Ad.yieldmanager.com is a pop-up adware that appears not only Firefox, but also Internet Explorer and Google Chrome. It acts in two different ways, they respectively are:
*Ad.yieldmanager.com keeps randomly popping up, wanting to open or save get-user-id.js from it on Yahoo mail.
*Ad.yieldmanager.com keeps popping up commercial ads during browsing session.
(Here is one of the ads that ad.yieldmanager.com displays)
Does the picture posted here ring a bell? Popup ads like sponsorship and web.longfintuna.net (removal guides for web.longfintuna.net redirect) once popped up the same commercial content, which well explains that ad.yieldmanager.com popup collaborates with other popup ads, including ib.adnxs.com, ads.bluelithium.com and others.
Such popup like ad.yieldmanager.com has been identified as a virus because it generates material interests to its makers by:
*Luring victims to click on the displayed ad from its domain with content catering to victims appetite after gathering information stored in the memory of the target machine.
*Filching confidential data stored on browser as well as the kernel part of the target machine to resell to other spammers.
*Hijacking conversations via video calls.
*Invading log-in credentials to accounts, especially banking account, if any.
*Carrying on fraudulent purchase.
*Making spam mails as a way to collect more information of more people.
Ad.yieldmanager.com popp has long been known to wide range of PC users as a browser malware, however, it makes its way to keep affecting users, and its distribution source is the World Wide Web. By making vicious sites to be searched by Google, utilizing drive-by download, exploiting vulnerability on server, web sites and existing in recommended installation, ad.yieldmanager.com popup manages to affect users easily.
It has been reported by one of its victims that ad.yieldmanager.com popup kept him from using the “back” button to navigate to a prior screen. It is not only annoying but irritating. Victims trying hard to remove ad.yieldmanager.com popup found that Norton 360 claimed to remove the program but its processes and services were still in the task manager; no delete messages were given when trying to delete the cookie from temp cookie files; no indication of ad.yieldmanager.com popup is showing in Control Panel;what’s even worse, the popup virus over rides restore to earlier date, which undoubtedly to post difficulties in removing ad.yieldmanager.com popup. As a matter of fact, ad.yieldmanager.com has make changes to kernel part of a system the moment it displays in-page popup ads on browsers. Such random and arbitrary modification is sufficient enough to form vulnerability which is easily being taken advantage by deadly virus. Thus, with its infiltration goes on, more dysfunctions can be encountered:
*Choppy laggyness happens quite often.
*Executable error messages are popping up when attempts are made to remove ad.yieldmanager.com popup.
*Page loading speed is sliced down significantly.
*More unknown programs are installed onto the computer without permission.
*More popup ads are coming into sight.
Therefore, victims should remove ad.yieldmanager.com popup as soon as possible.
□ Start screen.
□ Type ‘Task’.
□ Hit Process tab.
□ Find and select items related to ad.yieldmanager.com.
□ Press ‘End’ to remove ad.yieldmanager.com popup.
□ Hold Ctrl, Alt and Delete key combination together.
□ Task Manager windows pops up.
□ Hit Process tab.
□ Find and select items related to ad.yieldmanager.com.
□ Press ‘End Process’ to remove ad.yieldmanager.com popup.
Should one encounter error message telling the process you are planning on ending cannot be exterminated, please follow the instructions below:
□ Start screen.
□ Type ‘Task’.
□ Task Manager window appears.
□ Hit View tab.
□ Select ‘Show Kernel Times’/ ‘Select Process Page Columns’.
□ Tick PID (Process Identifier)
> Press OK.
> Find ‘LSASS.exe’ for its image of the User Account which does not belong to system.
> Back to desktop and press Win key and R together.
> Put in ‘CMD’ and press Enter key.
> Type ‘ntsd –c q -p (PID, the number you saw on Task Manager)’ (without quotation marks).
> Press Enter key.
> Hold Ctrl, Alt and Delete key combination together
> Task Manager shows
> Hit View tab.
→ follow the same process as depicted above.
□ Open Internet Explorer.
□ Click on the Tools menu and then select Internet Options.
□ Click on the Advanced tab before clicking on the Restore Defaults button.
□ Press OK
□ Click on the Firefox button.
□ Select Help.
□ Go to Troubleshooting information.
□ Locate a box containing ‘Reset Firefox’ button on the left upper corner of the web page.
□ Choose ‘Customize and Control Google Chrome’ menu.
□ Select ‘Options’.
□ Click ‘Under the Hood’ tab on ‘Options’ window.
□ Click ‘Reset to Defaults’ button.
□ Click on the Tools menu at the top of the Firefox window.
□ Go to Manage Add-ons.
□ Made modification under Extensions tab and Plugins tab respectively.
□ Click on ‘Customize and control’ Google Chrome icon.
□ Select ‘Settings’.
□ Manage ‘Extension’.
□ Select ‘manage search engine’ to make your favorite site as your homepage and search engine should there be any arbitrary changes to the corresponding sections.
□ Go to Tools.
□ Choose ‘Manage Add-ons’.
□ Find and click on something useless including ad.yieldmanager.com popup in ‘Toolbars and Extensions’, ‘Search Providers’ respectively and remove them.
□ Click ‘Disable’/ ‘Remove’ to confirm the removal of selected items including ad.yieldmanager.com popup.
□ Open Mozilla Firefox.
□ Click Tools.
□ Go to Options.
□ Click the Web features button on the left hand side of the Options window.
□ Choose ad.yieldmanager.com and press ‘OK’ to confirm the change.
□ Open Internet Explorer.
□ Click Tools.
□ Choose Options.
□ Select Privacy tab.
□ Locate pop-up Blocker section at the bottom of the Privacy tab.
□ Check “Block pop-ups” option to stop ad.yieldmanager.com popup.
□ Modification in Extension section could have stopped ad.yieldmanager.com popup; if one has Google Toolbar, one can use the free popup blocker offered by the toolbar to stop ad.yieldmanager.com.
□ Open Windows Explorer by clicking on Windows Explorer application from Start Screen.
□ Select View tab on Windows Explorer window.
□ Tick ‘File name extensions’ and ‘Hidden items’ options.
□ Press ‘OK’ to confirm the change.
□ Open ‘Control Panel’ from Start menu.
□ Search for ‘Folder Options’ and hit Enter key.
□ Under View tab to tick ‘Show hidden files and folders and non-tick Hide protected operating system files (Recommended)’.
□ Click ‘OK’ to confirm the change.
□ Click into C Disk.
□ Double click on Temp folder under System 32.
□ Press Ctrl and A key together and release the keys simultaneously after all items are selected.
□ Right click on one of the selected items.
□ When a drop down list shows, press Shift and D key together.
□ A box comes up for confirmation if you want to delete all without putting them in Dustbin.
□ Press Enter key.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
□ Move your mouse over lower right screen.
□ Type ‘regedit’/‘regedit.exe’
□ Hit Enter key.
□ Press Win key and R key together.
□ Type ‘regedit’ (without quotation) in the box.
□ Hit Enter key.
Kindly reminder: Don’t forget to restart the infected computer after doing all the steps shown above and get back into normal mode again to see if ad.yieldmanager.com popup is gone. If error message prompts up after reboot to tell that files cannot be found, it is indicating that some registry keys are still under modification, which can be either made by ad.yieldmanager.com’s leftovers or other items brought in by ad.yieldmanager popup. The same process needs to be done all over again to remove any suspicious items to help its survival.
Tips to prevent ad.yieldmanager.com popup affection:
□ Scan with anti-virus programs or other types of security utilities to find out any patches that need update.
□ Impose restrictions on Apache.
□ Disable banner that shows what is actually running on a target computer; besides, disable ServerSignature and ServerTokens as well.
□ Disable Directory index by opening up terminal before executing the following commands: 1) rm -f /etc/apache2/mods-enabled/autoindex.load; 2) rm -f /etc/apache2/mods-enabled/autoindex.conf.
□ Disable WebDAV, a file access protocol of HTTP, to assure that potential attackers cannot modify files to upload vicious codes by deleting dav, dav_fs and dav_lock files on terminal through commands: 1) rm -f /etc/apache2/mods-enabled/dav.load; 2) rm -f /etc/apache2/mods-enabled/dav_fs.conf; 3) rm -f /etc/apache2/mods-enabled/dav_fs.load; 4) rm -f /etc/apache2/mods-enabled/dav_lock.load.
□ Turn off request from TRACE HTTP to prevent online conversation from being hijacked by navigating the terminal to /etc/apache2/apache2.conf.