url.cpvfeed.com popup redirector to revenueloop

I don't know how I picked this up, but nothing I run will detect it,
let alone get rid of the popup. It appears harmless but is a definite
infection. HiJack this doesn't pick it up, nor Zone Alarm Security
Suite 2007, nor Ad Aware, nor EMCO or Spyware Remover nor Pareto
Logic.

Any ideas on what it is, where it is, how it works, how to detect it
or how to remove it?

It pops up every time I open a browser (IE7). The first popup is
"url.cpvfeed.com" and then this changes to "login.revenueloop.com" and
then a few other popups come up such as
"searchportal.information.com". It is really bugging me.

Any help appreciated.

thang

I have even set this URL to 127.0.0.1 in my hosts file but that
doesn't work. It should work.

thang

From: <thang>

| I don't know how I picked this up, but nothing I run will detect it,
| let alone get rid of the popup. It appears harmless but is a definite
| infection. HiJack this doesn't pick it up, nor Zone Alarm Security
| Suite 2007, nor Ad Aware, nor EMCO or Spyware Remover nor Pareto
| Logic.
|
| Any ideas on what it is, where it is, how it works, how to detect it
| or how to remove it?
|
| It pops up every time I open a browser (IE7). The first popup is
| "url.cpvfeed.com" and then this changes to "login.revenueloop.com" and
| then a few other popups come up such as
| "searchportal.information.com". It is really bugging me.
|
| Any help appreciated.
|
| thang

Open a Commnad Prompt and type;

ipconfig /all


Copy and paste the results in your reply.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On Wed, 04 Apr 2007 23:16:01 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: <thang>
>
>| I don't know how I picked this up, but nothing I run will detect it,
>| let alone get rid of the popup. It appears harmless but is a definite
>| infection. HiJack this doesn't pick it up, nor Zone Alarm Security
>| Suite 2007, nor Ad Aware, nor EMCO or Spyware Remover nor Pareto
>| Logic.
>|
>| Any ideas on what it is, where it is, how it works, how to detect it
>| or how to remove it?
>|
>| It pops up every time I open a browser (IE7). The first popup is
>| "url.cpvfeed.com" and then this changes to "login.revenueloop.com" and
>| then a few other popups come up such as
>| "searchportal.information.com". It is really bugging me.
>|
>| Any help appreciated.
>|
>| thang
>
>Open a Commnad Prompt and type;
>
>ipconfig /all
>
>
>Copy and paste the results in your reply.

Sure. I don't see anything in there suspicious though. Here it is in
its entirety.


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\subministrator>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : lux
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE
Network Connecti
on
Physical Address. . . . . . . . . : 00-07-E9-3D-67-9D
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 203.50.2.71
139.130.4.4

C:\Documents and Settings\subministrator>

BTW, I'm not sure of the security implications of posting this
information, so I have changed my nick in the headers etc.

thang

From: <thang@nerdshack.com>

< snip >


|
| BTW, I'm not sure of the security implications of posting this
| information, so I have changed my nick in the headers etc.
|
| thang

I wanted to see if you had a DNSChanger Trojan infection but, nope, it isn't that.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

url.cpvfeed.com popup redirector to revenueloop....


CA Spyware Info Center:
http://www3.ca.com/securityadvisor/p...x?id=453107470

cpvfeed.com
Tracking Cookie : Any cookie that is shared among two or more web
pages for the purpose of tracking a user's surfing history.

That's incredible none of your security software picked this up. It is
a simple tracking cookie. Lavasoft Ad-Aware would definately pick this
up and most likely any associated adware installation if it is
understood you mean your browser is being redirected. If your browser
is going to another website then expected and especially if you are
not even clicking anything - then it is a "browser hijacker" or your
symptom - "redirecter" - which is exactly what a browser hijacker
does, re-directs your browser to a different website to either offer
something for sale or to a malicious content website attempting to
install malware such as a trojan or spyware and/or more adware (the
least lethal).

A browser hijacker will install an Active X item in the Windows
Registry, They are called BHO (Browser Help Object). The legitimate
ones are many by Microsoft and other known valid software you use. The
browser hijacker installation is sort of a hackware or piece of a
software in size - just a couple entries. Most of these are the
toolbars in Internet Explorer - like known ones are Google Toolbar,
Yahoo Toolbar, and so on. The bad ones many times are not even visible
in the drop down menu. They can even be a transparent radio button
install. They may be a very visible radio button if you have some full
blown porno malware install and has buttons installed in the browser
like "Show Me More 10-XXX". That takes a manual click rather than some
automated re-direct.

I would do two things. One, download - update - and run
SuperAntispyware free home version which is a very good detector,
perhaps a little better than Ad-Aware. There may be an associated
trojan doing the redirect so two - also get yourself the free A-
Squared Trojan Remover free home version as well. Register for the
updates, update it and run it. You seem to have a well known threat
present rather than some obscure or new unknown threat.

BOOKMARKS:

SUPERAntiSpyware [working-freeware, and premium version]
http://www.superantispyare.com

a-squared trojan remover (Free Working Version for life and Proactive
Premium Version)
http://www.emsisoft.com/en/software/free/
a-squared (a-squared) is a complementary product to antivirus software
and desktop firewalls on MS Windows computers. Antivirus software
specializes in detecting classic viruses. Many available products have
weaknesses in detecting other malicious software (Malware) like
Trojans, Dialers, Worms and Spyware (Adware). a-squared fills the gap
that malware writers exploit. Automatic updates: In a-squared Free the
updater must be run manually. The auto-update feature of a-squared
Personal checks hourly for new available updates and installs them
automatically. a-squared Free is freeware! You can download and use it
completely for free. You are also allowed to distribute it to third
parties. To be able to use it, you only must set up a free a-squared
Account, to get access to the update server. (Note you register by
simple sign up to activate definitions downloads free).

Thanks thang! Deleting the 'core' files and reg key fixed my system
too (I did it by booting into Safe Mode). Someone should let the
folks on all those "Submit your HiJackThis log" groups know about this
solultion. You rock!

From: <thang>


|
| Sorry, left off the attachment.
|
| thang

I HOPE you aren't trying to attach the file here becuase this is a discussion only, text,
News Group and attachments are not allowed.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm