Monthly Archives: September 2014

Remove Klip Pal Ads

adware, freefixer

Just a quick post about the Klip Pal adware. Klip Pal is bundled with other software. I’ll show how to remove Klip Pal in this blog post. Here’s how it can appear in an installer:KlipPal installer disclosure

As you can see, KlipPal inserts advertisements on web sites while you are browsing the web.

Klip Pal installs itself in Internet Explorer and Firefox:

Klip Pal 1.0.1 firefox warning Klip Pal 1.0.1 in Firefox

Removing Klip Pal is a piece of cake with FreeFixer. Just select the Klip Pal files for removal and then click the Fix button and the ad problem will be solved.

KlipPalbho.dll internet explorer Klip Pal remove firefox

Hope this helped you solve the Klip Pal problem. Any idea how you got it on your machine?

Thanks for reading!

Website Counselor – Adware Removal Instructions

adware

Found a new adware called Website Counselor that is being bundled with other software downloads. Here’s how it appeared in the installer:

Website Counselor installer disclosure

 

Website Counselor is installed as an add-on in Firefox. It will appears as Website Counselor 0.1 in the add-ons menu.

Website Counselor 0.1 in the Firefox Add-on Menu

How do I know that this is adware? Well, the Website Counselor EULA clearly explains that it can show advertisements:

Website Counselor Adware - The EULA

If you’d like to remove Website Counselor you can do so by removing it from the Firefox add-ons menu. You can also remove it with FreeFixer by checking the Website Counselor extension for removal:

How to remove Website Counselor from Firefox

Hope this helped you figure about what Website Counselor and how to remove it.

Any idea how you got this on your machine? Please share by posting a comment.

Innovative Systems LLC – 9% Detection Rate at VirusTotal

digital signature

Just a short note on a publisher called Innovative Systems LLC. When I uploaded the Innovative Systems LLC file to VirusTotal it had a 9% detection rate. Some of anti-virus scanners calls the file InstallCore. Symantec classifies the file as Trojan.Gen.2:

Innovative Systems LLC VirusTotal

According to the certificate, Innovative Systems LLC is located in Ukraine.

Innovative Systems LLC certificate

Innovative Systems LLC publisher

Did you also find a file digitally signed by Innovative Systems LLC? What kind of download was it and where did you find it?

I’ll try to follow up on this one later, to see if the other anti-virus programs adds it to their detection.

 

PSK LOGEUM LLC – 4% Detection Rate at VirusTotal

digital signature

Hello again, sorry for being slow on the posting lately. I blame it on the cold I caught last week. Anyway, just wanted to give you the heads up on a publisher called PSK LOGEUM LLC, that according to the embedded certificate appears to be located in Russia.

PSK Logeum LLC Publisher

psk logeum llc certificate

The reason I’m writing this blog post is that the PSK LOGEUM LLC file is detected by a few on the anti-virus programs. McAfee report it as BehavesLike.Win32.Dropper.ch and Qihoo reports it as Win32/Rootkit.Rootkig.7e5.

psk logeum publisher virustotal report

When I tested the PSK LOGEUM LLC file it installed an adware called BlockAndSurf.

Did you also find a PSK LOGEUM LLC file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

 

MyBestOffersToday – Pop Up Removal Instructions.

adware, freefixer, ,

Getting pop-up ads from MyBestOffersToday?

My Best Offers Today Pop-Up

Removing MyBestOffersToday is easy. Just uninstall it from the Windows Control Panel…

How To Remove MyBestOffersToday from the Windows Control Panel

.. or if you’d like to use FreeFixer, select the MyBestOffersToday files for removal. They will  have “mbot” as part of the filename:

mybestofferstoday startup in FreeFixer mbot files in freefixer mybestofferstoday_widget.exe

I uploaded one of the file to VirusTotal. Here’s the scan result for mybestofferstoday_widget.exe. The files are signed by Tuto4PC.comTuto4PC and Eorezo are two of the detection names:

mybestofferstoday virustotal

My Best Offers Today is bundled with other software downloads. Here’s how it was disclosed in one of the installers where I found it:

my best offers today installer

How did you get My Best Soft Today on your machine? Please share in the comments.

Remove GoSave – Ads by GoSave Removal Instructions

adware, freefixer

Morning readers! I just found a new adware called GoSave. This appears to be a variant of the GoSaveNow adware that I wrote about yesterday. If you got GoSave on your machine, you will see ads labeled Ad by GoSave, Ads by GoSave or Brought by GoSave. Here’s a few examples of the ads I noticed when GoSave was installed on my machine:

Brought by GoSave ads inserted into a web page Ad by GoSave inserted into a webpage in firefox Banner labeled "Ad by GoSave"

You can also see GoSave in your web browser’s add-on menu:

GoSave in Firefox's add-on menu

 

GoSave is currently bundled with a large number of downloads. Here’s how it was disclosed in one of the installers:

gosave installer

If you’d like to remove GoSave you can do so with the freeware FreeFixer tool. Selected the GoSave files for removal in FreeFixer, click Fix, reboot your machine and the ad problem will be gone. Here’s a few screenshots to point you in the right direction:

gosave internet explorer gosave firefox extension gosave chrome extension

GoSave is often installed with three other unwanted programs called GS_Booster, GS_Sustainer 1.80 and YoutubeAdBlocke, that you probably want to remove too.

Hope you found this useful.

Any idea how GoSave was installed on your machine? Please share in the comments below.

Browser+ Apps+ Removal – Ads by Browser+ Apps+ Removal Instructions

adware, freefixer

Found another adware variant called Browser+ Apps+ right now. If you got this on your machine, you will see some ads labeled “Ads by Browser+ Apps+” in the web browser. It adds a bunch of files and installs itself in your web browser. Here’s how it appears in Firefox:

browser+ apps+ 0.95.27 firefox

The Browser+ Apps+ removal with FreeFixer is pretty easy. Check all the Browser+ Apps+ files for removal and click fix. Here’s a few screenshots from the removal that should help you:

browser+ apps+ tasks browser+ apps+ bho

Thanks for reading.

GS_Booster and GS_Sustainer 1.80 – Removal Instructions

freefixer

Did something called GS_Booster and GS_Sustainer 1.80 appear on your machine? These two programs often appear with an adware called Gosavenow which I’ve written about earlier today. Here’s the scan result from VirusTotal for the file:

GS_booster.exe virustotal

You can remove GS_Booster and GS_Sustainer 1.80 with the FreeFixer removal tool. All you need to do is to check the GS_Booster and GS_Sustainer 1.80 files in the scan result and click the Fix button. Here’s a few screenshots that should help you along the way:

GS_Sustainer 1.80 GS_Booster.exe schedulded task GS_Booster.exe process GS_Booster rundll

Hope that helped you with the removal.

Any idea how you got GS_Booster and GS_Sustainer 1.80 on your machine? Please share by posting a comment.

Remove Ads By GoSaveNow – Adware Removal Instructions

adware, freefixer,

Are you seeing ads labelled Ads By GoSaveNowAd By GoSaveNow or Brought by GosaveNow? Do you also see links inserted into the web page that have a small green icon and says “Click to Continue > by Gosavenow“? If so, you have the GosaveNow adware installed on your machine. I’ll show how to remove Gosavenow in this blog post with the FreeFixer removal tool.

I’ve also found a variant of this adware called GoSave.

Here are a few examples on how the Gosavenow ads looks like:

Ad by Browser Shop Ad by Gosavenow

The Gosavenow ads also appears on search engines such as Google:

Ad by Gosavenow on the Google search engine ads by gosavenow

The following Gosavenow ad was inserted on Wikipedia.org:

brought by GoSaveNow Click to continue by Gosavenow

Gosavenow installs itself in Internet Explorer, Mozilla Firefox and Google Chrome. You can spot it if you open up the add-ons manager in the web browsers.

Gosavenow 1.8 chrome browser extensionGosavenow 1.8 in Firefox

Some of the antivirus programs are detecting the GosaveNow adware, but the detection rate is rather low. Only 4 of the 55 anti-virus scanners at VirusTotal detected it. That’s a 7% detection rate. MultiPlug seems to be the common detection name:

gosavenow virustotal report: MultiPlug

So, the GosaveNow removal. You can easily remove GosaveNow with FreeFixer. Just select the Gosavenow files for removal and click the Fix button. You may have to reboot your machine to complete the removal:

gsbooster.exe process gosavenow firefox extension GosaveNow chrome extension gosavenow bho

That’s it. Hope that helped you unistall GosaveNow.

Did you also get GosaveNow on your machine? Any idea how it was installed? Please share by posting a comment below.

Thank you for reading!

Bestop-app – 22% detection rate – InstallCore

digital signature

Hello readers, just a short post on a publisher called Bestop-app before going back to some coding on FreeFixer. By looking at the embedded certificate we can see that Bestop-app appears to be located in Tel Aviv in Israel.

Bestop-app

After uploading the Bestop-app file – FlvPlayerSetup.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 22% and some of the detection names were: PUP.Optional.InstallCore, CryptInno and Install Core Click run software.

Bestop-app virustotal

Did you also find a Bestop-app file?