Monthly Archives: March 2015

SuperSource (Fried Cookie Ltd.) – 18% Anti-Virus Detection Rate – InstallCore

Welcome! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, used by a publisher called SuperSource (Fried Cookie Ltd.).

SuperSource Fried Cookie

You can see who the signer is when double-clicking on an executable file. SuperSource (Fried Cookie Ltd.) appears in the publisher field in the dialog that pops up. Information about a digital signature and the certificate can also be found under the Digital Signature tab.. The screenshot below shows the SuperSource (Fried Cookie Ltd.) certificate. From the certificate info we can see that SuperSource (Fried Cookie Ltd.) appears to be located in Israel.

SuperSource (Fried Cookie Ltd.) cert

The reason I’m writing this blog post is that the SuperSource (Fried Cookie Ltd.) file is detected by many of the anti-virus software at VirusTotal. Avast detects installer_jdownloader_English.exe as Win32:Trojan-gen, AVG reports Generic.0C3, DrWeb reports Trojan.InstallCore.312, K7AntiVirus calls it Adware ( 004b91c91 ) and VIPRE reports InstallCore (fs).

SuperSource anti-virus report

Did you also find a SuperSource (Fried Cookie Ltd.) file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Remove i.simpli.fi from Chrome, Firefox and Internet Explorer

This page shows how to remove i.simpli.fi from Mozilla Firefox, Google Chrome and Internet Explorer.

Does this sound familiar? You see i.simpli.fi in your browser’s status bar while browsing sites that normally don’t load any content from third party domains. Maybe the i.simpli.fi domain appears when performing a search at the Google.com search engine?

Here is a screen capture on i.simpli.fi from my machine, which appeared in Firefox’ status bar while doing a search at Google:

i.simpli.fi status bar

Here are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for i.simpli.fi …
  • Transferring data from i.simpli.fi …
  • Looking up i.simpli.fi …
  • Read i.simpli.fi
  • Connected to i.simpli.fi …

Does this sound like your computer, it’s possible you have some potentially unwanted program installed on your machine that makes the i.simpli.fi domain appear in your browser’s status bar. Don’t write angry emails to the website you were browsing, they are most likely not responsible for the i.simpli.fi status bar messages. The potentially unwanted program on your machine is. I’ll do my best to help you remove the i.simpli.fi message in this blog post.

For those that are new to the blog: Some time ago I dedicated a few of my lab machines and purposely installed some potentially unwanted programs on them. Since then I’ve been monitoring the actions on these systems to see what kinds of ads that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself automatically, or if it downloads additional potentially unwanted programs on the machines. I first found the i.simpli.fi in Mozilla Firefox’s status bar on one of these lab computers.

So, how do you remove i.simpli.fi from your browser? On the machine where i.simpli.fi showed up in the status bar I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the browser from loading data from i.simpli.fi .

The issue with this type of status bar message is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program running on my machine. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

So, what can be done? To remove i.simpli.fi you need to check your machine for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:

The first thing I would do to remove i.simpli.fi is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started getting the i.simpli.fi statusbar messages.

Then I would check the browser add-ons. Potentially unwanted program often show up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think you will be able to find and uninstall the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I’ve developed since 2006. Freefixer is a tool designed to manually identify and uninstall unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It will not require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having difficulties determining if a file is clean or potentially unwanted in FreeFixer’s scan result, click on the More Info link for the file. That will open up your browser with a page which contains additional details about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove i.simpli.fi ? Please let me know or how I can improve this blog post.

Thank you!

Update 2015-05-04: I’ve also seen the um.simpli.fi subdomain in use. Here’s two examples:

um.simpli.fi status bar um.simpli.fi status bar

clients1.google.com/ocsp – Digital Certificate Revocation Status Check

I was experimenting with an add-on in Firefox that monitors HTTP responses and HTTP requests. While doing a standard Google search I noticed a request to clients1.google.com, specifically to the http://clients1.google.com/ocsp URL:

clients1.google.com/ocspThe request is of the “application/ocsp-request” type. OCSP is an acronym for Online Certificate Status Protocol and it is a protocol used for getting the revocation status of a digital certificate.

And that’s probably what the connection is about: Checking the revocation status for some  certificate, probably Google’s HTTPS certificate since I was doing a Google https:// search. I have not bothered to decode the OCSP request to see in detail what information Firefox requests. Please let me know what you find out if you dig deeper into the clients1.google.com communication.

Thanks for reading!

 

LiveSoftAction SRL – 11% Anti-Virus Detection Rate – GetNow / Iminent

Hi there! Just a short post on a publisher called LiveSoftAction SRL before going back to some coding on FreeFixer.

LiveSoftAction SRL uac

You will also see LiveSoftAction SRL listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file: The certificate information can also be viewed from Windows Explorer.. The screenshot below shows the LiveSoftAction SRL certificate. From the certificate info we can see that LiveSoftAction SRL appears to be located in Bucuresti in Romania.

LiveSoftAction SRL certificate

When I uploaded the LiveSoftAction SRL file to VirusTotal, it came up with a 11% detection rate. The file is detected as Win32:Dropper-gen [Drp] by Avast, Adware.Iminent.25 by DrWeb, a variant of Win32/GetNow.H potentially unwanted by ESET-NOD32, BehavesLike.Win32.LiveSoftAction.dc by McAfee-GW-Edition and LiveSoftAction (fs) by VIPRE.

LiveSoftAction SRL anti-virus report

Did you also find a file digitally signed by LiveSoftAction SRL? What kind of download was it and where did you find it?

Thanks for reading.

Remove bkz.evgiagvu.com from Firefox, Chrome and Internet Explorer

This page shows how to remove bkz.evgiagvu.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Having issues with bkz.evgiagvu.com showing up in the lower left corner of your browser? If so, you might have some potentially unwanted program installed on your computer. I noticed bkz.evgiagvu.com in Mozilla Firefox’s statusbar when doing a search at Google, but I guess bkz.evgiagvu.com can appear if you are using Chrome, Internet Explorer, Safari or Opera too.

The following are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for bkz.evgiagvu.com…
  • Transferring data from bkz.evgiagvu.com…
  • Looking up bkz.evgiagvu.com…
  • Read bkz.evgiagvu.com
  • Connected to bkz.evgiagvu.com…

If you also see this on your computer, you almost certainly have some potentially unwanted program installed on your machine that makes the bkz.evgiagvu.com domain appear in your browser. So there’s no use contacting the owner of the site you were browsing. The bkz.evgiagvu.com status bar messages are not coming from them. I’ll do my best to help you with the bkz.evgiagvu.com removal in this blog post.

I found bkz.evgiagvu.com on one of the lab computers where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the web browsers, injected ads on site that usually don’t show ads, or if some new files have been saved to the hard-drive.

bkz.evgiagvu.com was registered on 2015-03-18. bkz.evgiagvu.com resolves to 5.153.38.134.

So, how do you remove bkz.evgiagvu.com from your web browser? On the machine where bkz.evgiagvu.com showed up in the status bar I had CheckMeUp installed. I removed it with FreeFixer and that stopped the web browser from loading data from bkz.evgiagvu.com.

The problem with this type of status bar message is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program on my machine. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

So, what can be done to solve the problem? To remove bkz.evgiagvu.com you need to examine your machine for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:

The first thing I would do to remove bkz.evgiagvu.com is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something dubious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started getting the bkz.evgiagvu.com status bar messages.

The next thing to check would be your browser’s add-ons. Potentially unwanted programs often show up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there something that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to identify and uninstall the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. Freefixer is a tool designed to manually track down and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked like many other removal tools out there. It won’t require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having troubles figuring out if a file is legit or potentially unwanted in the FreeFixer scan result, click on the More Info link for the file. That will open up a web page which contains additional details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop bkz.evgiagvu.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

Remove zeroredirect1.com Pop Up Ads

Did you just get a pop-up in a new tab from zeroredirect1.com and ponder where it came from? Did the zeroredirect1.com ad appear to have been popped up from a web site that under normal circumstances don’t use advertising such as pop-ups? Or did the zeroredirect1.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?

Here’s how the zeroredirect1.com pop-up looked like when I got it on my computer:

zj.zeroredirect1.com pop up

The domain in this case was zj.zeroredirect1.com.

Does this sound like what you see your machine, you most likely have some adware installed on your machine that pops up the zeroredirect1.com ads. So don’t send angry emails to the site you were browsing, the ads are most likely not coming from them, but from the adware on your machine. I’ll do my best to help you remove the zeroredirect1.com pop-up in this blog post.

I found the zeroredirect1.com pop-up on one of the lab machines where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show advertisements, or if some new files have been saved to the hard-drive.

zj.zeroredirect1.com resolves to the 54.172.189.104 address and zeroredirect1.com to 54.84.0.18. zeroredirect1.com was created on 2013-06-14.

So, how do you remove the zeroredirect1.com pop-up ads? On the machine where I got the zeroredirect1.com ads I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the zeroredirect1.com pop-ups and all the other ads I was getting in Mozilla Firefox.

If you are wonder if there are many others out there also getting the zeroredirect1.com ads, the answer is probably yes. Check out the traffic rank from Alexa:

zeroredirect1.com traffic

The bad news with pop-ups like the one described in this blog post is that it can be launched by many variants of adware, not just the adware that’s installed on my system. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the zeroredirect1.com ads removal:

The first thing I would do to remove the zeroredirect1.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started seeing the zeroredirect1.com pop-ups.

The next thing to check would be your browser’s add-ons. Adware often show up under the add-ons menu in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think you will be able to track down and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. Freefixer is a tool designed to manually identify and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to purchase the program just when you are about to remove the unwanted files.

And if you’re having problems determining if a file is legit or adware in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains additional information about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here you can see FreeFixer in action removing pop-up ads:

Did this blog post help you to remove the zeroredirect1.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

How To Remove consumer-responses.com Pop-Up Surveys

Are you getting pop-up surveys from consumer-responses.com while browsing on sites that typically don’t advertise in pop-up windows or by opening new tabs. Do the pop-ups manage to escape the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer or Safari.

Here’s how the consumer-responses.com survey looked like when I got it on my computer:

consumer-responses.com pop-up

Does this sounds like your experience, you probably have some adware installed on your system that pop up the consumer-responses.com surveys.  I’ll try help you to remove the consumer-responses.com in this blog post.

If you have been visiting this blog already know this, but if you are new: Some time ago I dedicated some of my lab machines and deliberately installed some adware programs on them. I’ve been monitoring the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads additional unwanted software on the computers. I first found the consumer-responses.com pop-up on one of these lab computers.

Generally these survey pop-ups claim that they are “official” surveys from the web site you were currently browsing and that you will get a reward or have a chance of winning a price by completing the survey. Sometimes they also claim that your feedback will be used to improve the web site you were visiting. Since I own the freefixer.com web site, I know the survey is 100% fake.

So, how do you remove the consumer-responses.com pop-up ads? On the machine where I got the consumer-responses.com ads I had GoSave, CheckMeUp and PennyBee installed. I removed them with FreeFixer and that stopped the consumer-responses.com pop-ups and all the other ads I was getting in Mozilla Firefox.

It seems as consumer-responses.com is getting quite a lot of traffic, based on Alexa’s traffic rank:

consumer-responses.com traffic rank

 

From the traffic graph we can see that the traffic has booming since in the beginning of November. consumer-responses.com was registered in July 2014, and the domain resolves to 8.29.137.208.

The issue with this type of pop-up is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the consumer-responses.com ads removal:

The first thing I would do to remove the consumer-responses.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows OS you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspect listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started seeing the consumer-responses.com pop-ups.

The next thing to check would be your browser’s add-ons. Adware often show up under the add-ons dialog in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think you will be able to track down and remove the adware with the two steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop many years ago. It’s a tool built to manually identify and uninstall unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to purchase the program just when you are about to remove the unwanted files.

And if you’re having difficulties determining if a file is clean or malware in FreeFixer’s scan report, click on the More Info link for the file. That will open up your browser with a page which contains more information about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Are you a Mac or Linux user and get the consumer-responses.com pop-ups? What did you do to stop the pop-up in your browser? Please share in the comments below. Thank you!

Did this blog post help you to remove the consumer-responses.com pop-ups ads? Please let me know or how I can improve this blog post.

Thank you!

Remove offers.adwingate.com Pop Up Ads Caused By Adware

Does this sound like what you are seeing right now? You see pop up ads from offers.adwingate.com while browsing on web sites that normally don’t advertise in pop-up windows. The pop-ups manage to escape the built-in pop-up blockers in Chrome, Firefox, Internet Explorer or Safari. Perhaps the offers.adwingate.com pop-ups appear when clicking search results from Google? Or does the pop-ups appear even when you’re not browsing?

Here is how the offers.adwingate.com ad looked like on my machine:

offers.adwingate.com pop up

Does this sound like what you see your machine, you probably have some adware installed on your machine that pops up the offers.adwingate.com ads. Don’t send angry emails to the site you were browsing, the ads are almost certainly not coming from them, but from the adware on your system. I’ll do my best to help you remove the offers.adwingate.com pop-up in this blog post.

If you have been following this blog already know this, but if you are new: Not long ago I dedicated a few of my lab systems and intentionally installed some adware programs on them. I’ve been tracking the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself, or if it installs additional unwanted software on the systems. I first observed the offers.adwingate.com pop-up on one of these lab computers.

offers.adwingate.com resolves to 95.85.43.136.

So, how do you remove the offers.adwingate.com pop-up ads? On the machine where I got the offers.adwingate.com ads I had TinyWallet, BlockAndSurf and BrowserWarden installed. I removed them with FreeFixer and that stopped the offers.adwingate.com pop-ups and all the other ads I was getting in Mozilla Firefox.

The problem with pop-ups such as this one is that it can be initiated by many variants of adware, not just the adware running on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what should done to solve the problem? To remove the offers.adwingate.com pop-up ads you need to check your computer for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the offers.adwingate.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspicious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started seeing the offers.adwingate.com pop-ups.

Then you can examine you browser add-ons. Adware often appear under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to identify and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop many years ago. Freefixer is a tool built to manually track down and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It won’t require you to purchase the program just when you are about to remove the unwanted files.

And if you’re having problems determining if a file is safe or malware in FreeFixer’s scan result, click on the More Info link for the file. That will open up your web browser with a page which contains additional details about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial showing FreeFixer in action removing pop-up ads:

Did this blog post help you to remove the offers.adwingate.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove i_crbfjs_info.tlscdn.com from Firefox, Chrome and Internet Explorer

This page shows how to remove i_crbfjs_info.tlscdn.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Having a mess with i_crbfjs_info.tlscdn.com showing up in the lower left corner of your web browser? If that is the case, you might have some potentially unwanted program installed on your machine. I noticed i_crbfjs_info.tlscdn.com in Mozilla Firefox’s status bar when doing a search at Google, but I guess i_crbfjs_info.tlscdn.com can show up if you are using Chrome, Internet Explorer, Safari or Opera too.

Here is how the i_crbfjs_info.tlscdn.com status bar message looked like on my computer:

i_crbfjs_info.tlscdn.com status bar

Here are some of the status bar messages you may see in your browser’s statusbar:

  • Waiting for i_crbfjs_info.tlscdn.com…
  • Transferring data from i_crbfjs_info.tlscdn.com…
  • Looking up i_crbfjs_info.tlscdn.com…
  • Read i_crbfjs_info.tlscdn.com
  • Connected to i_crbfjs_info.tlscdn.com…

If this sounds like what you are seeing on your computer, you presumably have some potentially unwanted program installed on your computer that makes the i_crbfjs_info.tlscdn.com domain appear in your browser. Don’t send angry emails to the site you were browsing, they are most likely not responsible for the i_crbfjs_info.tlscdn.com status bar messages. The potentially unwanted program on your machine is. I’ll do my best to help you remove the i_crbfjs_info.tlscdn.com message in this blog post.

If you have been following this blog already know this, but if you are new: Recently I dedicated a few of my lab machines and intentionally installed a few potentially unwanted programs on them. I have been observing the actions on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program auto-updates, or if it downloads additional potentially unwanted programs on the systems. I first observed the i_crbfjs_info.tlscdn.com in Mozilla Firefox’s status bar on one of these lab computers.

i_crbfjs_info.tlscdn.com resolves to the 108.59.4.164 IP address.

So, how do you remove i_crbfjs_info.tlscdn.com from your browser? On the machine where i_crbfjs_info.tlscdn.com showed up in the status bar I had TornTV installed. I removed it with FreeFixer and that stopped the browser from loading data from i_crbfjs_info.tlscdn.com.

The issue with status bar messages like the one described in this blog post is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program that’s installed on my machine. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

Anyway, here’s my suggestion for the i_crbfjs_info.tlscdn.com removal:

The first thing I would do to remove i_crbfjs_info.tlscdn.com is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows OS you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspect listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started seeing the i_crbfjs_info.tlscdn.com statusbar messages.

The next thing to check would be your browser’s add-ons. Potentially unwanted program often appear under the add-ons dialog in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to identify and remove the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop many years ago. It’s a tool built to manually identify and remove unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having problems determining if a file is legitimate or potentially unwanted in FreeFixer’s scan report, click on the More Info link for the file. That will open up your browser with a page which contains additional details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove i_crbfjs_info.tlscdn.com? Please let me know or how I can improve this blog post.

Thank you!

LLC “HALKON PLYUS” – 4% Anti-Virus Detection Rate

Hello! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. A few days ago I found another publisher named LLC “HALKON PLYUS”.

LLC HALKON PLYUS

If you have a LLC HALKON PLYUS file on your computer you may have noticed that LLC HALKON PLYUS pops up as the publisher in the User Account Control dialog when running the file. To get more details on the publisher, you can view the certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the embedded certificate we can see that LLC “HALKON PLYUS” is located in Ternopil, Ukraine and that the certificate is issued by COMODO RSA Code Signing CA.

LLC HALKON PLYUS certificate

The reason for posting about LLC “HALKON PLYUS” is that the file is detected by a few of the anti-virus programs. Avast classifies MediaPlayer__6741_i1484416138_il59937.exe as Win32:Malware-gen and Avira detects it as ADWARE/Adware.Gen4.

LLC HALKON PLYUS anti-virus report

To see more in details what changes the LLC “HALKON PLYUS” file would do on a user’s computer I decided to run the file on my lab machine. The installer bundled some additional software such as Wajam, PriceLess, TabNav and AnySend.

Did you also find a download that was signed by LLC “HALKON PLYUS”? What kind of download was it and was it detected by the anti-malwares at VirusTotal? Please share in posting comments below.

Thanks for reading.