EricofSD opened this issue on Oct 30, 2012 · 27 posts
EricofSD posted Tue, 30 October 2012 at 8:46 PM
One of the things I have enjoyed about being a member of Rendo is that you guys don't spam. Lately, my viewing of the Rendo site has been disrupted with DAZ popups.
If rendo is giong to this advertising tactic, then I am very disappointed and will not recommend Rendo to others. I will warn others to stay away.
Bottom right of the screen shows a DAZ popup when logging in. That's one image. The other image shows a firefox popup, but I didn't have FF going. It was entirely on MS Exploder.
I tried to upload two screen shots and when I went to Attach FILE, I was directed to http://www.uti.edu/request-info/request-info-halogen/b/?utm_source=Sec&utm_medium=Display&utm_term=RON&utm_campaign=Mar
EricofSD posted Tue, 30 October 2012 at 8:48 PM
EricofSD posted Tue, 30 October 2012 at 8:50 PM
Here's the second info that says firefox, but I'm not on FF, I'm on MS Exploder and have been for a few days.
This started about two weeks ago or more.
EricofSD posted Tue, 30 October 2012 at 8:51 PM
So why am I being spammed by superfish dot com?
EricofSD posted Tue, 30 October 2012 at 9:00 PM
seems I cross posted. post 3 that says "look at the bottom right" was meant for the first image on post 2.
EricofSD posted Tue, 30 October 2012 at 9:07 PM
EricofSD posted Tue, 30 October 2012 at 9:16 PM
I do not get the popup on other websites, only DAZ3d and rendo.
EricofSD posted Tue, 30 October 2012 at 9:34 PM
And by the way, I did just do a good cleaning and logged off and back on.
The three orange tabs either want to direct me to anderoezs.net or dpbolvw.net
EricofSD posted Tue, 30 October 2012 at 9:36 PM
The three orange tabs either want to direct me to anderoezs.net or dpbolvw.net
EricofSD posted Tue, 30 October 2012 at 9:37 PM
Ok, won't paste.
The three orange tabs either want to direct me to anderoezs.net or dpbolvw.net
the three orange tabs either want to direct me to anderoezs.net or dpbolvw.net
EricofSD posted Tue, 30 October 2012 at 9:37 PM
wow, amazing that I can't type or post the redirect sites.
EricofSD posted Tue, 30 October 2012 at 9:38 PM
andoezrs dot net
EricofSD posted Tue, 30 October 2012 at 9:39 PM
or
dpvolvw dot net
Janl posted Tue, 30 October 2012 at 9:48 PM
Quote - So why am I being spammed by superfish dot com?
I did a quick search and came up with these:
http://support.mozilla.org/en-US/questions/773286
http://support.mozilla.org/en-US/questions/773286
http://forums.mozillazine.org/viewtopic.php?f=38&t=1979591&start=0
It looks like it could be an addon you have installed or perhaps malware.
Janl posted Tue, 30 October 2012 at 10:26 PM
Found this about dpbolvw.net (see last post):
http://www.tomshardware.co.uk/forum/31689-17-http-dpbolvw-click-link-redirects-here
Do you have an adblocker installed?
I ask because I did at one time and had to uninstall it because of similar problems.
EricofSD posted Tue, 30 October 2012 at 11:16 PM
Ok, I'll check those out, but I want Rendo and DAZ to cease and desist.
Khory_D posted Wed, 31 October 2012 at 12:58 AM
At the bottom of your pop ups it says "by CrossRider". I would say they are responsible for your issues not Rendo or DAZ. You may want to contact them about it.
www.Calida3d.com
Daz studio and Poser content creators
Khai-J-Bach posted Wed, 31 October 2012 at 4:30 AM
Quote - Ok, I'll check those out, but I want Rendo and DAZ to cease and desist.
they can't. it's not them doing it.
lazycatstudio posted Wed, 31 October 2012 at 7:37 AM
Quote - At the bottom of your pop ups it says "by CrossRider". I would say they are responsible for your issues not Rendo or DAZ. You may want to contact them about it.
CrossRider is a development framework used by other developers to deliver their content (including some new viruses, but also legit stuff). They by themself are not responsible for it.
26Fahrenheit posted Wed, 31 October 2012 at 8:08 AM
looks like you need to clean your PC ..thats not for DAZ or RENDO's to fix your problem.
You got infected and that why YOU see spam and WE dont ..
Simple
EricofSD posted Wed, 31 October 2012 at 7:56 PM
Ok, thank you for the information. I have a 3d work project tonight and a meeting tomorrow night so I'll try to work through this Friday or the weekend.
Khai, If its not rendo or DAZ that hired the advertisers, then I guess that makes DAZ and possibly Rendo a victim as well. At least DAZ now knows that someone is using their logo to lure people. I can see where folks might think they have a DAZ coupon and then go to the websites that might further have adware coding. I hope that both companies will investigate on their own and protect their good names.
26F, I've cleaned the system several times with cc cleaner, hyjack this, ATF, a few other cleaners, and run Avast virus and malwarebytes scans and they all come up negative for it. Actually, I do the cleaning once a week mostly to clear out Poser temp files. I even checked for rootkits. So obviously I need to go deeper than that.
Janl, thanks for the research. Let me see if one of those sites has a removal that will work.
Khory, well, um, maybe contacting crossfire will just result in more viruses if they are the ones stealing the DAZ logo and Renderosity name. I'm not sure that contacting them will be of any positive value for me. But perhaps if DAZ and Rendo as victims wish to contact Crossfire and tell Crossfire to cease that would be to everyone's benefit.
Ok, I don't mean to sound cranky and irritable, but its a natural reaction to unwanted junk. I am more concerned about data mining. Hopefully after this weekend I can report some good news and a fix in case anyone else gets this.
EricofSD posted Wed, 31 October 2012 at 8:51 PM
Hi gang, I think I have some good news. This thing was bugging me too much so I went ahead and read through the info that Janl posted. That was all oriented towards firefox. I was perplexed that even though the properties in IE said it was a firefox plugin, it was happening mostly in IE. I checked the add ons and plug ins and whatnot for both browsers and nothing in either one.
So, being the adventurous type, I went to regedit and typed in superfish. I found 4 keys and deleted all 4. Then a reboot to see if I blew a hive (which I usually end up doing from time to time). So, anyway, the reboot went fine and guess what? No more popup.
I don't recommend deleting registry keys for folks because its a great way to crash the OS, but in this case it seems to have worked.
So unless there is any further info over the next few days, I'm going to close out this issue and get back to the real work of rendering.
Thanks again everyone for ideas. Oh, and by the way, cc cleaner that has a registry cleaner didn't get it, I had to manually find and remove the keys.
Be well, and I hope DAZ and Rendo go after these guys. Superfish was the culprit.
Oh, and by the way, I'm glad to continue recommending R and DAZ to folks. Now that I think about it, its in the DAZ EULA. :) Cheers.
lazycatstudio posted Thu, 01 November 2012 at 7:59 AM
Quote - Khory, well, um, maybe contacting crossfire will just result in more viruses if they are the ones stealing the DAZ logo and Renderosity name. I'm not sure that contacting them will be of any positive value for me. But perhaps if DAZ and Rendo as victims wish to contact Crossfire and tell Crossfire to cease that would be to everyone's benefit.
It is NOT DAZ or Rendo or even CrossRider who is to blame. It is YOUR fault.
You installed the Superfish Window Shopper toolbar/extension or one of its siblings that is giving you the popups.
Khai-J-Bach posted Thu, 01 November 2012 at 3:10 PM
Quote -
Khai, If its not rendo or DAZ that hired the advertisers, then I guess that makes DAZ and possibly Rendo a victim as well. At least DAZ now knows that someone is using their logo to lure people. I can see where folks might think they have a DAZ coupon and then go to the websites that might further have adware coding. I hope that both companies will investigate on their own and protect their good names.
again. it's nothing to do with them at all. it read the content of the page and formed it's own links. if you were on a page about cookers, it would have linked cookers. or golf, golf balls and so on.
it's something your machine was, and still is, infected with. I'd recommend using a program like Malwarebytes http://www.malwarebytes.org/ to properly clean this off your system. I'd then recommend running a trusted antivirus, such as AVG, Avast!, Kaspersky, etc (never norton or mcaffee. they cause their own issues). just removing registry links will not save you from issues and ccleaner does not remove malware in any shape or form.
EricofSD posted Thu, 01 November 2012 at 11:12 PM
Lazy, I did not install superfish. How it got on the system, I can't say. I did check the removal websites and looked for the directories that are supposed to be associated with superfish and they do not exist.
I get the sense you are very offended so let me apologize to you for whatever I said that offends you. I was educated here in this thread that the problem was not created or caused by DAZ or Rendo and I believe I have correctly agreed now that what looked like something genuine is now indeed understood by me to be a fake.
Please keep in mind that adware is particularly devious in how it installs and often will install without the user knowing. I'm not sure that I would call that the user's fault. If someone out there works very hard to commit fraud, the victim probably ought not to be blamed. If it were true that a victim is always at fault then we live in a very sad world. I believe the fault is the company and the programmers that created the install and took the good name of DAZ and Renderosity.
Now it is true that a computer owner ought to learn about safe browsing and in doing so, can minimize the exposure. I read where a substantial percentage of websites have unwanted code in them. It is a big enough problem that companies like Norton and Avast and Malwarebytes, etc, are constantly releasing updates (almost daily) to try and protect against this problem. I did my part by purchasing those programs and I use them. Avast Pro has a web shield and it has been active since I bought this system. Users are often taken unaware and duped, as in this case. All I can do is recant my irritable comment, apologize, and share what I did to try and deal with it.
I hope that some day you be able to understand what I said here.
Khai, yeah, I do sort of wonder if something was left behind. It seems to be deactivated. While the popup was active, I often saw net traffic and CPU usage when the system was idle. That could be any number of things from legitimate services running to adware. If I can get to the resmon fast enough I can see what is triggering the useage, but often it just says "system" without enough detail to know anything more. My hosts files are clean, I checked those manually.
I did run Avast pro and malwarebytes, as I said above, and neither found the program. I do not ever recall seeing a shopper toolbar and none show up in activex or program manager or add ons in any of my browsers or windows uninstall areas. So this weekend I might try to learn more about superfish and see if I can locate anything left behind that might be silently active.
Freinds, if there is a lesson to be learned here, its that even semi-savvy computer users can be taken advantage of unawares. Some of the adware is pretty sophisticated. Even emails that look like they came from ebay or the bank or the ISP can be fraud. I often hover the mouse over a link to see where it wants to go before going there, which is how I realized that this DAZ / Rendo popup was trying to direct me elsewhere. Maybe it was legit, but we have learned it is not.
I hope the hostility can die down now.
Khory_D posted Fri, 02 November 2012 at 12:35 AM
You may have picked it up someplace that ought to be trust worthy. CNET comes to mind these days as an example. They stick a few things at the front of downloads and unless you uncheck boxes they install them. It may even have been somewhere that use to be safe to download from in the past but has gotten sketchy.
www.Calida3d.com
Daz studio and Poser content creators
EricofSD posted Tue, 20 November 2012 at 1:06 AM
I did a major cleaning. Mostly manual. Found the offending directory "installation assistant." Yeah, like I need help installing things. :) I remember seeing that in the windows program uninstall and did uninstall but it was a fake, the directory remained and continued to spam. When I deleted the directory and all references in the registry this issue cleared up a bit more.
I pulled a lot of stuff out of the registry and it wasn't just the application. Took a while to search the registry for all the known keys. Found torrent, and a few others. I don't use P2P or anything like that.
cnet might have been involved. I watch the check boxes pretty close but who knows, maybe I missed one. I do use cnet from time to time and will be weary from now on.
I hope Renderosity and DAZ takes the time to go after these people who used the logo and names. Shortly after this event I got emails and notices from Rendo about coupons. DAZ offers the same from time to time. Whoever concocted this scheme spent some time to learn who their victims were and did a great job of scamming.
My computer guy told me to enable PUP blocking in Avast. Apparently there are some legitimate uses of this, which is why it is disabled by default. I don't think I need this so it is now a part of the scan.