Results 1 to 6 of 6
  1. #1
    Merchant Linda's Avatar
    Join Date
    January 18th, 2005
    Location
    TN, USA
    Posts
    1,030
    Viewpoint toolbar Drive-by
    Anyone experienced a drive-by install from Viewpoint toolbar? I just did.

    I was at Hollywood.com when all of a sudden MS Anti-Spyware popped up and said that Viewpoint was trying to install and did I want to allow it. Then a popup from Viewpoint came up saying it wanted to install its toolbar.

    There was NOT a "no thanks" button or link - there was NOT a "X" to close. There was only a "Install Now" button and "more info" button.

    I told MS Anti-Spyware "no" do not allow. Then I hit the Viewpoint "more info" button which gave me their EULA. It seems that they're some kind of 3D media player - ok, I still don't want a forced install - and according to their EULA, I would also agree to have my default search engine be changed to Yahoo. A "X" close was on that screen so I didn't read further and hit the "X" which closed it.

    I went and did a search for them on Google and see that other people are wanting to know how and where they got Viewpoint toolbar on their computers and only knew it was there when they got pop-ups saying they needed an upgrade. So it looks like they're in the business of doing drive-by installs now and it's not just me.

    I looked in my taskbar and see viewmgr.exe. I looked in my control panel in Add/Remove software and there was Viewpoint Media Player.

    I don't know and I don't give a rats patooie whether their toolbar has spyware or adware at this moment. I do care that they installed their software on my computer without my permission when I did NOT agree to install it and I did NOT agree to their EULA. And why did it get thru MS-AntiSpyware when I said to NOT allow it access?

  2. #2
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    You have the same pb than ShoreMark, Linda.
    http://forum.abestweb.com/showthread.php?t=54031

  3. #3
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Thumbs down
    Aurora -DirectRevenue and all their other Adwhore operations are even enticing hidden bundling freebie perps and drive-by installers to put there crapware on systems. I've had clients also whacked by backdoor trojan horse viruses shoving this and eBates onto systems for infestation fees.

    "Use our FREE uninstall program to remove the following Advertising Software programs from your computer: BestOffers, BetterInternet, Ceres, LocalNRD, MSView, MultiMPP, MXTarget, OfferOptimizer, Twaintec, Aurora, BTGrab, DLMax, Pynix, SolidPeer, Zserv and some others. Also runs ABI network and abetterinternet.com BHO's a search bar hijackers.

    Please keep in mind that MyPCTuneUp isn't a general purpose Advertising Software or Spyware removal company. It will only remove the above programs listed, in addition to a few others. The MyPCTuneUp.com uninstaller program will never collect any personally identifiable information, it will not install any additional programs, and it will delete itself once it finishes the uninstall process......

    I'm sure the ABW haters at that Other list broker forum, and that hottie Missy Ward have a piece of this action.

    ____________________________
    http://www.mypctuneup.com/faq.php

    ...."Q: Who are we?
    A: The MyPCTuneUp website and uninstaller program was created by Direct Revenue, LLC for the purpose of making it easy for consumers to uninstall all ABI Network advertising software. We want to make sure that all of our advertising software is easily removable either through the Windows Add/Remove utility, or through the MyPCTuneUp uninstaller program. Our live customer support service, the first in the industry, is available in case you need assistance.

    Q: How did I get advertising software on my computer?
    A: Our software is packaged with free, popular downloadable programs, such as peer to peer file sharing software, screensavers, and games. Examples of applications we're packaged with can be found on our distribution website, Abetterinternet.com. We allow software developers to capitalize on the work they've done, and at the same time many consumers find our advertisements highly relevant. That being said, if a consumer doesn't want our software on their computer, MyPCTuneUp will enable them to uninstall quickly and easily.....
    Last edited by ecomcity; July 15th, 2005 at 11:52 AM.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  4. #4
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    About:Blank Homepage Hijackers are the most insidious group of browser hijacker programs currently on the Net. Insidious because of the methods they use to infect PCs and remain hidden from users and anti-spyware programs.

    About:Blank Hijackers install a Browser Helper Object into Internet Explorer. This BHO consumes system resources and slows down your PC's internet connection. Typically an infected PC will display a "fake" web search portal (e.g Quick Web Search) when the web browser is opened with about:blank displayed in the title and address window. The user can't reset the browser homepage, or at best only temporarily. It may also change your search settings, add new sites to your favorites, install an unwanted toolbar and/or bombard you with pop-up ads even when you're not online.

    Here's the problem - Internet Explorer seems to have decided that the home page About:blank is what will greet you every time you open a new browser window. You try to change it back but either your Internet Options are greyed out or you change the page back, only to find next time you start Internet Explorer the dreaded About:blank has returned.

    There are many possible causes for this behaviour and most are evil. One possible cause is a backdoor trojan virus, very common for yoolbar hijackers. The culprit is an adware/browser hijack program - in particular, CoolWebSearch.

    The symptom that identifies the CoolWebSearch or a close variation is that About:Blank appears as the address, but in the background a window pops up stating that spyware, adware or something similar has been found on your system. CoolWebSearch is a browser hijack program - it takes over your home page, and keeps changing it back. Its purpose is to show you advertising, or flog you an over-priced piece of software to fix the issue CoolWebSearch has created. The About:Blank change is a trick designed to confuse users - regrettably, it is very successful!


    The simplest way to remove the About:Blank adware is to use a specially designed tool and clean up your system. Step one is to flush out all the temp files on your system: Cookies, Temporary Internet Files and Temp files (you can do this via Internet Explorer's Tools-Internet Options or for a more thorough clean, use a privacy tool such as Tracks Eraser Pro 5). Next up, get a copy of CWShredder. This should kill CoolWebSearch and allow you to change your home page from About:Blank, plus it will kill those pop up windows....hopefully.

    If these options don't work, you may need a more in-depth tool such as www.SpyCatcher.com It will also flush out all types of spyware, adware and malware. Plus it offers home page protection to guard against future hijacks. This one finally got the ever present About:blank exploit from my last system cleansing. This is one of the real nasties operated by the wanks at CoolWebsearch, a professional PPCSE keyword theft operation. They also employ click clubs, site scraper apps and "get paid to" click slavery rings in 3rd world country cybercafes.

    About:blank hijacks can be caused by any one of a number of different spyware browser hijackers and even computer worm infections, so you would normally need to scan your system with an anti-virus program to remove any possible computer worms and a spyware removal program capable of removing spyware browser hijackers that can cause this problem. About:blank hijackers are usually difficult pests to remove and it's possible to be infected with variants that can't be removed by any anti-spyware programs.

    About:Blank - Its Behavior and Why It's So Difficult To Remove:

    Replaces your home page with a new one titled "about:blank". This page contains a pseudo-search engine with various directory "shopping" subjects. Note: The hijacker earns money when you click on these PPCSE funded directory links.
    1.Installs a Browser Helper Object into Internet Explorer. This BHO consumes system resources and slows down your internet connection.

    2.Restores itself after its file directory is deleted with help of hidden Dlls and a worm virus that also sets up victims as zomie spam systems.

    3.Restores its registry settings once they have been deleted.
    4.Is difficult to remove from memory and employs a backdoor trojan and infection re-naming script to counter all known anti-virus tools.
    5.Starts with the operating system. If you remove it from the auto-start settings, it will restore itself there.
    6.Later versions change their executable to avoid detection by the simple hash recognition algorithms that most anti-spyware products use.
    7.May also store executable code in your temporary internet explorer files.

    Coolwebsearch is a popular add-on to multiple network freebie lead fee merchants and should be an immediate cause of removing the bogus merchant from the networks merchant list.

    http://www.google.com/search?sourcei...=About%3Ablank

    All major PPCSE advertisers should investigate how their keyword fees are syndicated to these known junk traffic and budget draining thieves. Income is earned by the publishers and affiliates of the About:Blank Hijacker from pilfered or syndicated PPCSE advertisements displayed on the infected PC. Whenever you click on links on the "fake" search portal and search results you generate income for them. There's also evidence that websites are displayed via third party search engine feeds without the knowledge of the website owners or advertisers. So it's likely that not only users of infected PCs that suffer but also website owners that are unknowningly paying to have their sites listed with them via networked search engines.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  5. #5
    Resident Genius and Staunch Capitalist Leader's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    12,817
    Anyone experienced a drive-by install from Viewpoint toolbar?
    Yeah. I got stuck with that thing.

    It's actually a driveby of the "viewpoint media player." That thing then, sporadically and without warning, tries to get you to agree to the toolbar. I don't know of any media it actually views.

    And why did it get thru MS-AntiSpyware when I said to NOT allow it access?
    That's probably because it--the Viewpoint Media Player--was *already installed* and had been for some time, when it finally asked if you wanted the toolbar. It stays silent most of the time, so it's easy for it to look like a "new" install.

    I don't know how the player part avoids detection. I neutered the one I was stuck with by hounding out the folder, taking off the read-only mode(!), and renaming it. It may also have been designated as a system folder, but my memory's a bit vague on that part. (If it's designated as a system folder, it takes a bit of doing to get it to show up at all.) The Add/Remove programs usually doesn't remove this type of thing, so I probably didn't even bother with trying that "regular way."

    Our software is packaged with free, popular downloadable programs, such as peer to peer file sharing software, screensavers, and games.
    I didn't download any of that cr@p, so they must've snuck it in with something less suspect.
    There is no knowledge that is not power. ~Hemingway

  6. #6
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    Linda - Anyone experienced a drive-by install from Viewpoint toolbar?
    My turn. Got it today.
    There was NOT a "no thanks" button or link - there was NOT a "X" to close. There was only a "Install Now" button and "more info" button. I told MS Anti-Spyware "no" do not allow. A "X" close was on that screen so I didn't read further and hit the "X" which closed it
    I was obliged to reboot my PC to be in control again. First think I saw was a new Viewpoint toolbar and I had to manually remove all that cr@p.

  7. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Replies: 2
    Last Post: October 16th, 2011, 03:10 PM
  2. ViewPoint?
    By ShoreMark in forum Midnight Cafe'
    Replies: 10
    Last Post: July 15th, 2005, 12:04 PM
  3. Viewpoint search engine toolbar
    By Haiko de Poel, Jr. in forum Search Engine Optimization
    Replies: 1
    Last Post: January 28th, 2005, 11:36 AM
  4. Sqwire Toolbar Drive by
    By appbizz in forum Suspicious Activity!
    Replies: 6
    Last Post: June 6th, 2003, 08:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •