Description

Cytron is an Internet Explorer Browser Helper Object. It scans the content of pages being viewed for keywords and opens pop-up advertising when they are detected.

Variants

Cytron/potd installs potd.dll into Downloaded Program Files; with Cytron/sec the filename is sec.dll instead.

Also known as

Burnaby, the internal object name; TargetingSource, the name used to describe the control in Downloaded Program Files. Troj/Ortyc by VS antivirus.

Distribution

Installed by ActiveX drive-by download on a page pointed to by junk e-mail claiming you have received an 'e-card' (from domains such as surprisecards.net, cardwish.com). The ActiveX control purports to be a viewer for e-cards.

What it does

Advertising

Yes.

When IE is started for the first time it attempts to connect to Cytron's servers to download a list of keywords to look for, and URLs of pop-ups to open.

Privacy violation

No.

Security issues

No.

Stability problems

None known.

Removal

There is no uninstall feature. However McAfee can remove Cytron automatically.

Manual removal

First deregister the Cytron BHO. Open a DOS command prompt (Start->Programs->Accessories) and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u "%WinDir%\Downloaded Program Files\potd.dll"

(Change potd.dll to sec.dll if you have Cytron/sec variant.)

You should then be able to delete the 'TargetingSource' entry in Downloaded Program Files (in the Windows folder), and the registry key HKEY_CURRENT_USER\Software\POTD (Start->Run->regedit).