Adyield adware

[Armando]

Some time ago I made a thread about a strange problem with my computer and how I got strange error messages that turned into ads on IE.

I recently downloaded a personal (free) firewall that actually identified and stopped the problem. It's something like ad.adyield something something. Now, I understand that it's being prevented by the firewall but is there a way to get rid of the source of the problem altogether?

Any help is appreciated.

[GX1_Man]

Let's here the whole problem, when it started, etc. plus what adware/spyware/virus scanners you have in place, updated and being used regularly. It would be easier to advise then.

[Armando]

Alright, I'll tell you from the beggining.

For a very long time (6 months or so) I was regularly getting "server is busy" error messages every 10 or so minutes which told me something along the lines of "the program cannot open because the server is busy" then It let me choose between a Switch to button and a retry button. The message eventually turned into an ad from ad.adyield. This thing is really annoying as it poped up ALL the time and slowed/froze my computer most times. I got a firewall from Agnitum a month or so ago but my trial ran out (it stopped the problem). Now I have  

[Armando]

OOps clicked enter w/o finishing the message, sorry.

Alright, I'll tell you from the beggining.

For a very long time (6 months or so) I was regularly getting "server is busy" error messages every 10 or so minutes which told me something along the lines of "the program cannot open because the server is busy" then It let me choose between a Switch to button and a retry button. The message eventually turned into an ad from ad.adyield. This thing is really annoying as it poped up ALL the time and slowed/froze my computer most times. I got a firewall from Agnitum a month or so ago but my trial ran out (it stopped the problem). Now I have a firewall from Kerio and it stopped the problem as well. What I want to know is if I can get RID of the problem instead of just stopping it with the firewall.

[Fed]

Download, install & update...
CWShredder
Ad-Aware
Spybot S&D
AVG Free (Set options to 'scan all files')

Turn off System Restore if applicable. (ME & XP users)

Run Disk Clean-Up (Windows)
Run CWShredder
Run Ad-Aware
Run Spybot
Run AVG Free

Re-start in Safe Mode
Re-run AVG Free

For the full text of the above guidelines
http://forum.grisoft.cz/freeforum/read.php?4,27725,backpage=

[Armando]

Ok I will attempt that tomorrow and let you know if it worked.

Thank you

[Fed]

Thanks, feedback is appreciated here.

[GX1_Man]

After you solve this problem, regular use of these programs can prevent such snafus in the future.

(Editor's note - These are only required on Windows based machines.   )

[Armando]

Well I installed, updated, and ran all the above programs.

I found lots of spyware and adware which was all deleted or fixed. The only problem is that when I ran the AVG, it found viruses and trojans. It deleted the viruses but it said the trojans (dialer 23) couldn't be removed or fixed because they were part of a file.

What should I do?

[GX1_Man]

Is this something you can google search for? What about a trojan scanner? A2 comes to mind. Ewido?

[Armando]

Quoted from the info. on the actual AVG:

Trojan horse Dialer is a group of Trojan horse viruses which is known by dialing different international telephone numbers via PC modem. These telephone numbers are usually connected to warez and *censored* sites, or sites with cracks for commercial software.
To prevent this, it is recommended to set High security level in your Internet browser, which means to deny automatic installing of ActiveX components and different plugins, or completely disable scripting function. Also it is possible to deny international calls from the internet connection line and calls with non-standard rate.

Following marks may show Dialer presence on the computer:
- new, unknown icon appears in systray
- differently looking internet connection window
- strange windows that ask if you want to connect to internet or dial a number

All Dialers in common dial different number that a default one for the Internet connection, the change is visible in the dialog for internet connection dialup, or the original number is dialed, then Dialer hangs up this connection and dials another (its own) number. This can e recognized on an external modem by the LED diods. Connection indicator in Systray is not reliable in this case."

[Fed]

I had a dialer a long time back, I didn't find out about it until I got my phone bill.
I rang the phone company & told them I didn't know anyone in the non descript country they said I'd been calling.
The first thing the woman said to me was, "Do you have kids"?  

I'm very surprised the above programs didn't remove it, sometimes they need to be run in safe mode & more than once.

Try Ewido.

[GX1_Man]

Quoted from the info. on the actual AVG:

Trojan horse Dialer is a group of Trojan horse viruses which is known by dialing different international telephone numbers via PC modem. These telephone numbers are usually connected to warez and *censored* sites, or sites with cracks for commercial software.
To prevent this,.....

Don't use those sites either?

[Armando]

lol, that could be a good idea, even though I have no idea what a "warez" site is.

Anyway, I installed, updated, and ran ewido and it found and deleted over 125 infected files.

Should I run AVG again or run all the programs I installed again?

[Fed]

I'd re-run them all just to be sure.
Then set up some real time protection.

[Armando]

Fed, should I run them all in regular mode or in safe mode?

[Armando]

Anyone else know?

[Fed]

Normal mode is OK unless they find something they can't delete.

[Armando]

Ok I will do that.

Thank you so much!

[Armando]

Well I turned off my anti-virus and firewall for a min and the problem persists. It is not gone.

I tried everything everyone told me to do...

[Fed]

Start>Settings>Control Panel>Admin Tools>Disable Messenger

[Armando]

What exactly does that do?

[Fed]

It disables the Messenger service.

[GX1_Man]

Fed,

How would you rate Messenger and AIM as source for infestation with internet "critters"?

[Armando]

So then I wouldn't be able to use AIM or messenger?

[GX1_Man]

Maybe not until you get this problem healed. It's OK.

[Fed]

Turning off the messenger service won't stop your virus ridden instant messenger programs from working.
Just find it, stop it, disable it & go for it.
Do these popups appear when you are not connected to your server?

[Fed]

GX1_Man, what better way to send someone a 'present'?

[Armando]

I only get them when I am online and using AIM.

Thing is, if I am online I am using AIM, so it might not have anything to do with my AIM.

(My AIM logs on automatically when I go online)

[GX1_Man]

What ISP are you using? How attached are you to AIM?

[GX1_Man]

GX1_Man, what better way to send someone a 'present'?

No kidding! One must be careful with these things. Did you see my post about AudioGrabber being caught as a trojan by AVG?

[Fed]

So did you stop then disable your messenger service?

[Fed]

Yes I saw that, it may be an AVG oops.  
Then again it could be real too.  
See what Ewido says about it?

[Fed]

These IM programs sure cause some problems.
I know with ICQ if you setup a 3 way chat, one person becomes like a server & gets the other peoples IP#s.
The server person can then send a file that is supposed to be a funny picture but when clicked on appears to do nothing....
The server person then has your IP address & a backdoor installed on your computer.
Too easy.  

I bet AIM is exactly the same.  

[GX1_Man]

I know in Linux there are multiple similar programs - GAIM is one. The advantage is that the way Linux is setup havoc cannot be done to your system. There is no back door to exploit.

[Fed]

I had linux IM program for a while, it was excellent, it could access all other IM programs at the same time.
Can't think of the name now?

[Armando]

I do believe you are thinking of a program called trillian whcih incorporates several messenger programs into one

I actually prefer MSN over all the rest, specially since AIM gave me some viruses.