7 Replies Latest reply: Dec 24, 2010 3:41 PM by Peacekeeper RSS

    getting lots cookies and popup ads from casalemedia,Zedo,Eyeblaster etc

    Pharmerbill

      I have all popups blocked with windows internet option and Inprivate filtering, but they still make it thru sometimes..also McAfee Security System for Dell seems "posessed" goes real slow and scan shows no threats found  unless you look at log and then there are a bunch of cookies marked as potential threats some were "repaired" but some say unrepairable..log shows 4 or 5 attempts to leave cookies by various domains : Insightexpress: yieldmanager; Atwola,Zedo;casalemedia(tried to leave cookie 8 times in the same minute& second..all removed this time);Doubleclick: and several other names all at the same minute sometimes.McAfee's "In coming events" log shows nothing occuring at those times. If you look in "quarantine ptentially unwanted log" there are zillions of entries that say cookie-with a domain name..some of these are linked to each other according to 1other software check I ran ..I've run all kinds of software to try to fix to no avail..also parotologic "pc health" IT guy took over my computer and used  2 or 3 antivirus tools (hijackthis etc) did scans of my files in a session  & found nothing (but he did maximize my performance settings cause my system was running so slowly sometimes.. Also I was was having trouble with Internet explorer not responding especially when trying to put a DVD in cdrom drive..We uninstalled Roxio creator and PowerDVD and tried a different player to no avail...In McAfee's "Quarantined potentially unwanted"it responded REALLY SLOWLY ..SAID NOT RESPONDING for a long while & when I pushed "select all"button and to try to transmit to McAfee, the "transmit to McAfee" button became disabled (very fishy)..I also did a full scan in safe mode with McAfee and found nothing..I unfortunately went to a AARP recommended site to get free samples not too long ago,if that's significant, but that only resulted in a whole lot of junk E-mail or something did..I unsubscribe to these but they still keep coming..This reminds me a whole lot of what happened to my old computer that was temporarily unprotected because Norton stopped supporting the version i was using with WindowsME..I'm running Vista home basic on a Dell Inspiron 531S..I think I had Malware/spyware that was hiding in the startup registry that time. The path for all these cookies show:   C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@  and then the domain name Zedo[1].txt  doubleclick[1].txt  atwola[2].txt etc.but when you go to start and type the path in the search box it says no files found, even when you stop typing after "\..when you do a restart i think it says:  "ccc.exe is running" in red letters if that means anything..is the virus hiding in the startup file?

        • 1. Re: getting lots cookies and popup ads from casalemedia,Zedo,Eyeblaster etc
          Pharmerbill

          doing full system scan with microsoft malicious software removal tool...been running 3 hours maybe 60% complete with 0 files infected been working on this for 3 days..going to bed...Maybe it's normal to get all those cookies even tho I've haven't been looking at websites when it has happened the last 3 or 4 hours or more..Please help..I'm pretty much a puter dummy. and something definitely has slooooooowed my computer down when yesterday it was lightening fast and McAfee is acting really wierd..it just show 0% progress on downloading updates for about an hour and then dialog box finally popped saying updates complete

          • 2. Re: getting lots cookies and popup ads from casalemedia,Zedo,Eyeblaster etc
            Peacekeeper

            It is normal to get heaps of cookies er quarantined or deleted. To allay your fears try the info below

             

            Update your dat files and scan your PC with Virusscan in Safe Mode.

             

             

             

            To do this, tap F8 repeatedly while booting up. You'll get a boot screen with choices. Pick Safe Mode. Your PC will boot in a low resolution state as most processes won't be running. Go to "My Computer" (XP) or "Computer" (Vista), right-click the hard drive and select "Scan" from the drop-down menu. You'll see an extra taskbar icon which will show a progress report if you hover over it.

             

             

             

            If you think you have a virus infection on your PC do one or both of the following :

             

            - Run the free Mcafee Stinger program from http://vil.nai.com/vil/stinger/ -

             

            set it to Report Mode (in Preferences) and high sensitivity and post the logs of anything it detects.

             

            - Join the McAfee Getsusp group at https://community.mcafee.com/groups/getsusp30-beta-feedback

             

            You will have to ask there for Getsusp, which is a Beta program and not yet on general release.

             

            Before you use Getsusp, you should go to this document

             

            https://community.mcafee.com/docs/DOC-1323

             

            and download the PDF file explaining what Getsusp is and how it works, and this document

             

            https://community.mcafee.com/docs/DOC-1761

             

            which downloads the installation guide PDF document.

             

             

             

            If you want a second opinion, or to be on the safe side, then you can do a scan with the free versions of these tools :

             

            Malwarebytes and SuperAntiSpyware

             

             

             

            If you already have Malwarebytes installed, the virus could be protecting itself against it. In that case, in order to get Malwarebytes running you'll need to rename the executable. Open the C:\Program Files\Malwarebytes Antimalware folder, then rename the "mbam.exe" file and double-click directly on the file to open the program. After updating the program, run a full system scan using Malwarebytes.

             

             

             

            Make sure both programs are updated to the latest versions before running them and let them clean anything they find. If they quarantine a file or fail to remove a file try to get a copy of it and send it to Mcafee using the virus submission path described here :

             

             

             

             

             

            Send the file to mcafee labs at http://vil.nai.com/vil/submit-sample.aspx

             

             

             

            Zip the file and password it with password infected

             

             

             

            You will probably get an autoreply back saying it is infected; reply asking for it to be manually tested.

             

             

             

            Include in your first submission :-

             

            Submission Information
            Please provide the following information along with your sample. It will help us speed the sample review process:

             

             

             

            · A list of all files contained in the sample submission, including a brief description of where or how you found them

             

            · What symptoms cause you to suspect that the sample is malicious

             

            · Whether any security products find a virus (tell us the security vendor, its product name, the version number, and the virus name assigned to the sample)

             

            · Your McAfee product information (product name, engine, and DAT version

             

            · Any system details that may be relevant (operating system, service packs, etc.)

            • 3. Re: getting lots cookies and popup ads from casalemedia,Zedo,Eyeblaster etc
              Hayton

              Websites drop cookies onto your system all the time. Mostly they're harmless, even useful, and often just for the duration of your session on that website, but 3rd-party cookies can hang around a lot longer and be used to track your browsing history, preferences, repeat visits to a site and so forth. McAfee has started to filter out some of these on the grounds that they're an invasion of your right to privacy, which is why you're seeing them being blocked.

               

              Internet Explorer's not great at showing you what cookies are being foisted on you during your travels around the Web, but Firefox keeps an account of what's coming from which website, and shows you how long each one is intended to last for. It's quite instructive to spend some time just running through the list of cookies that you pick up from an average session going around a few sites : you get a better appreciation of just how interested in you some of those sites really are. Some of the sites are downright creepy in the way they want to follow you around so they can "target" you with their advertising. No thanks, say I, and I try to delete cookies at the end of a session. Any I miss I clear out with CCleaner, or one of the anti-malware tools so that I always start a browsing session with a clear slate. I don't want some site going, Hey, welcome back, Hayton, it's been 18 days since you were last here, do you want to see these new gizmos which we know you're interested in ..... A plague on pesky marketers and their nosiness.

               

              Mmm, well, forgive the slight diversion and the sound of axes being ground. The point is, there are ways to block cookies and get rid of the ones you miss. Some cookies you can safely allow on your system, but if in doubt, get rid.

              • 4. Re: getting lots cookies and popup ads from casalemedia,Zedo,Eyeblaster etc
                Pharmerbill

                Thanks so much and happy hollidays..is it normal for the quarantined cookies to have this file path? c:Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@....   domain name  Zedo[1].txt  or doubleclick[1].txt  or casalemedia[2].txt...

                makes me paranoid to see "AppData" and when you type file path in search it finds no results even if you stop typing at cookies\

                • 5. Re: getting lots cookies and popup ads from casalemedia,Zedo,Eyeblaster etc
                  Pharmerbill

                  THANKS & HAPPY HOLIDAYS...How do you update DAT files? and I'll run viruscan and the other 2 tools also...do they need to be ran in safe mode too?

                  • 6. Re: getting lots cookies and popup ads from casalemedia,Zedo,Eyeblaster etc
                    Pharmerbill

                    THANKS AND HAPPY HOLIDAYS..IF I SET INTERNET OPTIONS TO DELETE COOKIES ON END OF SESSION DO MY SAVED USERIDS GET DELETED TOO..I USUALLY DON'T SAVE PASSWORDS ANYWAY.  THANKS AGAIN

                    • 7. Re: getting lots cookies and popup ads from casalemedia,Zedo,Eyeblaster etc
                      Peacekeeper

                      I would assume if you delete cookies the logins go as well. that usually happens for me.

                       

                      I deleted all quarantined cookies in my Pc when I replied to you. Now I look and it is still clear. Probably as I have only been to major business sites.

                       

                      I use Firefox but leave the cookies alone.

                       

                      Right click on shield and choose update 1 way. No run the other tools in normal node.

                       

                       

                      Message was edited by: Peacekeeper on 25/12/10 7:41:08 AM