Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OpinionMart Survey pop up


  • Please log in to reply
8 replies to this topic

#1 lernme

lernme

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 17 June 2013 - 01:31 PM

I am running Windows 7. I run Firefox and/or IE, sometimes together. This popup box appears that says "OpionMart" and also says "Please take a few moments to take our brief survey" and the URL seems to be Suitesmart.com/survey....etc...  There does not seem to be a pattern to when this pop up appears. Perhaps

it appears more when I open up my browser. Not sure. And it does not keep popping up. Just occasionally. I have run updated Malwarebytes, AdAware, and Spybot scans. No luck. And, I have MS Security Essentials running. I can't seem to relate it to any website or new software. Any quick solutions?  Thanks.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:40 AM

Posted 17 June 2013 - 02:39 PM

It could be as simple as blocking third party ad/ tracking cookies to keep the popup from appearing.

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET

 

After blocking the cookies then you will want to remove the ones presently installed. Use SAS Free for that.

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

 

In Firefox, install the two best addons for blocking driveby installs of malware and annoying ads/ popups....Adblock Plus and NoScript

NoScript Security Suite :: Add-ons for Firefox

Adblock Plus :: Add-ons for Firefox

 

You should run a scan using AdwCleaner Download

 

Use Ccleaner to remove temporary files, logs, etc. Watch carefully while installing and UNcheck the install of Yahoo Toolbar or

other unwanted stuff. CCleaner - PC Optimization and Cleaning - Free Download

 

 

Check in the add-on lists in all browsers to see if there is something there that you do not recognize and disable or uninstall.

Let us know of any suspicious add-ons.

 

Post the logs from SAS and Adware Cleaner back here.


Edited by buddy215, 17 June 2013 - 02:49 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 lernme

lernme
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 17 June 2013 - 05:02 PM

I should have mentioned that I don't accept third party cookies already. Below are the logs for SAS and AdwCleaner. After I ran AdwCleaner upon restart, the popup came up again.

I ran the CCleaner scan and fix. But, I didn't run the registry scan. I am not sure if the popup is still here.

 

Thank you for your kind help.

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2013 at 03:31 PM

Application Version : 5.6.1020

Core Rules Database Version : 10541
Trace Rules Database Version: 8353

Scan type       : Quick Scan
Total Scan Time : 00:05:40

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 609
Memory threats detected   : 0
Registry items scanned    : 60415
Registry threats detected : 0
File items scanned        : 10733
File threats detected     : 53

Adware.Tracking Cookie
    www.googleadservices.com [ C:\USERS\MIKE \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C2ERCJ5B.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MIKE \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C2ERCJ5B.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    insight.torbit.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.net [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atwola.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    in.getclicky.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MIKE \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 

 

 

 

 

# AdwCleaner v2.303 - Logfile created 06/17/2013 at 15:51:20
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mike - MIKE-PC
# Boot Mode : Normal
# Running from : C:\Users\Mike \Desktop\AV Programs\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\APN
Folder Found : C:\Users\MIKE1\AppData\Local\Temp\APN

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Mike \AppData\Roaming\Mozilla\Firefox\Profiles\c2ercj5b.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Mike \AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [999 octets] - [17/06/2013 15:51:20]

########## EOF - C:\AdwCleaner[R1].txt - [1058 octets] ##########
 



#4 buddy215

buddy215

  • Moderator
  • 13,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:40 AM

Posted 17 June 2013 - 06:30 PM

If you look at the discussion in the link below you will see that most likely the only way to block the survey

is by using a script blocker or ad blocker. I suggested you install both in Firefox and now that I see you also

have Chrome, you can install Adblock Plus in it as well. There is a script blocker for Chrome but it is not

NoScript. Adblock Plus will likely block the survey as it appears to be triggered by an ad or script running in Adsense.

Need help with stopping an Opinion Mart popup from suitesmart.com. - Google Groups

 

You need to block the ad/ tracking cookies in Chrome, too.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 lernme

lernme
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 17 June 2013 - 09:14 PM

Oh. Well, what is Adsense and why can't we get rid of that? Wouldn't that solve it?

 

Thanks,



#6 buddy215

buddy215

  • Moderator
  • 13,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:40 AM

Posted 18 June 2013 - 06:45 AM

Adsense is a Google service used by website owners.

Supposedly the popup surveys violate Adsense rules.

It is up to the website owners to decide whether to use that service or not.

 

I've never seen a popup survey. The only browser I use is Firefox and have used those

two add-ons for many years. Adblock Plus is a no-brainer...NoScript has a small learning curve.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 lernme

lernme
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 18 June 2013 - 09:35 PM

Well, so far this evening since I have booted up my computer, no OpinionMart popup. I think I am rid of OpinionMart for now. Thank you for the help.

#8 lernme

lernme
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 19 June 2013 - 07:43 PM

Yep, I seem to be cleaned.



#9 buddy215

buddy215

  • Moderator
  • 13,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:40 AM

Posted 20 June 2013 - 08:21 AM

There is another tool that I use in both Windows and Linux that does a more thorough job of cleaning

Firefox than Ccleaner.....BleachBit. Along with removing cookies from Dom Storage it also vacuums sqlite. Many claim that

vacuuming Firefox speeds it up.

If you decide to use it, be sure to check the options to vacuum and clean Dom Storage in Firefox.

BleachBit - Clean Disk Space, Maintain Privacy

 

BleachBit quickly frees disk space and tirelessly guards your privacy. Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean a thousand applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari,and more. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users