Viewpoint Toolbar Corporative Trojan?

[RRWolfman]

Viewpoint Toolbar ("VPT") made its first appearance on one of my PCs this evening. I see from several Google and microsoft.com queries that led me to this site (and to register with you once I'd seen what you have to offer) that VPT has been around at least since 2004. Therefore, I count myself lucky that it spared me until tonight. As we speak, the computer where it made its appearance is still running an MS Defender Beta Full Scan (undoubtedly, to no avail) and that follows on a McAfee AntiVirus 7.0.1 Enterprise Version on-demand scan (no infected files -- of course). All this done while the VPT pop-up in the bottom right corner of the screen remained there, untouched, luring me to click on one of its options (which do NOT include the option to simply close it). That this new box for software that has never been present on my machine (and STILL is not present, so far as I can tell) popped up when I started the PC this evening, and that it claimed to be an urgent "update" was enough to set my alert status to code BRIGHT RED, prompting the response of running all the protection software that I had on the machine (the McAfee and MS Defender products), but what really throws me is how it can be that PC Mag and others seem to regard it as legitimate! It doesn't just throw me, it scares me. I'm ready to close up shop on my business here at home and adjourn to the public library from now on. Oh yes, I did find "hopkinso"'s instructions for removing VPT elsewhere on your site. It came up when I Googled "Problems with Viewpoint Toolbar". And I thank you very much for it; however, the instructions from hopkinso, though utterly clear and concise, reached to such a depth systemwise (even turning off System Restore and then turning it back on at the end of the removal operation) that I was struck with the thought that (assuming that my efforts tonight do indeed fail and the thing installs itself despite my resistance) if this is what it takes to get rid of something that the powers-that-be (MS, PC-Mag) are pretending is safe and innocuous, then how long can it be before the same powers-that-be give the stamp of approval to still another invasive mass of code that will have to removed by similar surgery reaching right down to the bottom depths of my computer? No no no, best not to access the Web at all on my own machine, the one that has the data and correspondence of my livelihood. Better to go "off the grid" in terms of Internet usage.

Any who wish to debate this point?

 

[SNGX1275]

Nope. Because I can't struggle to read through that uberparagraph. Go back and edit it to something readable and maybe people can "debate this point".

 

[howard_hopkinso]

Hello and welcome to Techspot.

I have moved your thread to our security and the web forum.

I see what SNGX means by your uberparagraph, it`s not exactly easy to read.

The Viewpoint toolbar is fairly easy to get rid of.

Go and read this thread HERE, then post a HJT log as an attachment into this thread.

Regards Howard :wave: :wave:

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RRWolfman]

O.k., and thanks for the additional tips.

No offense, but the data dump happened because I just lost an entire evening of work on my real job because of Viewpoint's advent.

Seems like you're replying from England at something like 4 am. I admire you, but it's nearly midnight here and tomorrow (Saturday) I really must get some work done.

BTW System Restore appears to have enabled me to successfully evade having to click on Viewpoint's "Critical Update" ... hopefully it won't come back for another couple of years.

 

[howard_hopkinso]

I`m glad system restore appears to have solved your problem. However, I`d still like to see a HJT log as per the instructions. I can then check your system for malware etc.

Regards Howard

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RRWolfman]

Thank you. I looked for HJT on techspot but couldn't find it. Can you give me a link so I can install it?

 

[howard_hopkinso]

Click this LINK.

I did give you the link before, but perhaps you missed it.

Regards Howard

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RRWolfman]

Log attached

Yup, "Viewpoint" is there. Amazing. Now what do I do?

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Toolbar
Viewpoint Manager

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know if you`re still having problems.

Regards Howard

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RRWolfman]

It's still there

I thought I was going to be successful until tried the last step, deleting the c:\programs\viewpoint folder, when I got the message, "Cannot delete ... file is in use by another person or program ... close the program ... and try again"

I was operating in safe mode and Task Manager showed hardly anything running. Viewpoint did not appear on Task Manager.

Two things that might be glitches:

1. Appropo your direction not to boot to the Administrator ID: this computer has TWO users. Any concern there?

2. When deinstalling Viewpoint Toolbar, it tried to access the Web using IE (not Firefox, what I always use). When it did so it returned an error message that it was unable to access (whatever it was looking for) and could not complete the deinstallation. But when I closed IE and returned to the add/remove list, Viewpoint Toolbar was gone.

HJT log is attached.

 

[howard_hopkinso]

Your HJT log is clean.

Please post a fresh HJT log from the other user account.

Regards Howard

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RRWolfman]

Problem with upload

I ran it on the other ID but I get an "upload error" when I try to attach the log, even though I moved it over to the desktop on my regular ID.

These are the users (IDs):

1. Richard Wolfe ("regular" user, the one that I ran HJT on the first time)

2. RRWolfeCo ("other" user, the one I'm trying to attach now)

 

[howard_hopkinso]

I have now removed your previous HJT logs.

See if you can now attach the fresh log from the other account.

Regards Howard

 

[RRWolfman]

The attachment list is showing the correct log and states that it has been uploaded, but it doesn't show with the thread. Can you access it?

 

[howard_hopkinso]

Like you, I can`t see it mate.

Just copy and paste the log into your next post. I`ll delete it once I`ve finished with it.

Regards Howard

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RRWolfman]

Log file removed.

 

[howard_hopkinso]

That HJT log is also clean.

Unless you have any further problems, I think you`re good to go.

Let`s see if we can get rid of the Viewpoint folder.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply.

Regards Howard

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RRWolfman]

Content of avenger.txt

 

[howard_hopkinso]

That`s great, the folder is now deleted.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RRWolfman]

Many thanks!

 

[Xusn96]

While I see that as usual Howard has saved the day, here is some information as to the origins of your viewpoint issues. The following cut and paste from the viewpoint site and its product faq:


QUOTE:


What is Viewpoint Media Player?
What is Viewpoint Manager?
What is Viewpoint Toolbar?
How does Viewpoint software get installed?
How do I decline the Viewpoint Toolbar opt-in prompt?
How do I disable opt-in prompts for Viewpoint Toolbar?
How do I uninstall Viewpoint Toolbar?
What user information does Viewpoint collect?
Is Viewpoint Adware or Spyware?

What is Viewpoint Media Player?

Viewpoint Media Player is a web browser plug-in that enables users to view 3D content and other rich media, such as Flash® content and video, on the Internet. Viewpoint Media Player is the graphics engine for AOL® Instant Greetings™, AIM Themes and other popular web applications. Viewpoint Media Player is distributed with AOL, AIM, versions of Netscape™, certain Adobe® products, and some retail computers sold today.

Many companies, ranging from online retailers to auto manufacturers, use Viewpoint Media Player as the graphics platform for interactive 3D tours of their products. Viewpoint Media Player powers product tours of the Toyota 4Runner and Sony laptop, desktop, and server computing products.
top
What is Viewpoint Manager?

Viewpoint Manager (viewmgr.exe) is a component of various Viewpoint products, including Viewpoint Media Player and Viewpoint Toolbar that manages the download of updates and bug fixes for Viewpoint applications. To ensure Viewpoint applications remain up-to-date, Viewpoint Manager checks Viewpoint servers for new components every 24 hours without interfering with the user’s online experience.

If Viewpoint Manager detects an update on the Viewpoint component servers, the update is automatically downloaded and installed ("Auto-Update"). Viewpoint Manager has built-in bandwidth detection and will pause the download of updates when it senses bandwidth limitations, thereby ensuring the auto-update process does not interfere with the end-user's computer performance.
top
What is Viewpoint Toolbar?

Viewpoint Toolbar is a search application powered by the Yahoo! search engine. Viewpoint Toolbar plugs into the Windows Internet Explorer web browser. The toolbar, illustrated in the following graphic, features a pop-up slammer, graphical search results, visual bookmarks, and custom skins.


top
How does Viewpoint software get installed?

Viewpoint Media Player is installed on a user’s computer in any of the following ways:

* From the Viewpoint website
* Required with installation of AOL, AIM, current versions of the Netscape web browser, certain Adobe products, and some retail computers sold today
* From opt-in prompts on websites that require Viewpoint Media Player to view site content

Viewpoint Toolbar is installed ONLY by:

* Downloading it directly from the Viewpoint website
* From opt-in prompts provided by Viewpoint and Viewpoint clients

top
How do I decline the Viewpoint Toolbar opt-in prompt?

* From the prompt, illustrated below, click the More Info button. Your selection takes you to the More Info page.
* From the More Info page, click the No, Thanks button. Your selection closes the opt-in prompt and the toolbar is NOT installed.


ENDQUOTE

X out.

 

[RRWolfman]

System No. 2

My laptop (described in my Profile as System No. 2 ) runs very slowly.

The problem is most noticeable at startup. It can take ten minutes for it to get done running processes that take up most of the RAM. During that time, it loads MS Office applications at a glacial pace. It can be 30 seconds at least when I open My Computer and try to find a file using Windows Explorer.

I tried installing System Mechanic (Iolo) but it just made the machine crash (even had to System Restore it to pre-Iolo state).

IBM puts a lot of its own software on these Thinkpads, and some of it duplicates what Windows does. For example, there are two processes (with icons at lower right) that are keeping track of how much battery power is left. I got rid of the IBM process at one time, but then it came back again.

I installed HJT and ran it, hoping for clues as to what I could get rid of, but the output and the explanations don't tell me much.

I thought perhaps if you took a look at the log, you might be able to tell me what to get rid of so that the machine is more responsive.

 

[howard_hopkinso]

First of all, your HJT log is clean.

I see you laptop only has 256Mb of ram, installing some more ram would definitely help to speed things up.

I agree that you do have a lot of stuff running on it and this together with the low amount or ram, will make your system run sluggishly.

Go and follow the instructions for Ccleaner in step9 of this thread HERE.

Then, go and read this thread HERE.

See if that helps to speed things up.

Regards Howard

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RRWolfman]

Thanks, I'll try to turn this around promptly, but may be delayed until tomorrow before I know whether it's done any good.

About replacing laptop memory: is this always done by pulling the old memory and putting the new in its place? (as opposed to plugging more memory into an expansion slot, as in a desktop)

 

[howard_hopkinso]

See HERE for ram upgrade options for your laptop.

Regards Howard

This thread is for the use of RRWolfman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.