McAfee > Theat Center > PUP Detail Page

Characteristics

Characteristics

McAfee(R) AVERT recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It is a application that displays contextual advertisements while searching the web.

An installation user interface is displayed upon execution of the installation program. Many files are dropped and several registry entries are created. A license agreement is displayed that must be agreed to in order for installation to proceed. There is information available on the viewpoint.com website (with which the program communicates). A Browser Helper Object (BHO) is installed in Internet Explorer and a unique identifier for the host system is created. The software installed consists of three components: Viewpoint Toolbar, Viewpoint Media Player, and Viewpoint Manager.

Privacy

A privacy policy is displayed during installation as part of the EULA. The full text of the policy can be accessed on the author's website http://www.viewpoint.com/pub/privacy.html .

Following installation, the software transmits search terms entered into search engines and provides contextual advertisements in a configurable toolbar. The Manager component also communicates with remote servers for self-update functions.

System Changes

General defaults for typical path variables (although they may be different, they usually are not):
%WinDir% = \WINDOWS (Windows 9x/ME/XP), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM32 (Windows 9x/ME/XP), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

Files Added

• %ProgramFiles%\viewpoint\viewpoint media player\
  mtsaxinstaller.exe (60 KB)
  MD5: 4CDD264923F49D5D48A9A0FAC4FE09B8
  axmetastream.dll (240 KB)
  MD5: 3163B59E1C568C8C6EACA1EAB06FA851
  
• %ProgramFiles%\viewpoint\viewpoint media player\downloadedcomponents\
  
• %ProgramFiles%\viewpoint\viewpoint media player\components\
  
• %ProgramFiles%\viewpoint\viewpoint media player\newcomponents\
  
• %ProgramFiles%\viewpoint\viewpoint manager\
  viewmgrinstaller.exe (84 KB)
  MD5: C7A179861C079D50F9A776EDD47710D7
  viewmgrcore.dll (397 KB)
  MD5: F9E1373315862FF9979F57E4166B9743
  viewmgr.exe (104 KB)
  MD5: 1CD4DDA616A8C2E2EE028895271492E9
  viewcp.cpl (108 KB)
  MD5: 237642BAC0E9A9248D9580A5B4E6821D
  
• %ProgramFiles%\viewpoint\viewpoint manager\viewcpdata\
  vmctrl.html (8 KB)
  viewpoint.ico (26 KB)
  options.ini (1 KB)
  
• %ProgramFiles%\viewpoint\viewpoint manager\viewcpdata\images\
  (This folder contains many .GIF files)
  
• %ProgramFiles%\viewpoint\viewpoint toolbar v35\
  viewpointphotosshellext.dll (77 KB)
  MD5: 134D1F8EA91DCF40B0323510F87847E1
  viewpointphotosdeviceconnect.ico (24 KB)
  viewbarinstaller.exe (129 KB)
  MD5: 7E587D242718A883C6051A380B5B77DE
  viewbarbho.dll (33 KB)
  MD5: D0DE329458BC178A97BFCFEED83C237D
  viewbar.dll (1313 KB)
  MD5: D13C63EEC5F1AF32BC7C4C07F483EE93
  vetscriptinterpreter.dll (701 KB) MD5: E143A4AEE74884D4FC3ABF408583D542
  swfview.dll (701 KB)
  MD5: 9DA5A5EC300B68DC11EAB480CF11A742
  fotomatdeviceconnect.exe (137 KB)
  MD5: 2D07881CBFFC5BE4205E8B0FB1269931
  barintro.html (4 KB)
  
• %ProgramFiles%\viewpoint\viewpoint toolbar v35\images\
  (This folder contains many .GIF and .JPG files)
  
• %ProgramFiles%\viewpoint\viewpoint toolbar v35\back_to_toolbar\
  (This folder contains several .GIF and .HTML files)
  
• c:\documents and settings\all users\application data\viewpoint\viewpoint media player\
  c:\documents and settings\all users\application data\viewpoint\viewpoint manager\
  c:\documents and settings\all users\application data\viewpoint\viewbarv35\
  (Each of these folders has several subfolders to store downloaded graphics and other content for the toolbar or other components)
  
• c:\documents and settings\(username)\application data\viewpoint\viewbarv35\
  (This folder contains several subfolders and many “.TDB” files, likely account-specific data or statistics)
  

Registry

The following registry keys/values are created:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  "ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  "ViewpointPhotosDeviceConnect"="C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\
  Events\ScanButton\{1FB895B8-BC8D-4701-9341-30AE0EC17B64}
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\
  Events\Connected\{1FB895B8-BC8D-4701-9341-30AE0EC17B64}
• HKEY_LOCAL_MACHINE\SOFTWARE\Viewpoint
• HKEY_LOCAL_MACHINE\SOFTWARE\Viewpoint\ViewpointSearchBarV35
• HKEY_LOCAL_MACHINE\SOFTWARE\Viewpoint\ViewpointSearchBar
• HKEY_LOCAL_MACHINE\SOFTWARE\Viewpoint\Viewpoint Manager
• HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Uninstall\ViewpointSearchBarV35
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Uninstall\ViewpointMediaPlayer
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Uninstall\Viewpoint Manager
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Shell Extensions\Approved
  "{28710882-150A-48A6-A858-2FC774BA822E}"="Viewpoint Photos Shell Extension"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Explorer\AutoplayHandlers\Handlers\ViewpointPicturesHandlerOnArrival
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival
  "ViewpointPicturesHandlerOnArrival"=""
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival
  "ViewpointPicturesHandlerOnArrival"=""
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival
  "ViewpointPicturesHandlerOnArrival"=""
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival
  "MSOpenFolder"=""
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Explorer\AutoplayHandlers\CancelAutoplay\CLSID
  "903B475E-E2C0-4c17-A965-CD52BA629ADF"=""
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
  "{F8AD5AA5-D966-4667-9DAF-2561D68B2012}"="0"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
• HKEY_LOCAL_MACHINE\SOFTWARE\MetaStream\MetaStream3
  "Component Path"="C:\Program Files\Viewpoint\Viewpoint Media Player\"
• HKEY_LOCAL_MACHINE\SOFTWARE\MetaStream\MetaStream3
  "{03F998B2-0E00-11D3-A498-00104B6EB52E}"="C:\Program Files\Viewpoint\Viewpoint Media Player\"
• HKEY_LOCAL_MACHINE\SOFTWARE\MetaStream\MetaStream3
• HKEY_LOCAL_MACHINE\SOFTWARE\MetaStream
• HKEY_CURRENT_USER\Software\Viewpoint
• HKEY_CURRENT_USER\Software\Viewpoint\ViewpointSearchBarV35
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Viewpoint Search
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  "Error Dlg Displayed On Every Error"="no"
• HKEY_CURRENT_USER\Control Panel\MMCPL
  "ViewCP.cpl"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl"
• HKEY_CLASSES_ROOT\ViewpointPhotosShellExt.ViewpointPhotosExt.1
• HKEY_CLASSES_ROOT\ViewpointPhotosShellExt.ViewpointPhotosExt
• HKEY_CLASSES_ROOT\ViewBarBHO.BHO.1
• HKEY_CLASSES_ROOT\ViewBarBHO.BHO
• HKEY_CLASSES_ROOT\ViewBar.ViewBar.1
• HKEY_CLASSES_ROOT\ViewBar.ViewBar
• HKEY_CLASSES_ROOT\ViewBar.AxPalette.1
• HKEY_CLASSES_ROOT\ViewBar.AxPalette
• HKEY_CLASSES_ROOT\ViewBar.AutoPlay
• HKEY_CLASSES_ROOT\TypeLib\{F0ED1949-59F9-447D-A8B9-FBDCEBC85198}
• HKEY_CLASSES_ROOT\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}
• HKEY_CLASSES_ROOT\TypeLib\{DEE6B691-85C6-4B53-95B8-4837B04BB522}
• HKEY_CLASSES_ROOT\to
• HKEY_CLASSES_ROOT\the
• HKEY_CLASSES_ROOT\runtime
• HKEY_CLASSES_ROOT\Register
• HKEY_CLASSES_ROOT\our
• HKEY_CLASSES_ROOT\folders
• HKEY_CLASSES_ROOT\files,
• HKEY_CLASSES_ROOT\ext
• HKEY_CLASSES_ROOT\checked
• HKEY_CLASSES_ROOT\be
• HKEY_CLASSES_ROOT\at
• HKEY_CLASSES_ROOT\Associate
• HKEY_CLASSES_ROOT\all
• HKEY_CLASSES_ROOT\//
• HKEY_CLASSES_ROOT\with
• HKEY_CLASSES_ROOT\will
• HKEY_CLASSES_ROOT\Interface\{ABAFBF13-01E8-4F3F-A021-0B95BBF8F29D}
• HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\
  ViewpointPhotosExt
  "default"="{28710882-150A-48A6-A858-2FC774BA822E}"
• HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\
  ViewpointPhotosExt
• HKEY_CLASSES_ROOT\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
• HKEY_CLASSES_ROOT\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
• HKEY_CLASSES_ROOT\CLSID\{28710882-150A-48A6-A858-2FC774BA822E}
• HKEY_CLASSES_ROOT\CLSID\{1FB895B8-BC8D-4701-9341-30AE0EC17B64}
• HKEY_CLASSES_ROOT\CLSID\{0E2C3126-DDED-4A58-800E-9AEDE84EA31E}
• HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
• HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1
• HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl
• HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\
  ViewpointPhotosExt

Network Impact

Additional overhead in bandwidth due to download of advertising search results content, transmission of browsing data to remote servers, and self updates.

Removal

Aliases

Aliases

N/A