Solved

paypopup / yesadvertising

Posted on 2004-10-01
5
259 Views
Last Modified: 2010-04-12
Somehow a downloader virus made it's way onto my system while I was at a keenspot webcomic and though I cleaned out all infections via AVG, it must have put something on my computer which causes a pop up window to occur after a certain length of time (I do not know the exact amount of time it takes to respawn) from a www.paypopup.com website which is black save for the words "no ads". The first pop up I recieved was of this: http://www.yesadvertising.com/click.x.php?aid=spyblocs2&at=0&du=http://66.33.0.35/spyblocs/adv/paypop1.html 

I have run CWshredder, ad-aware, avg and hijack this to see if I can find anything related to either of these websites to no avail. If anyone has any suggestions of what I need to do to get rid of this problem, I'd be grateful.

0
Comment
Question by:infernal_vanguard
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:rossfingal
ID: 12208352
Hi!

Did you run your HijackThis log through the Automatic Analysis, to see what it turns up?
If not, you should do so:
http://www.hijackthis.de/index.php?langselect=english
Post back here any entries it flags as "Nasty", "Possibly Nasty" or "Unknown".

Good luck!
RF


0
 

Author Comment

by:infernal_vanguard
ID: 12208725
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Was the only nasty it came up with, so I deleted the registry and found a folder in my program files containing installation files and what have you for Viewpoint (which I do not even remember putting onto my computer). I'll have to wait a while to see if the ads keep popping up; if not, you have my deepest thanks.
0
 
LVL 12

Accepted Solution

by:
rossfingal earned 250 total points
ID: 12209666
HI!

"Viewpoint" is installed with other things - you wouldn't even know it's being installed.
Try to uninstall these things through Add/Remove Programs first -
they may be listed there.
Reboot into "safe" mode and delete the folder:
C:\Program Files\Viewpoint <- delete the whole "Viewpoint" folder
You may have to stop a process first - start Task Manager and look for a running process called -
ViewMgr.exe
Kill it
Then search your ENTIRE computer for any instances of it - delete them all.
Clean out your temp files:
# C:\Windows\Temp - delete ALL of the CONTENTS of the folder - Not the "temp" folder itself!
# C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents)
  <=This will delete all your cached internet content including cookies.
  This is recommended and strongly suggested!
    However, if you delete all your cookies - this can affect your stored Internet passwords
    and your ability to logon automatically to various sites.
    So, consider deleting all your cookies - optional
# C:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files (all contents)
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)
# Empty your "Recycle Bin".
Reboot your computer into "noemal" mode and see how things are working
Regards...
RF
0
 

Author Comment

by:infernal_vanguard
ID: 12213733
Thank you for your help, but unfortunately getting rid of viewpoint did not fix the problem, and somehow in the process another problem occurred. Normally I am able to fix things like this, but instead I just decided to reformat my c drive since all my files are on my d drive.

Again, I thank you for your time and effort.
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 12213944
Hi!   infernal_vanguard

I'm sorry no one could help -
If you have it , could you post your HijackThis log that you ran through
the "Automatic Analysis" site -
or post a link where it can be found.
Thanks...
RF
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question