Re: url.cpvfeed.com popup redirector to revenueloop

[David H. Lipman]

From: "Paul Pirosca" <piroman@gmail.com>


|
| hi
|
| i've got the same problem and i removed the files with windows sp2
| boot cd into recovery mode, i still got the 2 files if any1 needs them

Cool...
Send them to me in a password protected ZIP file with the password being; infected

Just remove ~nospam~ from; DLipman~nospam~@Verizon.Net

I will make sure that they are distributed to all the anti malware companies and they will
be
thoroughly examined as well.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Paul Pirosca]

On Apr 8, 3:42 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "Paul Pirosca" <piro...@gmail.com>
>
> |
> | hi
> |
> | i've got the same problem and i removed the files withwindowssp2
> | boot cd into recovery mode, i still got the 2 files if any1 needs them
>
> Cool...
> Send them to me in a password protected ZIP file with the password being; infected
>
> Just remove ~nospam~ from; DLipman~nosp...@Verizon.Net
>
> I will make sure that they are distributed to all the anti malware companies and they will
> be
> thoroughly examined as well.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

cant send it yahoo says unknown email address and qmail is returning
the message

[David H. Lipman]

From: "Paul Pirosca" <piroman@gmail.com>


|
| cant send it yahoo says unknown email address and qmail is returning
| the message

The email address is good, the view from Google is *******ised.

DLipman<at>Verizon.Net Replace <at> with; @


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[ashwin.aggarwal@gmail.com]

On Apr 7, 2:41 am, thang <thang> wrote:
> On Fri, 06 Apr 2007 11:33:50 +0200, FredW <f...@ninmule.invalid>
> wrote:
>
>
>
>
>
> >After serious thinking thang wrote :
> >> On Thu, 05 Apr 2007 13:29:09 +0200, FredW <f...@ninmule.invalid>
> >>> thang used her/his keyboard to write :
> >>>> On 4 Apr 2007 1817 -0700, "Gerald309" <gerald...@gmail.com> wrote:
>
> >>>>> SUPERAntiSpyware [working-freeware, and premium version]
> >>>>>http://www.superantispyare.com
>
> >>>>> a-squared trojan remover (Free Working Version for life and Proactive
> >>>>> Premium Version)
> >>>>>http://www.emsisoft.com/en/software/free/
> >>>>> a-squared (a-squared) is a complementary product to antivirus software
> >>>>> parties. To be able to use it, you only must set up a free a-squared
> >>>>> Account, to get access to the update server. (Note you register by
> >>>>> simple sign up to activate definitions downloads free).
>
> >>>> By the way, the first link to Antispyware.com is bad. Bewildering
> >>>> array of spam, search engines and software companies all uninvited and
> >>>> unsatisfying. The second one appears good, though - I'll try it in a
> >>>> minute (30 day trial).
>
> >>> Typo?
> >>>http://www.superantispyware.com/download.html
> >>> (SuperAntiSpyware Free Edition - version 3.6.1000)
>
> >>> For the second one registration is not (no longer) required.
> >>> (a-squared Free 2.1)
> >>>http://www.emsisoft.com/en/software/download/
>
> >> Sorry bud, I have run the a-squared 30 day trial fully enabled
> >> anti-malware. It has not picked up the url.cpvfeed.com infection,
> >> this is NOT coming from my temp, cookies or IE history caches, and the
> >> a-squared has left a HUGE 4.2GB folder called a2archive in my temp
> >> folder. What the hell is that? Thanks, but no thanks. I don't think
> >> I will try the free one.
>
> >Weekly I update and scan with
> >- a-squared Free 2.1
> >- AdAware 1.06r1 (Free)
> >- Spybot Search & Destroy 1.4 (Free)
> >- SuperAntiSpyware 3.6.1000 Free
> >I never had the problems you describe (huge folder).
>
> >Did you clean all temp files, etc. before scanning?
> >Did you scan in Safe Mode?
>
> >Did you scan with SuperAntiSpyware?
>
> >Did you Google on "cpvfeed"?
> >I just found some 38.000 hits, maybe you can find a solution there?
>
> Fixed it. Nothing found it bar Kasperskly Online Scanner, it was the
> ONLY ONE!!! It only identified two of the files though, and didn't
> pick up the service in registry. Also, it treated the files as locked
> and didn't implement a boottime delete. I did that myself using
> GiPo@Utilities. It is now gone.The malware came from a torrent
> screensaver I DL'd, it is a particularly nasty infection - the exe
> installstwo files core.sys and core.cache.dsk in \system32\drivers\
> and registers itself as a service
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\core
> deleted the lot on boot and presto, free of this ****ing infection.
>
> I must point out that the only suite to identify these files and the
> service was Kaspersky Online. Nothing else did, including my
> Zonealarm by which I normally swear. None of the forums were anywhere
> near the mark either, so much for the geeks and techo's who think they
> know it all. I found the solution in a piratebay comment forum on the
> particular torrent which has caused all of the problems. I will be
> very careful in the future.
>
> By the way, the simple expedient of setting the url to 127.0.0.1 in
> hosts stops it from promulgating, but it doesn't stop the popup.
>
> Hope this helps someone else, because no one here could help me, thats
> for sure, even though in a condescending way a few people thought they
> could help.
>
> thang- Hide quoted text -
>
> - Show quoted text -

Thang,

I seem to be having the exact same problem. I have tried the same
fix, but I am having trouble locating either one of the two files that
you mentioned. ie. core.sys and core.cache.dsk. Please provide
assistance if you can.

[David H. Lipman]

From: <thang>


|
| I was. Not binary, now I see. I thought it was my reader.
|
| thang

A News Group you can use for attachments is; alt.binaries.comp.virus
Just reference what you posted in the text News Group and of course malware should be
password protected.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[jason.oswald@gmail.com]

On Apr 8, 1:42 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "Paul Pirosca" <piro...@gmail.com>
>
> |
> | hi
> |
> | i've got the same problem and i removed the files with windows sp2
> | boot cd into recovery mode, i still got the 2 files if any1 needs them
>
> Cool...
> Send them to me in a password protected ZIP file with the password being; infected
>
> Just remove ~nospam~ from; DLipman~nosp...@Verizon.Net
>
> I will make sure that they are distributed to all the anti malware companies and they will
> be
> thoroughly examined as well.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

What a Nasty ! infection.

Been looking for a solution for ages. Thanks!!!