Solved

yealt.adware on Firefox - canadianclubkingston.org website

Posted on 2014-04-18
6
393 Views
Last Modified: 2014-04-22
Hi: On my MacBook Pro (OS 10.7.5) with Windows 7 – Parallels Desktop, using Coherence mode, I checked the contents of my update to my website canadianclubkingston.org on Safari.  The website appeared to operate correctly, as I was able to access all of my webpages, with no interference.
However, when I checked the website in Firefox, under my Windows 7 virtual machine, the "yealt survey" pop-up presented itself.  Before doing an Internet search to determine the nature of the potential malware, I stepped through the survey process, hoping to determine its nature, and counting on being able to curtail the process if I uncovered any malware-like behaviour.  Regrettably, I must have inadvertently accessed an unknown hotlink, because I was eventually presented with a series of downloaded files which my MalwareBytes Pro program appeared to intercept.  I attempted to deny access to each of these files, but some were repeated; hence, I am unsure whether I successfully blocked all of them. However, a immediate scan using MalwareBytes Pro reported a long series of PUP-related files, all of which I had quarantined.
Based on my preliminary Internet search results, I extracted the attached MS Word document contents, but I have not taken any action as proposed therein, pending further evaluation of the problem.
Please advise whether my canadianclubkigston.org is at risk for anyone who may access it via Firefox (and perhaps Internet Explorer, Opera, or any other browser), since I did not test access under any browser except for Safari (my default on Mac OS) and Firefox (my default on Windows 7 VM.
I have emailed the HostPapa Support staff (on whose server the subject website is hosted), but only via there "sales" recipient, with a plea to ensure that the  tech support staff reviewed my situation.
From an Internet search for the "yealt.adware problem, I was pointed towards a "freefixer" freebie product.  However, since it was recommended that it only be used by knowledgeable users, I have not yet executed the program (which requires a paid "pro" version to correct any deficiencies detected).
Thanks, in advance for any assistance/guidance which you may be able to provide.
Appreciatively,
Bruce
Colonel (Retired) R. Bruce Morris
Canadian Club of Kingston Webmaster
Yealt-Malware-on-Mozilla-Firefox.doc
0
Comment
Question by:R_Bruce_Morris
  • 3
  • 3
6 Comments
 
LVL 28

Accepted Solution

by:
serialband earned 500 total points
ID: 40009862
Never run an unknown advertising survey.  You should probably install a popup blocker and adblocker add-on to your windows firefox.


If you don't want to remove it with software, there is are instructions to remove it manually near the bottom of the following link.  http://blog.reimage.us.com/manually-delete-adware-yealt-from-windows-pc

   Windows ‘system restore’ option needs to be disabled first of all. For, this right click ‘My Computer’ and select ‘properties’ from there. From ‘system restore’ tab present by the side select ‘turn off system restore’ and click ‘OK’ for the changes to be applied.
    Restart your system in safe mode, keep the F8 key pressed while the system boots and thereafter selecting ‘safe mode’ option from the selection menu does that.
    All temporary files that exist on system needs to be cleaned off first, for this you need to browse to the very location – :\Documents and Settings\Yourusername\Local Settings\Temporary Internet Files
    Processes of the dangerous Adware.Yealt infection needs to be deleted and the same needs to be done from task manager. For this you need to use ‘ALT+CTRL+DEL’ keys which opens up the windows task manager & allows you select processes for being terminated.
    Search the Windows system for locating all infection associated files & get the same cleaned with all efficiency

This site has the list of files and registry keys that you should delete.  http://www.shouldiblockit.com/yealt.dll-37546.aspx

Apparently, yealt has instructions on how to uninstall. http://www.yealt.com/uninstall.php
0
 

Author Comment

by:R_Bruce_Morris
ID: 40010839
Hi serialband:
Thanks for the expeditious response.
I did find your proposed resolution somewhat challenging to execute.
I executed your solution, in part.  Some of the proposed steps could not be executed because of my inability to locate the designated Temporary Internet Files (:\Documents and Settings\Bruce / Owner?\Local Settings\Temporary Internet Files) on my MacBook Pro / Windows 7 – Parallels Desktop configuration.
Since I do not understand why “System Restore” function had to be disabled, I did not do so.
I removed yealt from Firefox using the process from the website http://www.yealt.com/uninstall.php, and tested canadianclubkingston.org website in Windows 7 VM on Firefox.  The yealt.adware survey did not appear!
I did not execute your step of restarting in Safe Mode, and I did not use Windows task Manager to delete (stop) the relevant processes associated with "yealt".
I also had to uninstall (using my RevoUninstaller Pro program) three programs which somehow had been installed (probably during the Java updating process): Optimizer Pro, MyPC Bacup, and ?????.
I did not do anything with the constantly changing files produced by the  http://www.shouldiblockit.com/yealt.dll-37546.aspx website.
After all of that, I consider the problem of the yealt.adware malware, plus the removal of the unwanted programs downloaded and installed automatically as part of the Java update process for Firefox, to have been resolved.
Any further advice/guidance that I ought to receive, before I award points and close this post?
Appreciatively, Arbyem
0
 
LVL 28

Assisted Solution

by:serialband
serialband earned 500 total points
ID: 40010943
It's great if it's actually gone.  If you have any really malicious malware, you will have to boot into safe mode.  You should install the adblock plus add-on to keep the adware off your systems.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:R_Bruce_Morris
ID: 40011639
Thanks for the clarification.  I have booted into Safe Mode with Networking, and run my MalwareBytes Pro program.  No malicious items were reported.
I also checked Windows Task Manager "processes", but there was no indication of any running other than the mbam.exe (MalwareBytes Pro) application.
I have also downloaded, installed, and paid the $35 "contribution" for the "adblock plus" extension for Mac OS Safari.
In my Windows 7 virtual machine, a search under Computer for "yealt" produced one file (yealt.crx in C:\Users\Owner\AppData\Local\Google/Chrome\UserData\Default\Extensions\).
I deleted that file.
A search of Mac OS (Bruce's Machine) for "yeast" produced no results.
I downloaded the file adblock_plus-2.5.1-sm+tb+an+fx.xpi, but I could not provide an application to do anything with it!  Is there a process within Firefox (Windows 7 VM) to apply this worthwhile extension?
Since I only use Safari in Mac OS 10.7.5, do I have to now download and install Adblock Plus to IE9, Firefox, and Chrome under my Windows 7 VM in Windows 7 - Parallels Desktop?
Appreciatively, Arbyem
0
 
LVL 28

Assisted Solution

by:serialband
serialband earned 500 total points
ID: 40011811
Run Firefox and search for adblock plus and just click to install it.  You could also just drag the xpi file into firefox and it will install.

Adblock Plus as well as other add-ons are donationware.  It's good that you donated, but it's not necessary until you're sure you want it.
0
 

Author Closing Comment

by:R_Bruce_Morris
ID: 40015280
Thanks.  Although I was unable to execute all of the recommendations, I consider that my problem has been resolved.
Appreciatively, Arbyem
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Computer hanging for several seconds 14 66
Windows 7 Lock taskbar 8 35
hardrive and reformat 5 81
Activation for Microsoft Office for Mac 2016 3 32
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question