1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Juno and drivecleaner popups

Discussion in 'Security and Privacy' started by cghost, 2007/08/22.

  1. 2007/08/22
    cghost

    cghost Inactive Thread Starter

    Joined:
    2004/06/26
    Messages:
    16
    Likes Received:
    0
    Just curious,

    Any Juno users having recurring trouble with drivecleaner popups?
     
  2. 2007/08/22
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11

  3. to hide this advert.

  4. 2007/08/22
    cghost

    cghost Inactive Thread Starter

    Joined:
    2004/06/26
    Messages:
    16
    Likes Received:
    0
    It's not installed.

    I'm just wondering if other folks are having trouble with popups for it when logging onto Juno.
     
  5. 2007/08/23
    cghost

    cghost Inactive Thread Starter

    Joined:
    2004/06/26
    Messages:
    16
    Likes Received:
    0
    And also errorsafe popups

    Well, today it was errorsafe popups - on a different computer.
    I'm having trouble believing Juno would allow that to happen, but I don't know what other conclusions to make.
     
  6. 2007/08/23
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11
    ErrorSafe is also considered a security risk.
    Have you verified your computer is clean?

    I suggest you carefully follow the instructions in Post #2 and Post #3 of this link to help verify the culprit is not lurking in your computer.

    I would also scan your computer with several other reputable anti-spyware and anti-virus applications (after installing the applications and then downloading all definitions updates). There are several listed in the "Trustworthy Anti-Spyware Products" section of Spyware Warrior's "List of Rogue/Suspect Anti-Spyware Products & Web Sites" page. (Be sure you do not download any rogue/suspect applications that are listed above the "Trustworthy Anti-Spyware Products" section.):)

    I would scan with several anti-spyware and anti-virus scanners because probably NO single anti-malware application is capable of detecting all malware.

    Please keep in mind you should have only one anti-spyware application resident in memory (as a "guard" performing real-time monitoring/protection) at any one time because running two or more memory-resident anti-spyware applications at the same time may result in the applications "fighting" each other for control of detected malware (and potentially decrease your computer's defenses). Likewise for anti-virus applications. Use your additional anti-spyware and anti-virus applications as "on-demand scanners" only.


    After taking these steps to help confirm the culprit is not in your computer, then I would have more reason to suspect Juno's web server and/or Juno's web browser is serving the undesirable ads/pop-ups in your browser window.

    If you decide to contact Juno about the undesirable pop-ups, then I suggest you give them details about what you have already done to confirm you do not have malware in your computer. (It would also be a bonus if you could provide them with screen-shots of your browser window too.) Your detailed information should help convince Juno they need to investigate their web server and/or web browser configuration and fix the problem. ;)

    Good luck!
     
    Last edited: 2007/08/23
  7. 2007/08/23
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    This could be a situation where Juno has let in an affiliate for Drive Cleaner or one of its sisters such as you mentioned, I would contact Juno and tell them about it.

    For a reference you can send them the following links, all reference this situation I have described above:
    http://feeds.feedburner.com/~r/SpywareSucks/~3/146759963/1129296.aspx
    http://feeds.feedburner.com/~r/SpywareSucks/~3/146924110/1130831.aspx
    http://feeds.feedburner.com/~r/SpywareSucks/~3/147185491/1132271.aspx

    http://msmvps.com/blogs/hostsnews/a...eclick-cuts-ties-with-the-winfixer-group.aspx
    http://msmvps.com/blogs/spywaresucks/archive/2007/03/26/711000.aspx
    http://msmvps.com/blogs/spywaresucks/archive/2007/03/27/715954.aspx

    So you may want to email Juno support with those links.
     
  8. 2007/08/23
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11
    Thanks, Tom! :)


    cghost,

    Since you have identified yourself as a "beginner" and the forum software does not normally display the complete addresses that TeMerc linked, I have displayed the complete addresses below for easy copying and pasting into an email messsage to Juno support. :)

    ==========
    http://feeds.feedburner.com/~r/SpywareSucks/~3/146759963/1129296.aspx
    http://feeds.feedburner.com/~r/SpywareSucks/~3/146924110/1130831.aspx
    http://feeds.feedburner.com/~r/SpywareSucks/~3/147185491/1132271.aspx

    http://msmvps.com/blogs/hostsnews/archive/2007/05/25/valueclick-cuts-ties-with-the-winfixer-group.aspx
    http://msmvps.com/blogs/spywaresucks/archive/2007/03/26/711000.aspx
    http://msmvps.com/blogs/spywaresucks/archive/2007/03/27/715954.aspx
    ==========


    (The following instructions are written for a right-handed mouse user.)

    How to Copy Information to Your "Clipboard ":
    1. Place your mouse cursor at the beginning of the addresses I have displayed above.
    2. Hold down your left mouse button while you "drag" your mouse cursor over all the addresses until they are all completely highlighted.
    3. Release your left mouse button.
    4. Move your mouse cursor somewhere over the highlighted text
    5. Then click your right mouse button and select (left-click) "Copy ".
      (This will place the highlighted text into your "clipboard ".)

    How to Paste Clipboard Information Into an Email Message:
    1. Open your email program and prepare to type a message.
    2. Place the text entry cursor at the location where you want to paste your clipboard text.
    3. Click your right mouse button and select "Paste ".
      (Alternatively, you can hold down your Ctrl key and then press your V key.)
      (Another possible alternative is to click on "Edit" near the top of your email window and select "Paste ".)

    I suggest you also include details from the other posts above in your e-mail message to Juno support.

    ==========
    Symantec Information About DriveCleaner:
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99

    Symantec Information About ErrorSafe:
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-012017-0346-99

    ==========

    Please let us know about any response you may get from Juno support.
     
    Last edited: 2007/08/23
  9. 2007/08/23
    cghost

    cghost Inactive Thread Starter

    Joined:
    2004/06/26
    Messages:
    16
    Likes Received:
    0
    Adding insult to injury, Spysweeper did not detect the errorsafe cookie deposited on my system. I'm thinking that irritates me even more that the popups on Juno in the first place!

    I'll see if I continue to have issues next week, if I do I will probably contact Juno about it then.
     
  10. 2007/08/23
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11
    One cannot expect any single anti-spyware application to detect everything. I'd suggest using at least one other anti-spyware app as an on-demand scanner at least once a week.

    Two apps I use that are handy are Grisoft's AVG Anti-Spyware (formerly "ewido ") and SUPERAntiSpyware. AVG Anti-Spyware often catches a PayPal tracking cookie on my computer that another app (Spy Sweeper?) misses. Both of these apps can be found via the link I provided earlier.

    OK. If you do contact Juno with details about this, you might be helping to prevent unsuspecting people from downloading the rogue applications, spending money needlessly, and most of all giving up credit card information to unscrupulous people.:eek:

    You'd be a good netizen. :)
     
  11. 2007/08/24
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
  12. 2007/08/24
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11
    Thanks for those additional links, Tom.

    Glad I uninstalled my Shockwave Flash Player a couple months ago. It's NOT going to be installed for a long time either. :)


    From your first link in your post above (http://msmvps.com/blogs/spywaresucks/archive/2007/08/24/1134527.aspx):
    So do you think cghost would have better luck giving details to Sandi, Mike of www.mikeonads.com, and/or Mike Burgess instead of Juno?

    (If I was in cghost's shoes, I would at least contact Juno support with a CC of my email message to one of those experts anyway.)


    cghost, for your copy/paste convenience, here are the URLs for the last two links TeMerc provided. ;)

    ==========
    http://feeds.feedburner.com/~r/SpywareSucks/~3/147593228/1134527.aspx
    http://feeds.feedburner.com/~r/SpywareSucks/~3/147599316/1134561.aspx
    ==========
     
  13. 2007/08/24
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Passing the info over to Sandi wold be a good idea, but not sure how she'll be able to investigate.

    The big problem I see with this is that I'm guessing one would need a Juno ISP account and I don't know if she has a way to circumvent this or not.

    But you can submit it tho and see what happens.
     
  14. 2007/08/25
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi All
    My sister uses Juno.

    I'll contact her and ask if she has see these pop-ups.

    Geri
     
  15. 2007/08/27
    cghost

    cghost Inactive Thread Starter

    Joined:
    2004/06/26
    Messages:
    16
    Likes Received:
    0
    My understanding of web pages and their construction and flash and all of that is non existent.

    Comments about timed "attacks" fit my situation perfectly.

    Computer which got errorsafe has no macromedia folders.

    I don't know exactly what I have just done here, but:
    System attacked by drive cleaner has macromedia folders.
    Set up icons on desktop for two macromedia folder locations. Set up icon for atf cleaner. Get and install fiddler.
    (Know nothing about it, just set it up however it runs by default.)

    Open fiddler. Clean macromedia locations. Run ATF cleaner, clean everything.
    Open juno, go to email. Fiddle around a bit.

    BINGO!!!!!

    Here is a little bit of stuff from right before the error message popped up:

    (Does it tell anything or is it still too general?)

    Host: ad.yieldmanager.com
    Host: servedby.advertising.com
    Host: spe.atdmt.com
    Host: ad.yieldmanager.com
    Host: content.yieldmanager.edgesuite.net
    GET /bannerfarm/98157/UPC_10767a_STDY_120x60.swf?AceClick=http://servedby.advertising.com/click/site=0000716616/mnum=0000440143&siteValue=0000716616 HTTP/1.1
    Host: bannerfarm.ace.advertising.com
    GET /statsa.php?campaign=little50&u=1188225032200 HTTP/1.1
    Host: traveltray.com
    GET /statsa.php?campaign=little50&u=1188225032200 HTTP/1.1
    Host: traveltray.com
    GET /statsg.php?campaign=little50&u=1188225032200 HTTP/1.1
    Host: traveltray.com
    GET /statsg.php?campaign=little50&u=1188225032200 HTTP/1.1
    Host: traveltray.com
    GET /swf/gnida.swf?campaign=little50&u=1188225032200 HTTP/1.1
    Host: traveltray.com
    GET /statss.php?campaign=little50&u=1188225032200 HTTP/1.1
    Host: traveltray.com
    GET /pages/scanner/index.php?aid=little50&lid=intl&ax=1&ex=1&ed=2 HTTP/1.1
    Host:www errorsafe com (edited)
    GET /ad/ck/53521?mpt=[CACHEBUSTER]&aid=little50_rdt&lid=intl HTTP/1.1
    Host: adfarm.mediaplex.com
    GET /.freeware/?p=44&ax=0&ex=1&ed=2&mpt=[CACHEBUSTER]&aid=little50_rdt&lid=intl HTTP/1.1
    Host:www drivecleaner com (edited)
    GET /.freeware/?p=44&ax=0&ex=1&ed=2&mpt=[CACHEBUSTER]&aid=little50_rdt&lid=intl&z=-5 HTTP/1.1
    Host: www drivecleaner com (edited)

    I guess I need some education on how to use this tool and how to get information out of it knowing I am not revealing private stuff Sandi was talking about like passwords, net work addresses and so on.
     
  16. 2007/08/27
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11
    Wow! You're brave! :eek:

    I like the way you think though. ;) I might DL Fiddler myself just to see what it does.

    Good luck!


    BTW, when you want to avoid many of the nasty sites (perhaps after resolving this issue), you might want to place the MVPS HOSTS file in the appropriate folder of your computer. ;)

    If you do this, I suggest you first rename your current HOSTS (no file extension) file to HOSTS.OLD (and even copy your current HOSTS to another folder for back-up). Then you can swap HOSTS files at will depending on when you want to use Fiddler to capture HTTP packet data.

    If you want to see what the HOSTS file contains, you can open it via Notepad.
     
    Last edited: 2007/08/27
  17. 2007/08/30
    cghost

    cghost Inactive Thread Starter

    Joined:
    2004/06/26
    Messages:
    16
    Likes Received:
    0
    Up to 9 consecutive M-F days where I have had the popups.

    I don't remember this from before:
    I am now getting a blocked attempt to install add-on
    installdrivecleanerstart.cab

    New host lines related to dynamique.drivecleaner.com show up for the last couple of days, so I may have had this "opportunity" yesterday too and just don't remember it.

    Programs are very determined to control my computer. If I sit in email and follow Sandi's cleaning steps, popup comes back on next email access!

    The time breaks are exactly like she said too. Yesterday problem was occuring regularly, then the clock went across an hour change and the machine behaved perfectly the rest of the day. (Same today and "open to drivecleaner" time bracket has either shifted its from and to time block or become much narrower because the hour break I am not getting messages now was well within a time frame when I got them last week.)

    Have emailed Juno support.

    (Also, changing to Firefox does not (only 2 test accesses on 1 day) prevent the popup from occuring.)
     
    Last edited: 2007/08/30
  18. 2007/08/30
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11
    Thanks for following up, cghost. :) I'm curious about what Juno support might say.

    I investigated the availability of Fiddler via Google and found links to fiddlertool.com and fiddlertool.com appears (at least on the surface) to be a legitimate site. (McAfee's SiteAdvisor rates the site as "Green ". The pages are "©2007 Microsoft Corporation" although no "Privacy Policy" link is visible on the pages.:() :confused:

    fiddlertool.com: Fiddler HTTP Debugger -
    • A free web debugging tool
    • Install Fiddler for free
      Fiddler 2.x requires .NET Framework v2.0 or later
      Fiddler 1.3 requires .NET Framework v1.1 (4322) or later
    • Version history and changelog
    • Help & How-To (Fiddler Demonstration Videos)

    I also went back to Sandi's blog entry that TeMerc linked and found the following comments.
    I do not know whether FiddlerCap requires .NET Framework 2.0 or above or not. (I suspect it does since it's available from fiddler2.com.)

    Fiddler2.com also checks out "Green" according to SiteAdvisor and the same "©2007 Microsoft Corporation" notices are on the fiddler2.com pages I visited.

    I performed Whois queries on both fiddlertool.com and fiddler2.com and both are are apparently registered through GoDaddy.com to Eric Law (different snail mail addresses but the same e-mail contact address, phone number, and DNS URLs).

    As far as I have seen, these applications appear to be safe to install (although the question whether FiddlerCap can be side-by-side with Fiddler remains open at present.) :)


    cghost, thanks again for pursuing this issue and for piquing my curosity about Fiddler. ;)
     
  19. 2007/09/17
    cghost

    cghost Inactive Thread Starter

    Joined:
    2004/06/26
    Messages:
    16
    Likes Received:
    0
    Reply last week:
    ------------------------------------------
    Dear Juno Member,

    Thanks for taking the time to write to Juno email support.

    Please note that the issue with Drive Cleaner popup should now be resolved. While Juno is NOT associated with the Drive Cleaner program, the browser popup's that appeared on your computer may have been spawned by a third-party advertisement displayed on Juno Email On the Web.

    If you are continuing to see the Drive Cleaner popup's, please reply to this message and either I or another support agent will provide further assistance in resolving this issue.

    Thanks for using Juno!
    --------------------------------------------

    And popups have in fact been gone for at least a week prior to receipt of the email.
     
  20. 2007/09/19
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11
    Hi, cghost. :)

    Thanks for posting the message you got from Juno support and the details you observed. Looks like you may have been very helpful to Juno for getting the undesirable pop-up ads removed. :)

    Thanks again for your efforts!
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.