Re: url.cpvfeed.com popup redirector to revenueloop

[Gerald309]

----------------->
url.cpvfeed.com popup redirector to revenueloop....


CA Spyware Info Center:
http://www3.ca.com/securityadvisor/p...x?id=453107470

cpvfeed.com
Tracking Cookie : Any cookie that is shared among two or more web
pages for the purpose of tracking a user's surfing history.

That's incredible none of your security software picked this up. It is
a simple tracking cookie. Lavasoft Ad-Aware would definately pick this
up and most likely any associated adware installation if it is
understood you mean your browser is being redirected. If your browser
is going to another website then expected and especially if you are
not even clicking anything - then it is a "browser hijacker" or your
symptom - "redirecter" - which is exactly what a browser hijacker
does, re-directs your browser to a different website to either offer
something for sale or to a malicious content website attempting to
install malware such as a trojan or spyware and/or more adware (the
least lethal).

A browser hijacker will install an Active X item in the Windows
Registry, They are called BHO (Browser Help Object). The legitimate
ones are many by Microsoft and other known valid software you use. The
browser hijacker installation is sort of a hackware or piece of a
software in size - just a couple entries. Most of these are the
toolbars in Internet Explorer - like known ones are Google Toolbar,
Yahoo Toolbar, and so on. The bad ones many times are not even visible
in the drop down menu. They can even be a transparent radio button
install. They may be a very visible radio button if you have some full
blown porno malware install and has buttons installed in the browser
like "Show Me More 10-XXX". That takes a manual click rather than some
automated re-direct.

I would do two things. One, download - update - and run
SuperAntispyware free home version which is a very good detector,
perhaps a little better than Ad-Aware. There may be an associated
trojan doing the redirect so two - also get yourself the free A-
Squared Trojan Remover free home version as well. Register for the
updates, update it and run it. You seem to have a well known threat
present rather than some obscure or new unknown threat.

BOOKMARKS:

SUPERAntiSpyware [working-freeware, and premium version]
http://www.superantispyare.com

a-squared trojan remover (Free Working Version for life and Proactive
Premium Version)
http://www.emsisoft.com/en/software/free/
a-squared (a-squared) is a complementary product to antivirus software
and desktop firewalls on MS Windows computers. Antivirus software
specializes in detecting classic viruses. Many available products have
weaknesses in detecting other malicious software (Malware) like
Trojans, Dialers, Worms and Spyware (Adware). a-squared fills the gap
that malware writers exploit. Automatic updates: In a-squared Free the
updater must be run manually. The auto-update feature of a-squared
Personal checks hourly for new available updates and installs them
automatically. a-squared Free is freeware! You can download and use it
completely for free. You are also allowed to distribute it to third
parties. To be able to use it, you only must set up a free a-squared
Account, to get access to the update server. (Note you register by
simple sign up to activate definitions downloads free).
==========>

YOUR POST QUOTED..... -------------->

''QUOTE""
thang View profileI don't know how I picked this up, but nothing I
run will detect it, let alone get rid of the popup. It appears
harmless but is a definite infection. HiJack this doesn't pick it up,
nor Zone Alarm Security Suite 2007, nor Ad Aware, nor EMCO or Spyware
Remover nor Pareto Logic. Any ideas on what it is, where it is, how it
works, how to detect it or how to remove it? It pops up every time I
open a browser (IE7). The first popup is "url.cpvfeed.com" and then
this changes to "login.revenueloop.com" and then a few other popups
come up such as "searchportal.information.com". It is really bugging
me. Any help appreciated. thang
More options Apr 4, 5:26 pm

Newsgroups: alt.privacy.spyware
From: thang <thang>
Date: Thu, 05 Apr 2007 05:26:45 +0800
Local: Wed, Apr 4 2007 5:26 pm
Subject: url.cpvfeed.com popup redirector to revenueloop
Note: The author of this message requested that it not be archived.
This message will be removed from Groups in 6 days (Apr 11, 5:26 pm).
""UNQUOTE""

[thang]

On 4 Apr 2007 1817 -0700, "Gerald309" <gerald309@gmail.com> wrote:

>
>----------------->
>url.cpvfeed.com popup redirector to revenueloop....
>
>
>CA Spyware Info Center:
>http://www3.ca.com/securityadvisor/p...x?id=453107470
>
>cpvfeed.com
>Tracking Cookie : Any cookie that is shared among two or more web
>pages for the purpose of tracking a user's surfing history.
>
>That's incredible none of your security software picked this up. It is
>a simple tracking cookie. Lavasoft Ad-Aware would definately pick this
>up and most likely any associated adware installation if it is
>understood you mean your browser is being redirected. If your browser
>is going to another website then expected and especially if you are
>not even clicking anything - then it is a "browser hijacker" or your
>symptom - "redirecter" - which is exactly what a browser hijacker
>does, re-directs your browser to a different website to either offer
>something for sale or to a malicious content website attempting to
>install malware such as a trojan or spyware and/or more adware (the
>least lethal).
>
>A browser hijacker will install an Active X item in the Windows
>Registry, They are called BHO (Browser Help Object). The legitimate
>ones are many by Microsoft and other known valid software you use. The
>browser hijacker installation is sort of a hackware or piece of a
>software in size - just a couple entries. Most of these are the
>toolbars in Internet Explorer - like known ones are Google Toolbar,
>Yahoo Toolbar, and so on. The bad ones many times are not even visible
>in the drop down menu. They can even be a transparent radio button
>install. They may be a very visible radio button if you have some full
>blown porno malware install and has buttons installed in the browser
>like "Show Me More 10-XXX". That takes a manual click rather than some
>automated re-direct.
>
>I would do two things. One, download - update - and run
>SuperAntispyware free home version which is a very good detector,
>perhaps a little better than Ad-Aware. There may be an associated
>trojan doing the redirect so two - also get yourself the free A-
>Squared Trojan Remover free home version as well. Register for the
>updates, update it and run it. You seem to have a well known threat
>present rather than some obscure or new unknown threat.
>
>BOOKMARKS:
>
>SUPERAntiSpyware [working-freeware, and premium version]
>http://www.superantispyare.com
>
>a-squared trojan remover (Free Working Version for life and Proactive
>Premium Version)
>http://www.emsisoft.com/en/software/free/
>a-squared (a-squared) is a complementary product to antivirus software
>and desktop firewalls on MS Windows computers. Antivirus software
>specializes in detecting classic viruses. Many available products have
>weaknesses in detecting other malicious software (Malware) like
>Trojans, Dialers, Worms and Spyware (Adware). a-squared fills the gap
>that malware writers exploit. Automatic updates: In a-squared Free the
>updater must be run manually. The auto-update feature of a-squared
>Personal checks hourly for new available updates and installs them
>automatically. a-squared Free is freeware! You can download and use it
>completely for free. You are also allowed to distribute it to third
>parties. To be able to use it, you only must set up a free a-squared
>Account, to get access to the update server. (Note you register by
>simple sign up to activate definitions downloads free).
>==========>
>
>YOUR POST QUOTED..... -------------->
>
>''QUOTE""
>thang View profileI don't know how I picked this up, but nothing I
>run will detect it, let alone get rid of the popup. It appears
>harmless but is a definite infection. HiJack this doesn't pick it up,
>nor Zone Alarm Security Suite 2007, nor Ad Aware, nor EMCO or Spyware
>Remover nor Pareto Logic. Any ideas on what it is, where it is, how it
>works, how to detect it or how to remove it? It pops up every time I
>open a browser (IE7). The first popup is "url.cpvfeed.com" and then
>this changes to "login.revenueloop.com" and then a few other popups
>come up such as "searchportal.information.com". It is really bugging
>me. Any help appreciated. thang
> More options Apr 4, 5:26 pm
>
>Newsgroups: alt.privacy.spyware
>From: thang <thang>
>Date: Thu, 05 Apr 2007 05:26:45 +0800
>Local: Wed, Apr 4 2007 5:26 pm
>Subject: url.cpvfeed.com popup redirector to revenueloop
>Note: The author of this message requested that it not be archived.
>This message will be removed from Groups in 6 days (Apr 11, 5:26 pm).
>""UNQUOTE""
>
I appreciate your help mate. It can't be a tracking cookie because I
run Steganos IE Cleaner which takes out all cookies in Docs folders,
and everything else. Unless the cookie is stored somewhere else.
HiJack this does not pick up any BHOs, so I don't think it is a BHO. I
am at work now, I will dl the freeware you suggested when I get home
and report on it. CA is right though, it is a March 2007 infection.
It is something I have never come across before and I generally run a
watertight rig.

thang