServer = 192.168.0.1
DHCPNameServer = 192.168.1.1

DHCP with “192.168.0.1” & “192.168.1.1” IP are most likely your modem/router and that’s Ok.
Complains me how is that you have more than one DHCP server (see other non-bold/non-green DHCPNameServer entries).
Probably Ok and these should be legit entries, but this could also be malware related too. How is your computer connected to network?

Anyway I checked the posted logs and there is no indication for malware activity. Your PC is malware free.

In that case, the user Tondah’s well written.

Hi ! I just get this from Avast, once in a while when I am at my Yahoo email site. Is there anything I can do or is it Yahoo´s problem-issue.

But we had to check it out. Users often think that they will notice the malware if their computer is not working properly (slowness, varius bags, errors…etc) or if their AV pop-up warning sign but it is misconceptions. Malware is software as well as any other legit software, but without the graphical interface and it is intended to remain running without your and AV knowledge in secret.

But do the following to clean some non-harmful junk files:

Please download Temp File Cleaner by OldTimer to your desktop

[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Hi Magna68, I did the TFC, it says 2,122.00 mb total files cleaned. But I do not see a log.

RecycleBin emptied: 152998011 bytes
Process complete!
Total Files Cleaned = 2,122.00 mb

I am at the Yahoo email site and so far, no warnings! I hope that’s it…what do you think?

re: DHCPNameServer, this is my laptop and I use it in many places I travel to and it saves the wifi password info, could that be why?

Hi,

I do not require log report from TFC, it’s just advanced temp cleaner utility.

I am at the Yahoo email site and so far, no warnings! I hope that's it...what do you think?

The trigger warnings is likely to be an IP address of the server that hosts some banner-ad or from Yahoo himself that avast had in his database as malicious and therefor you got avast warning. In other words, this could be a FP and yet perhaps some temp or junk file caused the problem. FRST log showed a nice content of temp/catche & junk files. TFC is all cleaned up.

Nevertheless, TFC has wiped more than 2GB (2,122.00 mb) of garbage, is no small thing. Your system and browsering should be running faster now.

DHCPNameServer, this is my laptop and I use it in many places I travel to and it saves the wifi password info, could that be why?

That would explain the entries. :)

Thank you so much Magna86, you fixed my computer, I have not had any warnings since I run the TFC ! yay! You guys are amazing, wonderful work you do here helping everybody, beautiful…

I believe you are totally right since this started happening after I connected to the internet at a restaurant at Denver Airport on my way home.

Anything I can do regarding getting rid of those DHCPNameServers or are they also gone now too?
Grateful… ;D

PS: is it advisable to use the TFC once in awhile to clear temp files?