ad.yieldmanager.com

[Rex]

Hi,

I'm recieving pop-ups from ad.yieldmanager.com even when
I'm away from my machine and there is no IE open.

I'm not entirely sure if ad.yieldmanager.com exists (I
tried visiting the URL and also Googl'ing it, with zero
results), but I found this URL in the Flash Settings of
the pop-up.

I've run the latest signatures from Ad-Aware and, of
course, Microsoft AntiSpyware.

Thanks for investigating.

-Rex

 

[plun]

Rex presented the following explanation :

yieldmanager

Hi

Searchwords yieldmanager removal

http://www.google.com/search?hl=sv&q=yieldmanager+removal&btnG=Sök&meta=

 

[Guest]

Thanks for the very quick response.

I could not find a direct method of removing
yieldmanager. CWShredder seems not to work for other
people (nor did it work for me).

The solutions that I've read require the yeildmanager
server to be added to a hosts file.

Is there a simpler way to block the ads or remove
reference to yieldmanager?

Thanks again.

 

[plun]

(e-mail address removed) explained on 2005-06-04 :

Thanks for the very quick response.

I could not find a direct method of removing
yieldmanager. CWShredder seems not to work for other
people (nor did it work for me).

The solutions that I've read require the yeildmanager
server to be added to a hosts file.

Is there a simpler way to block the ads or remove
reference to yieldmanager?

Hi

I believe its better to remove this rather then to only block it.
Cant find any good removal instruction.

Start with Basic:

Spybot and Lavasofts Adaware, Spybot first.

http://www.safer-networking.org/en/index.html

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022-10319876.html?tag=list

Also to remove all temporarily junk with this tool:

www.ccleaner.com

Then if above fails go to a Forum for HijackThis logs:

http://www.merijn.org/forums.html

About HijackThis:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

 

[Rex Ahn]

Thanks for your great advice. I will follow it and
update you on my progress.

Thanks again!

-Rex

 

[Rex]

I've run Spybot, Adaware and ccleaner. I still get
browsers popping up out of nowhere from ad.yieldmanager

Is there any progress on MS's end on this?

-Rex

 

[Frank Saunders, MS-MVP IE/OE]

I've run Spybot, Adaware and ccleaner. I still get
browsers popping up out of nowhere from ad.yieldmanager

Is there any progress on MS's end on this?

-Rex

Try running your anti-spyware programs in Safe Mode.

 

[robbiebig]

How do we track down and harm the people responsible for yieldmanager?

 

[blogger45]

ad.yieldmanager.com responsibles

this is what i have done to tyr to determine were ad.yieldmanager.com is hosted




Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\myhome>ping ad.yieldmanager.com

Pinging ad.yieldmanager.com [213.52.227.196] with 32 bytes of data:

Reply from 213.52.227.196: bytes=32 time=76ms TTL=47
Reply from 213.52.227.196: bytes=32 time=68ms TTL=47
Reply from 213.52.227.196: bytes=32 time=70ms TTL=47
Reply from 213.52.227.196: bytes=32 time=70ms TTL=47

Ping statistics for 213.52.227.196:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 76ms, Average = 71ms

C:\Documents and Settings\myhome>tracert ad.yieldmanager.com

Tracing route to ad.yieldmanager.com [213.52.227.196]
over a maximum of 30 hops:

1 5 ms 4 ms 11 ms 10.49.128.1
2 7 ms 25 ms 7 ms g02-pegasus.crs-1.onvol.net [212.56.128.190]
3 28 ms 21 ms 17 ms g01-draco.crs-1.onvol.net [212.56.129.97]
4 46 ms 38 ms 56 ms 217.15.96.213
5 47 ms 37 ms 35 ms ge1-15.73-1.datastream.com.mt [217.15.97.70]
6 * * 57 ms pal5-maltacom-4-mt.pal.seabone.net [195.22.218.121]
7 78 ms 77 ms 76 ms par8-par1-racc1.par.seabone.net [195.22.210.97]
8 87 ms 83 ms 86 ms prs-b1-link.telia.net [213.248.98.105]
9 84 ms 84 ms * prs-bb1-pos6-1-2.telia.net [213.248.65.77]
10 169 ms * * ldn-bb1-pos7-2-0.telia.net [213.248.64.10]
11 * 196 ms 191 ms ldn-b3-pos6-0.telia.net [213.248.65.238]
12 80 ms * * globix-106876-ldn-b3.c.telia.net [213.248.100.166]
13 66 ms 66 ms 65 ms ge-4-2-0-core2.lhr2.globix.net [209.10.12.225]
14 75 ms * 80 ms so-4-1-0.core1.lhr3.globix.net [209.10.11.150]
15 66 ms 75 ms 66 ms v4-edge5-gw3.lhr3.globix.net [209.10.22.5]
16 * * 71 ms 213.52.198.6
17 70 ms 68 ms 76 ms 213.52.227.196

Trace complete.

C:\Documents and Settings\myhome>





http://www.schwarzl.com/ipcheck.html?action=query&ip1=213&ip2=52&ip3=227&ip4=196

Put in the tcp/ip number you are searching for:
Response from whois.ripe.net:
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '213.52.128.0 - 213.52.255.255'

inetnum: 213.52.128.0 - 213.52.255.255
org: ORG-GL5-RIPE
netname: UK-GLOBIX-20001010
descr: Provider
descr: Globix Limited
country: GB
admin-c: DJK15-RIPE
tech-c: ASK33-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: GBIX-RIPE-MNT
mnt-routes: GBIX-RIPE-MNT
source: RIPE # Filtered

organisation: ORG-GL5-RIPE
org-name: Globix Limited
org-type: LIR
address: Globix Limited
Prospect House
80-110 New Oxford Street
London WC1A 1HB
England
phone: +44 20 7611 3000
fax-no: +44 20 7611 3002
e-mail: (e-mail address removed)
admin-c: CL1060-RIPE
admin-c: NB78-RIPE
mnt-ref: GBIX-RIPE-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

person: David Krauth
address: Globix Limited
address: Prospect House
address: 80 - 110 New Oxford Street
address: London. WC1A 1HB
address: UK
phone: +44 20 7908 8000
fax-no: +44 20 7908 8010
e-mail: (e-mail address removed)
nic-hdl: DJK15-RIPE
mnt-by: GBIX-RIPE-MNT
source: RIPE # Filtered

person: Adeel Khan
address: Globix Limited
address: 1 Olivers Yard
address: London
address: EC1Y 1HQ
address: UK
phone: +44 20 7611 3115
fax-no: +44 20 7611 3002
e-mail: (e-mail address removed)
nic-hdl: ASK33-RIPE
remarks: ************************************
remarks: Please send abuse/spam notifications
remarks: to: (e-mail address removed) only.
remarks: ************************************
mnt-by: GBIX-RIPE-MNT
source: RIPE # Filtered


are these people http://www.globix.net/ responsibel for ad.yieldmanager.com spyware?

 

[calikrash]

http://rightmedia.com/categories/Yield-Manager/

 

[mgp37m]

yieldmanager

http://rightmedia.com/categories/Yield-Manager/
Additionally you can contact us through the following methods:
By phone: 212-561-6470

By fax: 212-561-6471

By email (many options):

• General information - (e-mail address removed)
• Advertiser Sales - (e-mail address removed)
• Publisher Sales - (e-mail address removed)
• Account Managers - (e-mail address removed)
• Support - (e-mail address removed)
• Jobs - (e-mail address removed)

 

[mig_29a]

How do I stop this?

 

[Sentho]

ok for the last time get windows live one care or windows defender

Microsoft has updated one care to deal with this

 

[uglynakedguy]

hi mate,
I have spyware doctor with antivirus, and it catches everything, litterally. it also stops the pop-ups from yieldmanager.com.

 

[alphgand]

I like the response from the fellow who asked how could we hurt these people. They have caused so much grief wouldn't it be nice to really HURT them back ?. Sort of a Clint Eastwood "Unforgiven" thing. Club together , get some loot together and send a tired old AA hacker after these web parasites. Bring their severs to their knees and make them beg for mercy Sounds like a good plot line for a film.

 

[1Bruce]

I would like to know how it works then we will have a better chance of hitting back. Sites, even antispyware.com, are using these pop-ups to feedback user preferences Ad.YieldManager , like Wunderloop in Europe, just receive the data and manipulate it for registered buyers. There must be a one or more registry entries or files implanted in our computers which generate the infections found by SpyDoctor, Skybot etc.. Do newly installed systems suffer the same problem?

 

[1Bruce]

this is what i have done to tyr to determine were ad.yieldmanager.com is hosted




Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\myhome>ping ad.yieldmanager.com

Pinging ad.yieldmanager.com [213.52.227.196] with 32 bytes of data:

Reply from 213.52.227.196: bytes=32 time=76ms TTL=47
Reply from 213.52.227.196: bytes=32 time=68ms TTL=47
Reply from 213.52.227.196: bytes=32 time=70ms TTL=47
Reply from 213.52.227.196: bytes=32 time=70ms TTL=47

Ping statistics for 213.52.227.196:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 76ms, Average = 71ms

C:\Documents and Settings\myhome>tracert ad.yieldmanager.com

Tracing route to ad.yieldmanager.com [213.52.227.196]
over a maximum of 30 hops:

1 5 ms 4 ms 11 ms 10.49.128.1
2 7 ms 25 ms 7 ms g02-pegasus.crs-1.onvol.net [212.56.128.190]
3 28 ms 21 ms 17 ms g01-draco.crs-1.onvol.net [212.56.129.97]
4 46 ms 38 ms 56 ms 217.15.96.213
5 47 ms 37 ms 35 ms ge1-15.73-1.datastream.com.mt [217.15.97.70]
6 * * 57 ms pal5-maltacom-4-mt.pal.seabone.net [195.22.218.121]
7 78 ms 77 ms 76 ms par8-par1-racc1.par.seabone.net [195.22.210.97]
8 87 ms 83 ms 86 ms prs-b1-link.telia.net [213.248.98.105]
9 84 ms 84 ms * prs-bb1-pos6-1-2.telia.net [213.248.65.77]
10 169 ms * * ldn-bb1-pos7-2-0.telia.net [213.248.64.10]
11 * 196 ms 191 ms ldn-b3-pos6-0.telia.net [213.248.65.238]
12 80 ms * * globix-106876-ldn-b3.c.telia.net [213.248.100.166]
13 66 ms 66 ms 65 ms ge-4-2-0-core2.lhr2.globix.net [209.10.12.225]
14 75 ms * 80 ms so-4-1-0.core1.lhr3.globix.net [209.10.11.150]
15 66 ms 75 ms 66 ms v4-edge5-gw3.lhr3.globix.net [209.10.22.5]
16 * * 71 ms 213.52.198.6
17 70 ms 68 ms 76 ms 213.52.227.196

Trace complete.

C:\Documents and Settings\myhome>





http://www.schwarzl.com/ipcheck.html?action=query&ip1=213&ip2=52&ip3=227&ip4=196

Put in the tcp/ip number you are searching for:
Response from whois.ripe.net:
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '213.52.128.0 - 213.52.255.255'

inetnum: 213.52.128.0 - 213.52.255.255
org: ORG-GL5-RIPE
netname: UK-GLOBIX-20001010
descr: Provider
descr: Globix Limited
country: GB
admin-c: DJK15-RIPE
tech-c: ASK33-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: GBIX-RIPE-MNT
mnt-routes: GBIX-RIPE-MNT
source: RIPE # Filtered

organisation: ORG-GL5-RIPE
org-name: Globix Limited
org-type: LIR
address: Globix Limited
Prospect House
80-110 New Oxford Street
London WC1A 1HB
England


phone:

 

[DeeprBlue]

RE: Windows Live Removes this adyield

With all due respect, um, No it does not remove this pain in the a** issue.
What Windows Live certainly DOES seem to do is take up UNCANNY amounts of systems resources and hard drive space/memory.

I've been plagued with this stupid ad yield manager issue for months...and I run all of the major spyware removal tools as well as Windows Live.
I've thoroughly read the entire forum here and on Tech Support Forum and it seems to me that this Globix company (laughable to even call them a copmpany) needs to get their a**es whipped! It's SO ANNOYING

 

[rudiedog]

My solution.

Greetings one and all,

I have found a solution in the most unlikely place.. Yahoo toolbar, it comes with CA Anti-spy. Run anti spy, and it will remove the nasty ad.yieldmanager. I then downloaded the trial version of Kasperski Internet Security 2009 and so far I have not had any issues. I think that my LONG battle is finally over. I will say this, ad.yieldmanager is a devil to find and remove. Good luck to all that suffer this affliction as this is a worthy opponent.

 

[angelfire4xx]

"You have chosen to open st" from http://ad.yieldmanager.com This is just a bug on Yahoo, not a virus or anything sinister. It happens when an ad on the Yahoo page doesn't open properly. A lot of people seem to get it when they are using mobile broadband. This type of broadband can change the way a page is rendered. Maybe some people's firewall setups are doing something similar.
I tried the Yahoo toolbar and CA Anti-spy. In my case it didn't help. After tweaking a proposed solution on the Firefox forum, I found the following solution which has worked perfectly for me. (Sorry if you're not a Firefox user, but maybe you can find something similar for your browser.)
Install Adblock Plus Firefox Add-on. Click "cancel" when it offers to install a filter subscription. Go to your Yahoo mail page. Locate empty frame on bottom left, headed "Advertisement". Right-click on there, then click "Adblock frame" > Select "Custom", type http://ad.yieldmanager.com in the box and save. Hey presto no more st download box!