Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices
Security and Privacy Post any general questions related to security and privacy here.


Register your FREE account to unlock additional features at WindowsBBS.com
   
 
 
LinkBack Thread Tools
Old 22nd August 2007   #1
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2004
Posts: 16
Computer Experience:
beginner
cghost Reputation Level

Juno and drivecleaner popups


Just curious,

Any Juno users having recurring trouble with drivecleaner popups?

cghost is offline  

 

Register
to remove this ad.
 
 

Old 22nd August 2007   #2
SuperGeek
Lifetime Subscription
 
mailman's Avatar
 
Profile:
Join Date: Jan 2004
Posts: 1,897
Computer Experience:
Intermediate Tinkering
mailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Level

Hi, cghost.

DriveCleaner is considered a security risk.
If one has DriveCleaner 2006 installed, then one should click the following link.

mailman is offline  

Did you find this post helpful? Yes | No
Old 22nd August 2007   #3
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2004
Posts: 16
Computer Experience:
beginner
cghost Reputation Level

It's not installed.

I'm just wondering if other folks are having trouble with popups for it when logging onto Juno.

cghost is offline  

Did you find this post helpful? Yes | No
Old 23rd August 2007   #4
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2004
Posts: 16
Computer Experience:
beginner
cghost Reputation Level

And also errorsafe popups


Well, today it was errorsafe popups - on a different computer.
I'm having trouble believing Juno would allow that to happen, but I don't know what other conclusions to make.

cghost is offline  

Did you find this post helpful? Yes | No
Old 23rd August 2007   #5
SuperGeek
Lifetime Subscription
 
mailman's Avatar
 
Profile:
Join Date: Jan 2004
Posts: 1,897
Computer Experience:
Intermediate Tinkering
mailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Level

ErrorSafe is also considered a security risk.Have you verified your computer is clean?

I suggest you carefully follow the instructions in Post #2 and Post #3 of this link to help verify the culprit is not lurking in your computer.

I would also scan your computer with several other reputable anti-spyware and anti-virus applications (after installing the applications and then downloading all definitions updates). There are several listed in the "Trustworthy Anti-Spyware Products" section of Spyware Warrior's "List of Rogue/Suspect Anti-Spyware Products & Web Sites" page. (Be sure you do not download any rogue/suspect applications that are listed above the "Trustworthy Anti-Spyware Products" section.)

I would scan with several anti-spyware and anti-virus scanners because probably NO single anti-malware application is capable of detecting all malware.

Please keep in mind you should have only one anti-spyware application resident in memory (as a "guard" performing real-time monitoring/protection) at any one time because running two or more memory-resident anti-spyware applications at the same time may result in the applications "fighting" each other for control of detected malware (and potentially decrease your computer's defenses). Likewise for anti-virus applications. Use your additional anti-spyware and anti-virus applications as "on-demand scanners" only.


After taking these steps to help confirm the culprit is not in your computer, then I would have more reason to suspect Juno's web server and/or Juno's web browser is serving the undesirable ads/pop-ups in your browser window.

If you decide to contact Juno about the undesirable pop-ups, then I suggest you give them details about what you have already done to confirm you do not have malware in your computer. (It would also be a bonus if you could provide them with screen-shots of your browser window too.) Your detailed information should help convince Juno they need to investigate their web server and/or web browser configuration and fix the problem.

Good luck!


Last edited by mailman; 23rd August 2007 at 15:34. Reason: Fixed typos and clarified.
mailman is offline  

Did you find this post helpful? Yes | No
Old 23rd August 2007   #6
Alumni
 
TeMerc's Avatar
 
Profile:
Join Date: May 2006
Location: PHX. AZ
Posts: 3,226
Computer Experience:
Intermediate
TeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation Level

This could be a situation where Juno has let in an affiliate for Drive Cleaner or one of its sisters such as you mentioned, I would contact Juno and tell them about it.

For a reference you can send them the following links, all reference this situation I have described above:
http://feeds.feedburner.com/~r/Spywa...3/1129296.aspx
http://feeds.feedburner.com/~r/Spywa...0/1130831.aspx
http://feeds.feedburner.com/~r/Spywa...1/1132271.aspx

http://msmvps.com/blogs/hostsnews/ar...xer-group.aspx
http://msmvps.com/blogs/spywaresucks...26/711000.aspx
http://msmvps.com/blogs/spywaresucks...27/715954.aspx

So you may want to email Juno support with those links.

TeMerc is offline  

Did you find this post helpful? Yes | No
Old 23rd August 2007   #7
SuperGeek
Lifetime Subscription
 
mailman's Avatar
 
Profile:
Join Date: Jan 2004
Posts: 1,897
Computer Experience:
Intermediate Tinkering
mailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Level

Thanks, Tom!


cghost,

Since you have identified yourself as a "beginner" and the forum software does not normally display the complete addresses that TeMerc linked, I have displayed the complete addresses below for easy copying and pasting into an email messsage to Juno support.

==========
http://feeds.feedburner.com/~r/SpywareSucks/~3/146759963/1129296.aspx
http://feeds.feedburner.com/~r/SpywareSucks/~3/146924110/1130831.aspx
http://feeds.feedburner.com/~r/SpywareSucks/~3/147185491/1132271.aspx

http://msmvps.com/blogs/hostsnews/archive/2007/05/25/valueclick-cuts-ties-with-the-winfixer-group.aspx
http://msmvps.com/blogs/spywaresucks/archive/2007/03/26/711000.aspx
http://msmvps.com/blogs/spywaresucks/archive/2007/03/27/715954.aspx
==========


(The following instructions are written for a right-handed mouse user.)

How to Copy Information to Your "Clipboard":
  1. Place your mouse cursor at the beginning of the addresses I have displayed above.
  2. Hold down your left mouse button while you "drag" your mouse cursor over all the addresses until they are all completely highlighted.
  3. Release your left mouse button.
  4. Move your mouse cursor somewhere over the highlighted text
  5. Then click your right mouse button and select (left-click) "Copy".
    (This will place the highlighted text into your "clipboard".)

How to Paste Clipboard Information Into an Email Message:
  1. Open your email program and prepare to type a message.
  2. Place the text entry cursor at the location where you want to paste your clipboard text.
  3. Click your right mouse button and select "Paste".
    (Alternatively, you can hold down your Ctrl key and then press your V key.)
    (Another possible alternative is to click on "Edit" near the top of your email window and select "Paste".)

I suggest you also include details from the other posts above in your e-mail message to Juno support.

==========
Symantec Information About DriveCleaner:
http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99

Symantec Information About ErrorSafe:
http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99

==========

Please let us know about any response you may get from Juno support.


Last edited by mailman; 23rd August 2007 at 16:37.
mailman is offline  

Did you find this post helpful? Yes | No
Old 24th August 2007   #8
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2004
Posts: 16
Computer Experience:
beginner
cghost Reputation Level

Adding insult to injury, Spysweeper did not detect the errorsafe cookie deposited on my system. I'm thinking that irritates me even more that the popups on Juno in the first place!

I'll see if I continue to have issues next week, if I do I will probably contact Juno about it then.

cghost is offline  

Did you find this post helpful? Yes | No
Old 24th August 2007   #9
SuperGeek
Lifetime Subscription
 
mailman's Avatar
 
Profile:
Join Date: Jan 2004
Posts: 1,897
Computer Experience:
Intermediate Tinkering
mailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Level

Originally Posted by cghost
Spysweeper did not detect the errorsafe cookie deposited on my system.
One cannot expect any single anti-spyware application to detect everything. I'd suggest using at least one other anti-spyware app as an on-demand scanner at least once a week.

Two apps I use that are handy are Grisoft's AVG Anti-Spyware (formerly "ewido") and SUPERAntiSpyware. AVG Anti-Spyware often catches a PayPal tracking cookie on my computer that another app (Spy Sweeper?) misses. Both of these apps can be found via the link I provided earlier.

Originally Posted by cghost
I'll see if I continue to have issues next week, if I do I will probably contact Juno about it then.
OK. If you do contact Juno with details about this, you might be helping to prevent unsuspecting people from downloading the rogue applications, spending money needlessly, and most of all giving up credit card information to unscrupulous people.

You'd be a good netizen.

mailman is offline  

Did you find this post helpful? Yes | No
Old 24th August 2007   #10
Alumni
 
TeMerc's Avatar
 
Profile:
Join Date: May 2006
Location: PHX. AZ
Posts: 3,226
Computer Experience:
Intermediate
TeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation Level

More info from Sandi here and here

TeMerc is offline  

Did you find this post helpful? Yes | No
Old 24th August 2007   #11
SuperGeek
Lifetime Subscription
 
mailman's Avatar
 
Profile:
Join Date: Jan 2004
Posts: 1,897
Computer Experience:
Intermediate Tinkering
mailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Level

Thanks for those additional links, Tom.

Glad I uninstalled my Shockwave Flash Player a couple months ago. It's NOT going to be installed for a long time either.


From your first link in your post above (http://msmvps.com/blogs/spywaresucks/archive/2007/08/24/1134527.aspx):
Quote:
I am sure you can understand what sort of problems the trickery I describe can cause. Far too often I have people write to me after getting the brush-off from whatever web site's technical support - invariably the reaction of the technical staff has been "we are unable to reproduce the problem, therefore it is not us - your computer is infected".

Without proof such as an Ethereal (aka Wireshark) or Microsoft Network Monitor capture, or Fiddler data, it can be very difficult for a website to put pressure on it's advertising network (assuming you can get the site to believe that the problem is coming from the ads on their site in the first place), but at the same time, such programmes (except for Fiddler) can expose extremely sensitive information such as email user names and passwords (if you have an email programme running), and other sensitive information. Even Fiddler exposes what can be considered to be sensitive information - server names if you're on a network for example, and your geograpical location and the like, so even Fiddler is not something that I would recommend to the untrained home user. Far better, I think, to refer incidents to people such as myself, or Mike of www.mikeonads.com or Mike Burgess of MVP Hosts file fame so that we can gather the needed data and try to get malicious advertisements shut down.
So do you think cghost would have better luck giving details to Sandi, Mike of www.mikeonads.com, and/or Mike Burgess instead of Juno?

(If I was in cghost's shoes, I would at least contact Juno support with a CC of my email message to one of those experts anyway.)


cghost, for your copy/paste convenience, here are the URLs for the last two links TeMerc provided.

==========
http://feeds.feedburner.com/~r/SpywareSucks/~3/147593228/1134527.aspx
http://feeds.feedburner.com/~r/SpywareSucks/~3/147599316/1134561.aspx
==========

mailman is offline  

Did you find this post helpful? Yes | No
Old 24th August 2007   #12
Alumni
 
TeMerc's Avatar
 
Profile:
Join Date: May 2006
Location: PHX. AZ
Posts: 3,226
Computer Experience:
Intermediate
TeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation LevelTeMerc Reputation Level

Passing the info over to Sandi wold be a good idea, but not sure how she'll be able to investigate.

The big problem I see with this is that I'm guessing one would need a Juno ISP account and I don't know if she has a way to circumvent this or not.

But you can submit it tho and see what happens.

TeMerc is offline  

Did you find this post helpful? Yes | No
Old 25th August 2007   #13
Alumni
Lifetime Subscription
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,580
Computer Experience:
Often it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System
Hi All
My sister uses Juno.

I'll contact her and ask if she has see these pop-ups.

Geri

Geri is offline  

Did you find this post helpful? Yes | No
Old 27th August 2007   #14
Inactive
THREAD STARTER
 
Profile:
Join Date: Jun 2004
Posts: 16
Computer Experience:
beginner
cghost Reputation Level

My understanding of web pages and their construction and flash and all of that is non existent.

Comments about timed "attacks" fit my situation perfectly.

Computer which got errorsafe has no macromedia folders.

I don't know exactly what I have just done here, but:
System attacked by drive cleaner has macromedia folders.
Set up icons on desktop for two macromedia folder locations. Set up icon for atf cleaner. Get and install fiddler.
(Know nothing about it, just set it up however it runs by default.)

Open fiddler. Clean macromedia locations. Run ATF cleaner, clean everything.
Open juno, go to email. Fiddle around a bit.

BINGO!!!!!

Here is a little bit of stuff from right before the error message popped up:

(Does it tell anything or is it still too general?)

Host: ad.yieldmanager.com
Host: servedby.advertising.com
Host: spe.atdmt.com
Host: ad.yieldmanager.com
Host: content.yieldmanager.edgesuite.net
GET /bannerfarm/98157/UPC_10767a_STDY_120x60.swf?AceClick=http://servedby.advertising.com/click/site=0000716616/mnum=0000440143&siteValue=0000716616 HTTP/1.1
Host: bannerfarm.ace.advertising.com
GET /statsa.php?campaign=little50&u=1188225032200 HTTP/1.1
Host: traveltray.com
GET /statsa.php?campaign=little50&u=1188225032200 HTTP/1.1
Host: traveltray.com
GET /statsg.php?campaign=little50&u=1188225032200 HTTP/1.1
Host: traveltray.com
GET /statsg.php?campaign=little50&u=1188225032200 HTTP/1.1
Host: traveltray.com
GET /swf/gnida.swf?campaign=little50&u=1188225032200 HTTP/1.1
Host: traveltray.com
GET /statss.php?campaign=little50&u=1188225032200 HTTP/1.1
Host: traveltray.com
GET /pages/scanner/index.php?aid=little50&lid=intl&ax=1&ex=1&ed=2 HTTP/1.1
Host:www errorsafe com (edited)
GET /ad/ck/53521?mpt=[CACHEBUSTER]&aid=little50_rdt&lid=intl HTTP/1.1
Host: adfarm.mediaplex.com
GET /.freeware/?p=44&ax=0&ex=1&ed=2&mpt=[CACHEBUSTER]&aid=little50_rdt&lid=intl HTTP/1.1
Host:www drivecleaner com (edited)
GET /.freeware/?p=44&ax=0&ex=1&ed=2&mpt=[CACHEBUSTER]&aid=little50_rdt&lid=intl&z=-5 HTTP/1.1
Host: www drivecleaner com (edited)

I guess I need some education on how to use this tool and how to get information out of it knowing I am not revealing private stuff Sandi was talking about like passwords, net work addresses and so on.

cghost is offline  

Did you find this post helpful? Yes | No
Old 27th August 2007   #15
SuperGeek
Lifetime Subscription
 
mailman's Avatar
 
Profile:
Join Date: Jan 2004
Posts: 1,897
Computer Experience:
Intermediate Tinkering
mailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Levelmailman Reputation Level

Originally Posted by cghost
I don't know exactly what I have just done here, but:
System attacked by drive cleaner has macromedia folders.
Set up icons on desktop for two macromedia folder locations. Set up icon for atf cleaner. Get and install fiddler.
(Know nothing about it, just set it up however it runs by default.)
Wow! You're brave!

I like the way you think though. I might DL Fiddler myself just to see what it does.

Good luck!


BTW, when you want to avoid many of the nasty sites (perhaps after resolving this issue), you might want to place the MVPS HOSTS file in the appropriate folder of your computer.

If you do this, I suggest you first rename your current HOSTS (no file extension) file to HOSTS.OLD (and even copy your current HOSTS to another folder for back-up). Then you can swap HOSTS files at will depending on when you want to use Fiddler to capture HTTP packet data.

If you want to see what the HOSTS file contains, you can open it via Notepad.


Last edited by mailman; 27th August 2007 at 15:57.
mailman is offline  

Did you find this post helpful? Yes | No


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 08:34.


Recent Discussions
External Monitor highjacking (2)
Relocating Folders from new SSD to .. (4)
My Passport Back Up and Remove data (1)
Win7 Enterprise will not start (6)
User Profile won't open and Explore.. (1)
Laptop screen brightness (3)
Router config problem (6)
No Signal to Monitor (5)
Excel Macro help (0)
Blue/Black screen on crash. (2)
FTP Security Issue (3)
graphics card error 0x800703EE (6)
Blue Screen Of Death (18)
The 'other' Windows blue screen (wi.. (2)
Cannot access server files after re.. (3)
BSoD (35)
What is giveio.sys and how to get r.. (20)
Google Chrome !Aw SNAP! etc. (2)
'Open with' doesn't work (4)
I'm the only Administrator and can'.. (5)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 0.21733 seconds with 7 queries