I also got the audio but no "survey" problems for 2 days now! Interesting new problem though, here is what I got from a bank I was trying to send an email to "Your access to this mail system has been rejected due to the sending MTA's poor reputation". Yahoo is now so bad that this bank rejects my Roger Yahoo emails! No problem using Gmail as a sub, and no problems with sending to anybody else, so far.
Understand about Adblock Plus permissions, but it is still highly rated by CNET and the strategy will be to let the dust settle, then disable it and see if problems reappear.
Fred thx for the update about Adw, I hope that's the fix. Lyn wiped her hard drive twice and still got hacked, so I guess re-infections happen. Leaving today, back in a week, when maybe we'll all be fixed.
I'm back from the boonies .... Fred are you still here? ... have you had any more hacks since using Adw Cleaner? Lyn can you update us on your progress. I found the quickest way to check if the hack was still around was to click the little (i) "show site info" beside the yahoo URL on the Yahoo main page to open setting choices. There are a lot of lurkers here, many more views than posters, can anyone else offer any progress?
No redirects since June 24th (so only one with the new router in total). However, I stay off the yahoo rogers mail site entirely. I use the internet normally other than that.
I have had no problems since using Adblock Plus and an occasional clean up with Adw Cleaner, which still finds new malware, so there is reinfection but no resulting problems.
Thx guys, well after being shut down for the week I was away I went on Yahoo and clicked the "show site info" icon several times which has always brought up the hack, and surfed the site for a while too, and no hack. I'm hesitant to use Adw because it might think my VPN is bad, and I don't want to have to redo it if it gets deleted. When Adw shows me what it wants to delete I might not be able to recognize file names from my VPN if they have strange names. Fred do you have a VPN running?
No more hacks today on Yahoo or Yahoo email. Jay I wondered the same thing, if this fake survey and “free” gifts resulting in the huge credit card charges people have reported have a built-in time limit when the hackers shut down their order center and move on to another scam, based on their estimate of how long it takes for the word to get around Rogers users that it’s a scam and the scammers won’t be getting enough suckers to warrant keeping the operation going. The original fake survey in this thread is from 2013, and is similar but not exactly the same as the current scam, shipping was $3, originating in the UK, with a surprise $49.95 monthly recurring charge on the victim’s credit card for some site membership, whereas shipping is now 4.95, don’t recall if it originates in the UK, or what the upcharges are.
I’m waiting for tech support from my VPN to get back to me with the word on whether Adw Cleaner will mess with it. All the files in my VPN are clearly named so it looks like I can uncheck them for deletion in the Adw window, so I expect they will give me the go-ahead, and then I think I’ll do it. I really don't want to leave malware on the hard drive, especially using it for banking and credit card work.
My VPN tech said go ahead and use AdwCleaner from Malwarebytes, so i got it and ran it, and it didn't want to delete my VPN, but it wanted to delete 2 folders, Amazon1BurttonApp and the Pokki folder, which comes on most Acer computers to provide rich HTMLS apps, and is a company partnered with Acer, probably nothing bad there. But I had Adw delete them both. Adw also listed 20 some root registry keys for deletion, like HKU, HKCU, HKLM, so I let it delete them too. Adw re-booted the CPU, everything worked fine, so I went to Yahoo.ca, and clicked on the (i) icon ("show more info") beside the Yahoo URL, which usually triggers the hacks, and sure enough, back it came. This time just the fake Windows repair screen, no fake survey. Browser history shows it went to 3 sites, Reimage Repair, s0u.jerb.gdn/ plus a bunch of letters and numbers, and Voluumtrk.horizon-trading.com. There are the same ones that always came before. These hacks only happen on the Yahoo website, never anywhere else, same as others have reported. Lyn just avoids that site now, with no further hacks. Someone's bank told them it won't do any transactions coming from Yahoo b/c of "problems". Who knows if the hack is also recording keystrokes or passwords, not secure for banking or credit card work. I wonder about using Firefox's Block Site addon so the sites can't pop up, might try that, don't have it yet. IE has a similar one. Has anyone tried that?
So it looks like the scam web sites that pop up are not an infection on our hard drives, since Lyn wiped hers twice and it still happened, but they are hacks on Yahoo related sites: Rogers/Yahoo, Yahoo.ca, and Yahoo.com. The hacks never come up on other sites. If I avoid those Yahoo sites I’ve got to use a different email, kind of a nuisance. So I’m trying a site blocker to see if that works, as an add-on to Firefox. IE has them too. Three do not have great user reviews, BlockSite, Block Site (with a space), and BlockSite Plus. But LeechBlock has good reviews, so I picked it, and I’ve loaded all the scam sites on it to be blocked, the fake survey with surprise upcharges to the free gift shipping, the fake Windows Repair, the “other” Netflix scam deal, and just lately a fake browser survey, didn’t wait for the offer, probably a “free” gift with upcharges. These are the sites I’ve blocked, and it’s working so far: Reimage Repair, ReimagePlus.com, Voluumtrk.horizon-trading.com, s0u.jerb.gdn, rsnzz.isolate.kopx.gdn, ehtzz.isolate.kpx.gdn, bandretail.com, wayretail.com, retailnatural.com, and cutefeedback.com. These are sites you cannot back-arrow out of, you have to close your browser. I supposed the hackers could have many more of these, and I could be loading new sites on for a while. Leechblock’s interface is easy to use, and explains the use of wildcards to nail any similar URL to the one you entered. You can access it through the Firefox add-on menu. By blocking the sites I don’t think the hackers can grab keystrokes, passwords, or bank numbers. If this works I’ll even donate to LeechBlock. In a few days I’ll post how it’s working.
I’ve found the quickest way to see if the hacks pop up is to go to Yahoo.ca and click on the (i) icon to the left of the Yahoo URL (“show site info”), and start changing your preferences (choosing blocking features there does not work). If you mess around with that icon for a few minutes the hacks pop up quite often.