Just a note on a publisher called FIRSERIA S.L. The FIRSERIA S.L. download that I found had a high detection rate, 41% when I uploaded it to VirusTotal. Did you also find a download by FIRSERIA S.L.? Was it also detected when you uploaded it to VirusTotal?
Just a quick post on a faked Flash Player download, named adobe_flash_setup.exe, digitally signed by Information Technology Systems. This download was promoted with the following pop-up:
Information Technology Systems seems to be located in Montenegro based on the embedded certificate.
The current detection rate is 16% according to VirusTotal. InstallCore appears to be the most common detection name.
Hello there, hope you are having a great weekend. Just found another adware variant called RockResult. It appears that RockResult has been around for a while, at least a month, judging from the other anti-malware bloggers. But since I found it bundled today, I though I should write a short post about it.
RockResult is added as an add-on in Internet Explorer and Firefox:
So, how did RockResult install on your machine? It was probably bundled with some download that you installed recently. Here’s how RockResult was disclosed when I found it:
I’m sure you’d like to remove RockResult, and that’s pretty easy with FreeFixer. Select the RockResult files, as shown in the screenshots below, click Fix, and reboot your machine and the ads should be gone.
Thanks for reading.
I found the SyncPulse Manager software while installing another download called BitLord. SyncPulse Manager was included in the BitLord installation package, or installed by one of the programs that were bundled with BitLord. Unfortunately, I could not see any notice that SyncPulse Manager would be installed while proceeding though BitLord’s installation wizard. Maybe I did not examine the various licence agreements shown during installation with enough care, or perhaps SyncPulse was not disclosed at all?
Anyway, if you have SyncPulse Manager on your machine, you’ll see SyncPulseManager.exe running in the Windows Task Manager:
Out of curiosity, I uploaded the SyncPulseManager.exe file to VirusTotal. Currenly, none of the anti-virus programs is detecting SyncPulse. It will be interesting to see if any of them will detect SyncPulseManager.exe.
So should it be removed? I think so, since it was bundled and I could not see any notice that it would be installed. If you’d like to remove SyncPulse Manager, you can do so with FreeFixer, or from the Windows Control Panel:
How did you get SyncPulse Manager on your computer? Please share in the comments below. If it was bundled, did you see any disclosure that it would be installed?
Stumbled upon an adware called RocketTab this morning. I’ll show how to remove RocketTab, but first, let’s talk a little on how it is installed and what it does to your computer. RocketTab is distributed by bundling, that is, it is included in another software’s installer. Here’s how RocketTab was disclosed when I found it:
Once installed you’ll notice the RocketTab file Client.exe running in the Windows Task Manager:
RocketTab inserts its ads while you browse the web. Here’s the ads are labeled “Ads by RocketTab” and appear on the Google search results.
As always when I find some new bundled software, such as RocketTab, I upload the files to VirusTotal to see what the other anti-virus programs report. And the detection rate is very low: 4%. The detection name is Adware.iBryte.
Removing RocketTab is pretty easy with the FreeFixer removal tool. Just select the Client.exe process and scheduled task for removal, reboot and the problems is gone.
Hope that helped you figure out what RocketTab is and how to remove it.
How did you get RocketTab on your computer? Please share in the comments below.
Update 2014-09-18: Client.exe is now digitally signed by Inertware.
Hello readers! Today I’m posting removal instructions for yet another adware variant called snipsmart. The snipsmart adware is bundled with other software downloads. So if snipsmart appeared unexpectedly on your machine, that’s probably how it was installed.
Snipsmart is installed as an add-on in Internet Explorer and Mozilla Firefox. Here’s a screendump from my lab machine which shows snipsmart in the add-ons menu of Firefox:
Typically, this type of adware adds banners on web site while you are browsing the web. The ads are usually tagged with texts such as “Snipsmart ads” or “Ads by Snipsmart“. However, for unknown reasons, I did not see any ads. Do you see the snipsmart ads on your machine? Please take a screenshot of the ad and send it to me and I’ll post it here on the blog. Thank you very much!
As per usual, I uploaded snipsmart to VirusTotal to see what the antivirus scanners report. And the detection rate is low. Only 6 of the 55 anti-virus programs detected the snipsmartBho.dll file:
So, let’s get on with the snipsmart removal. As usual, this type of adware is easy to remove with FreeFixer. Just select the snipsmart files for removal and click Fix. You may have to reboot your machine to complete the removal. Here’s FreeFixer in action uninstalling snipsmart:
Hope that helped you figure out what snipsmart is and how to remove it.
How did you get snipsmart on your machine? Please share by posting a comment.
Yesterday I tried one of the downloads listed at CNET’s Download.com site and found that they are bundling a new adware called NeuroWise:
Neurowise appears to be a variant of the Atuzi adware that they previously bundled. According to Download.com’s disclosure,
Neurowise content includes advertisements and is not affiliated with any underlying websites. Browser settings will be adjusted at install.
Typically, this type of adware shows banner ads labeled “Ads by Neurowise” or “Neurowise Ads“, but for some reason I did not see any ads while browsing around with neurowise installed. Did you spot any Neurowise ads? How did they look like and where did they appear?
Neurowise is installed as a browser add-on in Firefox and Internet Explorer. In case you haven’t already spotted it in Firefox, here’s how it appears in the add-on menu:
The majority of the anti-virus programs over at VirusTotal are detecting Neurowise, as shown in the screeshot below. BrowseFox and AltBrowse are some of the detection names.
Removing the Neurowise adware is a piece of cake with FreeFixer. Just start the scan, select the Neurowise files, click Fix, reboot you machine and the problem will be gone. Here’s a few screenshots showing FreeFixer in action removing the Neurowise files:
Hope that helped you figure out what Neurowise is and how to remove it. Did you also get Neurowise from Download.com?
Getting bombarded with ads labeled “InfiniNet Ads” in Internet Explorer and Firefox? Then you got the InfiniNet adware installed on your machine. InfiniNet inserts ads while you browse the web. I’ve seen the ads appear on all types of web pages.
I found the InfiniNet adware while testing another download that I knew had a history of bundling other types of adwares. Here’s how InfiniNet was disclosed in the installer:
InfiniNet installs itself as an add-on in Firefox and Internet Explorer. Here’s how it shows up in Firefox’s add-on menu:
The anti-virus scanners seems to be pretty up to date when it comes to detecting InfiniNet.
The detection rate is 45% which I think is pretty good. Some of the detection names are BrowseFox and AltBrowse.
The InfiniNet removal is straightforward with Freefixer. Just start the scan, select the InifiniNet files, click Fix and reboot your machine and the ads should be long gone. Here’s a few screenshots that shows FreeFixer in action deleting the InfiniNet files:
How did you get InfiniNet on your machine? Please share by posting a comment.
Hello there, just a quick post on a publisher called Kiril Skiba that I found while running some tests on FreeFixer v1.12. I should have this new version of FreeFixer out this week. The suspicious file is named ldownload.exe and the following screenshot shows the User Account Control dialog when running the Kiril Skiba file.
The digital certificate appears to be relatively new. It’s valid from the 11th of Junly, 2014. According to the certificate, Kiril Skiba is located in Ukraine. The certificate is issued by Certum Code Signing CA.
At the time being, the detection score for the Kiril Skiba file is very low. When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious – only QIhoo-360 and VBA32 detected the file. The detection names are HEUR/Malware.QVM10.Gen and suspected of Trojan.Downloader.gen.h. With those two detections, I’d stay away from the file. It will be interesting to see if the other anti-virus programs will add this file it in the future.
When I tested to run the Kiril Skiba file, nothing appeared to happen. I could not see any modification at all on my lab computer. No windows popped up. Nothing.
Did you also find a file digitally signed by Kiril Skiba? Did it pose as something useful?
Did your search settings and home page in Chrome, Firefox and Internet Explorer just change to websearch.fixsearch.info? No worries, I’ll show how to remove websearch.fixsearch.info from your computer.
I found the unwanted websearch.fixsearch.info search engine while testing out some downloads. The downloaded files were digitally signed by Igor Kramoren and Alexey Kurilenko, publishers that have previously bundled unwanted software with their downloads.
How did you get fixsearch.info on your computer? Please share by posting a comment.
So, the websearch.fixsearch.info removal. One way to do the removal is to use the FreeFixer tool.
- Download and install FreeFixer.
- Click the Start scan button. It should complete in about 5 minutes.
- Check the websearch.fixsearch.info items in the scan result.
- Click the Fix button.
- Restart your web browsers.
You can also use the reset function in Firefox, Chrome and Internet Explorer. The reset feature restores many settings of the web browser to its default state. The problem is that it may do a little to much.
How to reset Mozilla Firefox settings:
- Click the menu button in the upper-right corner of the browser.
- Then click the Help button at the bottom of the Firefox menu.
- From the Help menu, choose Troubleshooting Information.
- If you cannot access the Help menu, type about:support in the address bar to open up the Troubleshooting Information page.
- Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
- A dialog will pop up explaining what settings Firefox tries to preserve. Notice that everything else will be removed! To continue, click the Reset Firefox button in the confirmation window that opens..
- Firefox will close and reset itself. When the reset is done, a window will list the information that was imported. Click Finish and you’re done.
How to reset Google Chrome settings:
- Click the Chrome menu in the upper-right corner of Chrome.
- Select Settings.
- Click Show advanced settings and locate the “Reset browser settings” section.
- Click the Reset browser settings button.
- In the confirmation dialog that appears, review the changes the reset feature performs, then click Reset.
How to reset Internet Explorer settings
- Start Internet Explorer.
- On the Tools menu, that appears in the upper-right corner of the browser, click Internet options. If you can’t see the Tools menu, press Alt on your keyboard.
- In the Internet Options window, click the Advanced tab.
- Click Reset… If you’re using Internet Explorer 6, click Restore Default.
- In the Reset Internet Explorer Settings dialog box, click Reset.
- Select the Delete personal settings check box if you want to reset home pages, search providers and accelerators. Delete temporary Internet files, history, cookies, web form information, ActiveX Filtering data, Tracking Protection data, Do Not Track data and passwords.
- When Internet Explorer has finished applying the default settings, click the Close button.
- Reboot your machine.
Hope that helped you remove websearch.fixsearch.info.
Thank you for reading.