Solved

paypopup / yesadvertising

Posted on 2004-10-01
5
256 Views
Last Modified: 2010-04-12
Somehow a downloader virus made it's way onto my system while I was at a keenspot webcomic and though I cleaned out all infections via AVG, it must have put something on my computer which causes a pop up window to occur after a certain length of time (I do not know the exact amount of time it takes to respawn) from a www.paypopup.com website which is black save for the words "no ads". The first pop up I recieved was of this: http://www.yesadvertising.com/click.x.php?aid=spyblocs2&at=0&du=http://66.33.0.35/spyblocs/adv/paypop1.html

I have run CWshredder, ad-aware, avg and hijack this to see if I can find anything related to either of these websites to no avail. If anyone has any suggestions of what I need to do to get rid of this problem, I'd be grateful.

0
Comment
Question by:infernal_vanguard
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:rossfingal
ID: 12208352
Hi!

Did you run your HijackThis log through the Automatic Analysis, to see what it turns up?
If not, you should do so:
http://www.hijackthis.de/index.php?langselect=english
Post back here any entries it flags as "Nasty", "Possibly Nasty" or "Unknown".

Good luck!
RF


0
 

Author Comment

by:infernal_vanguard
ID: 12208725
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Was the only nasty it came up with, so I deleted the registry and found a folder in my program files containing installation files and what have you for Viewpoint (which I do not even remember putting onto my computer). I'll have to wait a while to see if the ads keep popping up; if not, you have my deepest thanks.
0
 
LVL 12

Accepted Solution

by:
rossfingal earned 250 total points
ID: 12209666
HI!

"Viewpoint" is installed with other things - you wouldn't even know it's being installed.
Try to uninstall these things through Add/Remove Programs first -
they may be listed there.
Reboot into "safe" mode and delete the folder:
C:\Program Files\Viewpoint <- delete the whole "Viewpoint" folder
You may have to stop a process first - start Task Manager and look for a running process called -
ViewMgr.exe
Kill it
Then search your ENTIRE computer for any instances of it - delete them all.
Clean out your temp files:
# C:\Windows\Temp - delete ALL of the CONTENTS of the folder - Not the "temp" folder itself!
# C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents)
  <=This will delete all your cached internet content including cookies.
  This is recommended and strongly suggested!
    However, if you delete all your cookies - this can affect your stored Internet passwords
    and your ability to logon automatically to various sites.
    So, consider deleting all your cookies - optional
# C:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files (all contents)
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)
# Empty your "Recycle Bin".
Reboot your computer into "noemal" mode and see how things are working
Regards...
RF
0
 

Author Comment

by:infernal_vanguard
ID: 12213733
Thank you for your help, but unfortunately getting rid of viewpoint did not fix the problem, and somehow in the process another problem occurred. Normally I am able to fix things like this, but instead I just decided to reformat my c drive since all my files are on my d drive.

Again, I thank you for your time and effort.
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 12213944
Hi!   infernal_vanguard

I'm sorry no one could help -
If you have it , could you post your HijackThis log that you ran through
the "Automatic Analysis" site -
or post a link where it can be found.
Thanks...
RF
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now