A friendly forum to get help and support
 
PortalPortal  HomeHome  GalleryGallery  FAQFAQ  SearchSearch  RegisterRegister  Log in  

Share | 
 

 yieldmanager

View previous topic View next topic Go down 
AuthorMessage
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: yieldmanager   12/28/2010, 23:54

I am exloring the NETSTAT command. I don't really undertand it yet, but if I do: netstat -a
I get a lot of entires returend, including quite a few for YIELDMANAGER. Some of them have a status of TIME_WAIT and some of them a status of ESTABLISHED.

Is this a bad thing?


Fay
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2372
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: yieldmanager   12/29/2010, 17:22

You can learn a lot about the NETSTAT command by reading the following conversation that takes place in this dslreports forum:

http://www.dslreports.com/forum/remark,7977320

Yieldmanager is an advertisement site and you will see cookies from it. Ad.yieldmanager.com, adyieldmanager.com or yieldmanager.com is tracking cookie designed to keep track of how many times you visit a website and how long you stay, your browser type, your IP address, and other web surfing activities which are sent back to the cookie's host site. Unless you aren't concerned about it, you should remove the cookie(s) from yieldmanager. You can read about this here:

http://www.spywareremove.com/removeadyieldmanagercom.html

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/1/2011, 00:21

Repa,

I ran ad-aware and it found a cookie for ad.yieldmanager and got rid of it.
I had forgotten but had previously put ad.yieldmanager.com in my hosts file.

But even after deleting the cookie, I still see a lot of lines for yieldmanager when I do netstat -a.
I guess I should run ad-aware again to see if the cookie is back, but it took ad-aware quite a while to run - so I may wait and run it again at another time.

Thanks,
Fay
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2372
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: yieldmanager   1/1/2011, 00:33

Hmmm, there shouldn't be any cookies from yieldmanager if you put that in your host file. Did you put all 3 of these in there - Ad.yieldmanager.com, adyieldmanager.com and yieldmanager.com? You also should check to block 3rd party cookies in your privacy settings if you haven't set it that way already.

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/1/2011, 00:58

Repa,

I did not have all of the entries in my hosts file - I just added them.
I checked and I do have block 3rd party cookies checked.

I'll rescan when I get a chance and see if the cookie is back. I'll let you know what I find out when I do.

Thanks,
Fay
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2372
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: yieldmanager   1/1/2011, 20:08

Fay, something occurred to me about this and I checked the registry on my computer. I have ad.yieldmanager.com and yieldmanager.com blocked in

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History

registry key. They are put there by Spywareblaster to protect you from this and many other sites. If you aren't using Spywareblaster, I suggest you do. Spywareblaster does not have to be running to protect you. It provides a passive protection through the history table and will not affect your computer performance in any way. Spywareblaster fills the history table with known malicious and suspicious or annoying sites to protect you from such sites as yieldmaster. Spybot does the same thing, and there are a few redundancies, but using both gives you a great deal of extra web protection that you otherwise don't have. You can download both at the following links if you don't have them:

Download and install Spybot Search & Destroy at:

http://www.safer-networking.org/en/download/index.html

It has the Immunize feature which works roughly the same way as SpywareBlaster. Update and run Spybot. DO NOT select the option to install "Teatimer" when going through the install wizard, and be sure to always deselect the option to download Teatimer updates when doing updates.

Install Javacool's SpywareBlaster at:

http://www.javacoolsoftware.com/spywareblaster.html

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects. Note: foistware is a term used to describe software downloaded to a computer without the owner's knowledge.

Download and install the program and then download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done. The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection. Don't forget to check for updates every week or so. Always update Spywareblaster after updating Spybot, as Spybot will disable a few of the Spywareblaster kill bits due to a conflict. Updating Spywareblaster after Spybot updates will fix that.

Note: Spybot and Spywareblaster add a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.


_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/1/2011, 20:49

Repa,

I have Spybot and have been using it a long time but I don't have the other one.
I may try to do that tomorrow. I was just taking a quick check for messages etc. Getting ready to go have a bite to eat and get ready to watch the Fiesta Bowl with my brohter - Oklahoma is playing.

After I get Spyware blaster installed - I'll do the neststat thing again and let you know see what happens.

As always - Thanks!!!

Fay

Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/2/2011, 15:36

Repa,

I downloaded, updated and applied the protection for Spayware blaster.
I scanned with Ad-Aware and Spybot - neither found a cookie for yieldmanager.

I did netstat -a.
Here are just some of the entries for yiledmanager:
TCP 127.0.0.1:49195 yieldmanager:49196 ESTABLISHED
TCP 127.0.0.1:49196 yieldmanager:49195 ESTABLISHED
TCP 127.0.0.1:49264 yieldmanager:49265 ESTABLISHED
TCP 127.0.0.1:49265 yieldmanager:49264 ESTABLISHED
TCP 127.0.0.1:49325 yieldmanager:12080 ESTABLISHED

Does this actually have to do with cookies - or is it something connecting to my computer? If it is a cookie, how do I get rid of it since niehter ad-aware or spybot found it.

I tried doing a google search to find somehing on the port numbers 49195 49196 but could not really tell anythhg

Maybe this is nothing to worry about - but am kind of curious.


Thanks,
Fay
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2372
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: yieldmanager   1/2/2011, 23:44

Fay, what you show above disturbs me a little. Established means that something on your system and yieldmanager are connected, and it's showing specific ports for both your local computer and yieldmanager. At least, that's what I think is happening, but not sure as I can't find anything that specifically addresses this in clear and understandable language. I don't know how that can happen if you have yieldmanager.com in your Hosts file. I'm wondering if you have a process on your system trying to connect to yieldmanager and using an IP address that is different than yieldmanager.com resolves to? I am going to suggest several things for you to do in order to find out:

1. Do a netstat -p TCP
To display a list of external machines (IP address or Machine names with Port Number) that your computer is connnected to.

2. Do a netstat -p TCP -b
This command displays the list of software executable (like Firefox.exe, AvastSvc.exe) that are connecting to the internet. It will also show which websites (or IP address) they are connecting to and what is the status of the connection.

ESTABLISHED - Both hosts are connected.
CLOSING - The remote host has agreed to close its connection.
LISTENING - Your computer is waiting to handle an incoming connection.

3. To learn more about the netstat command, type netstat /? at the command prompt to see a detailed help page.

4. Here are a couple of applications that will give you information in a more understandable form. They are small applications and easy to run:

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.

Download: http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

Process Explorer shows you information about which handles and DLLs processes have opened or loaded. You can see what processes are currently running, and the screen is updated every second.

Download: http://technet.microsoft.com/en-us/sysinternals/bb896653

The above should provide you with the information you need to determine what is causing you to get the netstat results you are getting. If something on your computer is calling home to yieldmaster, then it could be a trojan. See if it is in Add/Remove programs and something that you can remove. If not:

5. Go to the Tutorial Forum and follow Section 2. "Once per Week" in Tut#4: Routine Maintenance & Security. If you don't have all the programs listed in that section, the download links are supplied there.

Let me know what you find out.

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/3/2011, 00:21

Repa

I did some of the commands you listed - and saw 2 different .exe listed for YIELDMANAGER
one was my messenger and the other was IE
here are some of the entries:

TCP 127.0.0.1:49195 yieldmanager:49196 ESTABLISHED
[iexplore.exe]
TCP 127.0.0.1:49196 yieldmanager:49195 ESTABLISHED
[iexplore.exe]
TCP 127.0.0.1:51528 yieldmanager:51531 ESTABLISHED
[msnmsgr.exe]


I downloaded and ran TCPVIEW. I did not see any references to yieldmanager - but if I looked for references to ports 49196 and 49195 I found this:

iexplore.exe 2624 TCP Fay-PC 49195 localhost 49196 ESTABLISHED
iexplore.exe 2624 TCP Fay-PC 49196 localhost 49195 ESTABLISHED

Where FAY-PC is under localPort and localhost is under remote port
I don't quite understand local host under the report port column - what does that mean?
Doeds that mean is not not really connecting to anything external?

If I close IE and the messenger the yieldmanagr entries are not there when I do netstat.



I still have to do some of the other things you suggested - including the tutorial - but wanted to post what I have found so far. May not get any mnore done tonight.


*********************
INTERESTING
It appears that the netstat command - is gettin the name it is displaying from the hosts file -
YIELDMANGER.com was my first entry in my hosts file. If I go in an put an entyr with mad eup name - like abcxyz.com as the first entry in my hosts file - then - that name shows up when I do the netstat command.
Does that make any sense to you?

Fay
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2372
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: yieldmanager   1/3/2011, 01:22

Quote :
Where FAY-PC is under localPort and localhost is under remote port
I don't quite understand local host under the report port column - what does that mean?
Doeds that mean is not not really connecting to anything external?

Don't know for sure, Fay, but sounds reasonable. I'm still trying to figure out exactly how to interpret the results.

If I close IE and the messenger the yieldmanagr entries are not there when I do netstat.

What happens if you just close IE? If you close just Messenger? I have a feeling that Messenger is the culprit. But then, I'm still running IE6, and I don't see it at all.

YIELDMANGER.com was my first entry in my hosts file. If I go in an put an entyr with mad eup name - like abcxyz.com as the first entry in my hosts file - then - that name shows up when I do the netstat command.
Does that make any sense to you?

Yes, I think so. The first entry in the Host table should always be 127.0.0.1 localhost . After that, enter the websites you want to block from your computer. Change that and see what happens. But, I'd still like to know what happens when you have only IE running, and then only Messenger running.
Fay
[quote]

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/3/2011, 01:37

Repa,

Looks like the 127.0.0.1 localhost entry was commented out in the original host file. I'll put it in and do some more testing tomorrow.

But, it looks like with the bogus first line in - I do not have any references to yildmanager even with ie8 annd the messenger open - but I do have reference to the bogus entry. As I said I'll mess with this somemore tomorrow. I am getting ready to shut down for the night. I'll post again after more testing.

Fay
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/3/2011, 15:44

Repa,

I have not done the testing yet. I decided to look at the tutorial first. I do not have all the tools listed there - didn't have SuperAntiSpyware or Sophos Anti-Rootkit. Am working on getting and running those now.

I have gotten a little lax on running my scans. I had my real time protection going - so that I seldom found much when I did run the scan - mainly some low threat cookies. But I need to get back to doing that better. I printerd off the tutorial. I downloaded the SuperAntiSpyware - its running now. Then I'll get the Sophos Anit-Rootkit.

Well post back more later.

Fay
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/3/2011, 20:03

Repa,

The more I look at this stuff the more confused I get. I can't stand this!

Before I go any further want to see if you can explain this.

I rebooted my computer and rand this command:
netstat -p TCP -b
before I opened any windows.

I did it several times and the output varied each time. Here is the results from one run>

Active Connections

Proto Local Address Foreign Address State
TCP 192.168.1.1:49196 f43:http TIME_WAIT
TCP 192.168.1.1:49198 74.125.229.20:http TIME_WAIT
TCP 192.168.1.1:49202 65.172.31.178:http TIME_WAIT
TCP 192.168.1.1:49204 65.172.31.178:http TIME_WAIT
TCP 192.168.1.1:49220 65.172.31.170:http TIME_WAIT


It seemed that everytime I did it the only entries were for TIME_WAIT.
As a said nothing was open - at the time.

So what are these entires - something that was trying to attach but could not ?- Any idea what they are?

Fay

Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2372
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: yieldmanager   1/3/2011, 20:55

TCPview should identify what processes correspond to those entries. You need to have TCPview running and then do the netstat command, and you should be able to correlate the 2 displays.

I like TCPview over the netstat command as it gives more information, including the names of the network processes that are running in realtime.

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/4/2011, 19:45

Repa,

I tried what you said, but I did not see the IP addresses in tcpview that I did in netstat.

Originally, the main thing that I was concerned about was seeing yieldmanager when I did the netstat. But found out that was just because YIELDMANAGER was the first entry in my hostst file and it was displaying that name instead of LOCALHOST. After I did as you said and put the localhost entry as the first on in the hostst file - that fixed that.

I may try testing again tomorrow - but I am totally confused by what I have been seeing - but hopefully there is no problem.

Fay
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2372
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: yieldmanager   1/4/2011, 21:29

I don't think you have a problem, Fay, now that I understand where yieldmanager was coming from. What TCPview tells you is what applications are accessing the internet from your computer. If there is anything there that you don't recognize, you can google it and find out if it is a valid process or not. Process Explorer can be used in the same way to help you detect invalid processes. They are pretty handy little utilities, better than the task manager, and less confusing than using the netstat command, at least for me.

_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/5/2011, 00:36

Repa,

I put a shortcut to tcpview on my desktop so I can run it easily. That way I can take a check now and then to see if there is anything straged. I may just forget about netstat.
I did download Process Explorer also.

I feel a little better now. Thanks for all your help.

Fay
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2372
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: yieldmanager   1/6/2011, 20:17

Fay, here's a great little utility that gives so much information about every process that is running on your system, including network processes. It gives the process name, description, image path and vendor name of every running process on your system. It's called Process Monitor and you get it here:

http://technet.microsoft.com/en-us/sysinternals/bb896645

The main screen is overwhelming so what you will want to do is bring up the Process Tree window by selecting Tools > Process Tree on the menu bar. It will become obvious to you why I like this screen. When you exit this screen, the main screen is still up. If you exit that, everything goes away, but you'll find Process Monitor still running in Task Manager. I'm not sure why it doesn't close when you exit it, but I just kill it in Task Manager if I'm done with it.


_________________
Repa
Back to top Go down
View user profile
fay47
Royal Geek
Royal Geek
avatar

Number of posts : 1480
Registration date : 2008-10-17
Mood : none

PostSubject: Re: yieldmanager   1/9/2011, 19:33

Repa,

Thanks, Fay
Back to top Go down
View user profile
Sponsored content




PostSubject: Re: yieldmanager   

Back to top Go down
 
yieldmanager
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Geeks, Geeks and More Geeks :: Windows Computer Help :: Computer Discussion-
Jump to: