Subsonic Forum

[imarinoff]

I recently installed the Subsonic server software to my XP desktop and the app to my Android phone. Now, while using the Chrome browser, I've begun experiencing redirects to the following URL: ad.yieldmanager.com/login.view?
This page then prompts for a Username and Password and the tab is labeled Subsonic with the Subsonic logo. This happens almost immediately when attempting to check a Yahoo! email account but other times as well. While I've read online about ad.yieldmanager spyware, I am not aware of a connection to Subsonic. Can anyone shed light on this and, hopefully, provide a solution? To date, my spyware scans have accomplished nothing and Hijack This hasn't shown the line of concern that has been mentioned on various online discussion boards. Thanks.

[sindre_mehus]

Weird. Did you download Subsonic from the official site, subsonic.org?

Sindre

[imarinoff]

Weird. Did you download Subsonic from the official site, subsonic.org?

Yes.

[imarinoff]

As a follow-up, I've gone through fits trying to resolve the problem I described earlier--manually deleted cookies, blocked cookies, and scanned with various AV and spyware utilities. Ultimately, after uninstalling Chrome and then finding the problem also while using Firefox, I chose to uninstall Subsonic from my PC. The problem has not returned since then. I'm sure there's some explanation for why a known spyware domain/URL has associated with Subsonic. Anyone else experiencing the popup/redirect I've described?

[watzone69]

I am having this same problem except the address is "http://ad.doubleclick.net/login.view?". It happens when going to Yahoo Mail.

I am using Google Chrome on a PC running Vista. I downloaded "subsonic-4.0.1-setup.exe" from sourceforge (directed from the download link on the subsonic.org site).

I am going to update my host file and see if that helps.

[watzone69]

OK, this sucks. I've run several anti malware and can't find the culprit. I am getting redirected to the Subsonic log-in page but the address is a different ad related site every time. It's happening on IE as well as Chrome.

EDIT: I updated my hosts file and changed my port. Seems to have worked!

[DystopiaNoir]

Can someone post a description of how to update the host file and port? I'm having the same issue as the OP.

[delcypher]

Google is your friend...

http://vlaurie.com/computers2/Articles/hosts.htm

[swoyara]

How can I tell the difference between legitimate updates and trojans/malware? Trojans and various forms of malware are becoming smarter and more dangerous and now often pretend to be legitimate programs or pose as "updates" even for real anti-virus software. How can I tell the difference between real updates/real programs and cleverly disguised updates or programs posing as them?
_______________________________
yahoo keyword tool ~ overture ~ traffic estimator ~ adwords traffic estimator

[disgustipated]

I dont want to be "that guy" but i think this thread is really out of the scope of subsonic and you might find better help elsewhere for cleaning spyware :\

i think its pretty safe to say that if you download the installer of your choice from the official site you wont run into any spyware

[alphawave7]

I dont want to be "that guy" but i think this thread is really out of the scope of subsonic and you might find better help elsewhere for cleaning spyware :\

i think its pretty safe to say that if you download the installer of your choice from the official site you wont run into any spyware

Actually, it can be more Subsonic-related than you might imagine. I, too, ran into this issue when installing SS for a friend of mine. Like you guys, I initially freaked out a bit, thinking his system needed a thorough scan and clean, but after digging around on the net, I discovered a couple of things: ad.yieldmanager.com is a partner for displaying ads on websites/pages. In my friend's case, he uses iGoogle for his homepage, and the ads weren't displaying properly (clue #1). Frequent attempts to surf were met with a similar results (Yahoo, etc.). Attempts to log into SS gave results described above: (clue #2) that this page 'seemed' to take over Subsonic. We were stuck dead in the water for web configuration.

Research revealed that yieldmanager uses port 80, and that was the break in the case. I initially resisted futzing around with his router (a UPnP compliant one) and wanted to get it up and running quickly, and naturally it was using the default port 80. I got his permission to change his router settings (manually, as even the UPnP settings didn't 'stick') and opened port 4040 for him by hand, and reset it in Subsonic, and the apparent 'hi-jacking' was stopped, and Subsonic began working a treat. This is one of the reasons I always recommend for new users to discard the default port 80, and use the 'old' default (4040) or 8080, or indeed any port they wish and can open on their particular router's configuration. ad.yieldmanager.com isn't serious malware (virus/trojan,etc.) but it would still be classified as malware by me as it does seem to want to posess port 80, or else it causes disruption. The price one pays for 'free' ad-supported sites like Yahoo/Google, etc. HTH.

[GJ51]

http://www.mvps.org/winhelp2002/hosts.htm

[lolsee2]

OK, this sucks. I've run several anti malware and can't find the culprit. I am getting redirected to the Subsonic log-in page but the address is a different ad related site every time. It's happening on IE as well as Chrome.

EDIT: I updated my hosts file and changed my port. Seems to have worked!

i need to know what to do, i am new to this.
can any1 tell me the exact thing to do?
much appreciated.

[GJ51]

My first try is to always run Malwarebytes. It's also worthy of purchase if you want extra protection, but may be overkill if you practise safe surfing.

I have MS Security essentials on my systems and use the hosts file blocker from mvps.org.

http://winhelp2002.mvps.org/hosts.htm

Sometimes you run good anti spyware and it identifies a vicious rootkit that respawns itself even after being "removed".

If that happens, Google the recurring bug and you can usually find a specific cleaner from Norton or Kaspersky.

I ran into this yesterday on a clients laptop infected with Trojan:JS/Medfos.B that would get removed by MS Security essentials and then MSSE would remove it again a few minutes later and on and on....

I read the MSSE history logs to see what it was removing every few minutes and after a Google search I used the instructions in the link below.

http://malwaretips.com/blogs/remove-medfos-trojan/

Notice that the instructions recommend running 7 different anti virus tools, affirming what I already knew, that there isn't any one tool that kills everything out there and running several in succession is probably the best strategy against a particularly nasty bug.

I use a clean machine to load the tools onto a clean usb drive, then fake name the first tool as recommended in the post so that the bug doesn't prevent it from running. Many of the tools can be run right off the usb drive and don't need to be installed onto the infected drive. It's a great idea to create a usb bugkiller with the tools recommended on it and keep it for just such occasions.

Once clean, I (re)install MSSE and (re)apply the mvps hosts file blocker for my clients. This combination has kept all my 20+ computers bug free for as long as I've been using it - several years, since MSSE was introduced. I usually remove all the rest of the tools I used to do the cleaning as I have a high level of confidence with MSSE and MVPS hosts blocker and if I were to get infected I can just always grab my handy usb drive with all the tools on it.

Hope that helps a bit.

Here's the homepage for the malwaretips site: http://malwaretips.com/blogs/