Need help finding how malware works

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi,

I'm not sure if this is the correct place to ask this question, so if
you know of any other/better place let me know.

I've encountered some kind a "malware" on my pc (Windows 7), and it
turned out be quite popular - "yield manager ad".
It shows a popup window with ad on every page, on Google Chrome and
Internet Explorer.

I've found many "how to remove" articles, but before I remove it, I
want to understand how it works,
so if anybody can help, I will appreciate that.

What I've done so far is:
1) Using SysInternals's "ProcessExplorer:, I've checked all the
modules that are loaded into GC/IE - all seem to be familiar/signed.
2) Using nirsoft's "DriverView" - I've checked all drivers - all seem
to be familiar/signed.
In |familiar" I mean the company name relates to some known company or
software which is considered to be known/illegitimate.

Now - I'm stuck - what is the next step ?
Or is it possible/common that this malware also inject itself the
"process explorer" to hide itself ?

Thanks for any help.
JD.



Re: Need help finding how malware works

John Davis has brought this to us :
Quoted text here. Click to load it

It is adware but not necessarily malware. As far as I can tell from
reading about it, it exists as a cookie on your machine and is
supported by your browser. You can disallow the adware server by
'blocking' the domain.

http://forums.techguy.org/general-security/1061717-what-ad-yieldmanager-com.html



Site Timeline