Full
Name: |
Cytron |
| Type: |
Adware |
| Also Known As: |
TargetingSource
POTD
Burnaby
e-card_viewer.cab
e-card viewer
ecard
|
| Created By: |
Cytron Technologies Ltd. |
| Danger Level: |
8 |
| Category Description: |
Program that delivers advertisements on your PC.
Note that many websites have their own advertising, unrelated to adware.
Adware is any software application in which advertising is displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen and sometimes through text links or in integrated search results. Adware may or may not track personal information. It may also gather information anonymously or in aggregate only. Users should check the EULA and Privacy policy to ensure if the adware on their machines conforms to their standards. |
| Official Description: |
Cytron is an Internet Explorer Browser Helper Object. It scans the content of pages being viewed for keywords and opens pop-up advertising when they are detected.
Installed by ActiveX drive-by download on a page pointed to by mail claiming you have received an 'e-card'. The ActiveX control purports to be a viewer for e-cards.
|
| Comment: |
When IE is started for the first time it attempts to connect to Cytron's servers to download a list of keywords to look for, and URLs of pop-ups to open.
According to various reports, it also sends itself to everybody listed in your address book, with an email claiming you have sent them a greeting card. Once they open it, they too are infected.
Cytron/potd installs potd.dll into Downloaded Program Files; with Cytron/sec the filename is sec.dll instead.
|
| |
|
| Information URL: |
http://www.cytron.com/ |
| Properties: |
|
| Manual Removal: |
First deregister the Cytron BHO. Open a DOS command prompt (Start->Programs->Accessories) and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u "%WinDir%\Downloaded Program Files\potd.dll"
You should then be able to delete the 'TargetingSource' entry in Downloaded Program Files (in the Windows folder), and the registry key HKEY_CURRENT_USER\Software\POTD (Start->Run->regedit). |
