Category Archives: Uncategorized

Ocsp.NetSolSSL.com Connections While Browsing? – That’s Network Solution’s OCSP Server

If you see connections to ocsp.netsolssl.com while browsing some web site, there’s no need to worry. This connection is done when the browser needs to talk to Network Solution’s Online Certificate Status Protocol (OCSP) server, while getting a the revocation status of an digital certificate.

Here’s how ocsp.netsolssl.com showed up in my network log:

ocsp.netsolssl.com

I think ocsp.netsolssl.com can appear in the browser’s status bar to saying something like “Waiting for ocsp.netsolssl.com” or “Connecting to ocsp.netsolssl.com”.

ocsp.netsolssl.com was created back in January 31st 2005. The domain expires January 31st 2019.

Remove lhbzz.reward-zone.0215.pics Pop Survey Ads

Sound familiar? You see pop-up advertisements from lhbzz.reward-zone.0215.pics while browsing web sites that mostl of the time don’t advertise in pop-up windows. The pop-ups manage to find a way round the built-in pop-up blockers in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Perhaps the lhbzz.reward-zone.0215.pics pop-ups show up when clicking search results from Google? Or does the pop-ups appear even when you’re not browsing?

Here is a screen capture on the lhbzz.reward-zone.0215.pics pop-up from my system:

lhbzz.reward-zone.0215.pics

(I know, lots of watermarks. Have to do it to stop the copy-cats.)

If this description sounds like your story, you most likely have some adware installed on your machine that pops up the lhbzz.reward-zone.0215.pics ads. So there’s no use contacting the site owner. The ads are not coming from them. I’ll do my best to help you remove the lhbzz.reward-zone.0215.pics pop up in this blog post.

I found the lhbzz.reward-zone.0215.pics pop-up on one of the lab machines where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on web site that usually don’t show advertisements, or if some new files have been saved to the hard-drive.

lhbzz.reward-zone.0215.pics resolves to 107.191.40.156 and 0215.pics to the 199.59.243.120 IP address. lhbzz.reward-zone.0215.pics was registered on 2015-06-02.

So, how do you remove the lhbzz.reward-zone.0215.pics pop-up ads? On the machine where I got the lhbzz.reward-zone.0215.pics ads I had MedPlayerNewVersion, Movie Wizard and istartsurf installed. I removed them with FreeFixer and that stopped the lhbzz.reward-zone.0215.pics pop-ups and all the other ads I was getting in Mozilla Firefox.

MedPlayerNewVersion was the adware that caused the pop-ups in my case.

The problem with pop-ups such as this one is that it can be popped up by many variants of adware, not just the adware on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the lhbzz.reward-zone.0215.pics ads removal:

The first thing I would do to remove the lhbzz.reward-zone.0215.pics pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started getting the lhbzz.reward-zone.0215.pics pop-ups.

Then you can examine you browser add-ons. Adware often show up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there something that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to identify and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool designed to manually track down and remove unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to purchase the program just when you are about to remove the unwanted files.

And if you’re having problems figuring out if a file is safe or malware in FreeFixer’s scan report, click on the More Info link for the file. That will open up a web page which contains additional information about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video guide showing how to remove pop-up ads with FreeFixer:

Did this blog post help you to remove the lhbzz.reward-zone.0215.pics pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove secureadserver.com Pop Up Ads

Does this sound like what you are seeing right now? You see pop-up ads from secureadserver.com while browsing websites that mostl of the time don’t advertise in pop-up windows. The pop-ups manage to evade the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Perhaps the secureadserver.com pop-ups appear when clicking search results from Google? Or does the pop-ups show up even when you’re not browsing?

Here’s how the secureadserver.com pop-up looked like when I got it on my computer:

secureadserver.com pop up

(I’m sorry for the many watermarks. If I don’t add them, the screenshot always show up at some copy-cat blogs.)

Does this sound like what you see your machine, you presumably have some adware installed on your machine that pops up the secureadserver.com ads. So there’s no use contacting the site owner. The ads are not coming from them. I’ll do my best to help you remove the secureadserver.com pop-up in this blog post.

I found the secureadserver.com pop-up on one of the lab systems where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on web site that usually don’t show ads, or if some new files have been saved to the hard-drive.

secureadserver.com resolves to the 91.109.10.128 IP address. secureadserver.com was created on 2013-04-04.

So, how do you remove the secureadserver.com pop-up ads? On the machine where I got the secureadserver.com ads I had PrimaryColor, FastSearch, SSFK.exe, mystartsearch, YTDownloader, SFKEX64.exe, WebShield, PhaseProfessor and Wajam installed. I removed them with FreeFixer and that stopped the secureadserver.com pop-ups and all the other ads I was getting in Mozilla Firefox.

It seems as secureadserver.com is getting quite a lot of traffic, based on Alexa’s traffic rank:

secureadserver.com traffic

The issue with this type of pop-up is that it can be popped up by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the secureadserver.com ads removal:

The first thing I would do to remove the secureadserver.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspicious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started seeing the secureadserver.com pop-ups.

Then I would check the browser add-ons. Adware often turn up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to track down and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. It’s a tool built to manually find and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It won’t require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having problems figuring out if a file is safe or adware in FreeFixer’s scan result, click on the More Info link for the file. That will open up your web browser with a page which contains more details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any adware on your machine? Did that stop the secureadserver.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Remove media-surv.com Pop Up Ads

Does this sound like your story? You see popup ads from media-surv.com while browsing sites that usually don’t advertise in pop-up windows. The pop-ups manage to find a way round the built-in popup blockers in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Maybe the media-surv.com pop-ups appear when clicking search results from a Google search? Or does the pop-ups appear even when you’re not browsing?

Here’s how the media-surv.com pop-up looked like when I got it on my system:

media-surv.com pop up

If this description sounds like your machine, you apparently have some adware installed on your system that pops up the media-surv.com ads. There’s no use contacting the owners of the web site you currently were browsing. The ads are not coming from them. I’ll do my best to help you with the media-surv.com removal in this blog post.

Those that have been reading this blog already know this, but for new visitors: A little while back I dedicated a few of my lab computers and intentionally installed a few adware programs on them. I’ve been monitoring the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it installs additional unwanted software on the systems. I first noticed the media-surv.com pop-up on one of these lab machines.

media-surv.com resolves to the 162.255.119.251 address and www.media-surv.com to 54.192.195.34. media-surv.com was registered on 2015-12-09.

Here’s the traffic rank for media-surv.com:

media-surv.com traffic

So, how do you remove the media-surv.com pop-up ads? On the machine where I got the media-surv.com ads I had PineTree, GamesDesktop and CPUMiner installed. I removed them with FreeFixer and that stopped the media-surv.com pop-ups and all the other ads I was getting in Mozilla Firefox.

The issue with this type of pop-up is that it can be popped up by many variants of adware, not just the adware that’s installed on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

To remove the media-surv.com pop-up ads you need to review your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the media-surv.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed approximately about the same time as you started getting the media-surv.com pop-ups.

Then you can examine you browser add-ons. Adware often turn up under the add-ons dialog in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to identify and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool built to manually track down and remove unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having a mess figuring out if a file is clean or adware in FreeFixer’s scan report, click on the More Info link for the file. That will open up your browser with a page which contains more details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any adware on your machine? Did that stop the media-surv.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Remove safesoftware**.com Pop Up Ads

Did you just get a pop-up from safesoftware18.com and ask yourself where it came from? Did the safesoftware18.com ad appear to have been launched from a web site that under normal circumstances don’t use advertising such as pop-up windows? Or did the safesoftware18.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?

Here is a screenshot on the safesoftware18.com pop-up from my system:

safesoftware**.com pop up

If this description sounds like what you are seeing, you probably have some adware installed on your machine that pops up the safesoftware18.com ads. So don’t send angry emails to the web site you were browsing, the ads are probably not coming from them, but from the adware on your computer. I’ll do my best to help you remove the safesoftware18.com pop up in this blog post.

Those that have been spending some time on this blog already know this, but for new visitors: Some time ago I dedicated a few of my lab machines and intentionally installed a few adware programs on them. Since then I have been monitoring the behaviour on these systems to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads and installs additional unwanted software on the machines. I first observed the safesoftware18.com pop-up on one of these lab machines.

www.safesoftware18.com resolves 54.192.98.139.

I’ve also spotted a bunch of similar domains:

  • safesoftware10.com
  • safesoftware11.com
  • safesoftware12.com
  • safesoftware13.com
  • safesoftware14.com
  • safesoftware15.com
  • safesoftware16.com
  • safesoftware17.com

I will not be surprised if the follow domains shows up in the future:

  • safesoftware18.com
  • safesoftware19.com
  • safesoftware20.com
  • safesoftware21.com
  • safesoftware22.com
  • safesoftware23.com
  • safesoftware24.com
  • safesoftware25.com
  • safesoftware26.com
  • safesoftware27.com
  • safesoftware28.com
  • safesoftware29.com
  • safesoftware30.com

So, how do you remove the safesoftware18.com pop-up ads? On the machine where I got the safesoftware18.com ads I had Windows Menager, Live Malware Protection, SmartComp Safe Network and gosearch.me installed. I removed them with FreeFixer and that stopped the safesoftware18.com pop-ups and all the other ads I was getting in Mozilla Firefox.

The problem with pop-ups like this one is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the safesoftware18.com ads removal:

The first thing I would do to remove the safesoftware18.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspect in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started getting the safesoftware18.com pop-ups.

Then I would check the browser add-ons. Adware often appear under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to find and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool built to manually track down and remove unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having difficulties determining if a file is legit or adware in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains more information about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial which shows FreeFixer in action removing adware that caused pop-up ads:

Did you find any adware on your machine? Did that stop the safesoftware18.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

[Warning] TIMESTAMP With Implicit DEFAULT Value Is Deprecated – How To Fix It

Did you just upgrade your MySQL server and got a warning about an implicit TIMESTAMP default value when starting mysqld.exe?

>mysqld.exe
 2015-12-04 13:17:27 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).

If you would like to find the databases, tables and column names that cause the warning message, just run the following query on the information_schema database:

mysql> USE information_schema;
Database changed
mysql> SELECT TABLE_SCHEMA, TABLE_NAME, COLUMN_NAME FROM Columns WHERE DATA_TYPE='datetime' AND IS_NULLABLE='NO' and COLUMN_DEFAULT IS NULL;
+--------------+-------------+-------------+
| TABLE_SCHEMA | TABLE_NAME | COLUMN_NAME |
+--------------+-------------+-------------+
| biggamedb | updatequeue | added |
| ff_testdb | hosts | added |
| ff_testdb | hosts | lastspotted |
| ff_testdb | product | added |
+--------------+-------------+-------------+
4 rows in set (0.11 sec)

Hope that helped you fix the problem. Or did you go with the –explicit_defaults_for_timestamp flag?

consent.google.com – The “Privacy Reminder from Google”

I was checking out  the network log from a Google search this evening and found a Google.com subdomain that I didn’t see before. It’s consent.google.com.

consent.google.com

Basically, the browser will load content from the consent.google.com subdomain when Google asks for your consent, or when showing the “Privacy Reminder from Google”. This reminder can appear when using Google’s services. The reminder typically appears in a overlay on the service you were using.

You can read more about the reminder here:

https://consent.google.com/privacyreminder/signedout

Remove thearbitragetrader.com Pop Up Ads

Did you just get a pop-up from thearbitragetrader.com and ask yourself where it came from? Did the thearbitragetrader.com ad appear to have been popped up from a web site that under normal circumstances don’t use advertising such as pop-up windows? Or did the thearbitragetrader.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?

Here is a screen-cap on the thearbitragetrader.com pop-up from my system:

thearbitragetrader.com pop up

(Sorry for the ridiculous use of watermarks. I have to do it to stop the copy-cats.)

Does this sound like your experience, you most likely have some adware installed on your machine that pops up the thearbitragetrader.com ads. So don’t write angry emails to the website you were browsing, the ads are almost certainly not coming from them, but from the adware on your computer. I’ll do my best to help you remove the thearbitragetrader.com pop-up in this blog post.

Those that have been reading this blog already know this, but here we go: A little while back I dedicated some of my lab computers and deliberately installed some adware programs on them. Since then I have been tracking the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it installs additional unwanted software on the machines. I first observed the thearbitragetrader.com pop-up on one of these lab computers.

www.thearbitragetrader.com resolves to the 198.232.124.192 IP address and thearbitragetrader.com to 54.72.139.26. thearbitragetrader.com was registered on 2014-10-14.

So, how do you remove the thearbitragetrader.com pop-up ads? On the machine where I got the thearbitragetrader.com ads I had Windows Menager, Live Malware Protection, SmartComp Safe Network and gosearch.me installed. I removed them with FreeFixer and that stopped the thearbitragetrader.com pop-ups and all the other ads I was getting in Mozilla Firefox.

If you are wonder if there are many others out there also getting the thearbitragetrader.com ads, the answer is probably yes. Check out the traffic rank from Alexa:

thearbitragetrader.com traffic

The issue with pop-ups such as this one is that it can be popped up by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what should done to solve the problem? To remove the thearbitragetrader.com pop-up ads you need to check your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

  1. Check what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see something that you don’t remember installing or that was recently installed?
  2. You can also examine the add-ons you installed in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Same thing here, do you see something that you don’t remember installing?
  3. If that didn’t help, I’d recommend a scan with FreeFixer to manually track down the adware. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial which shows FreeFixer in action removing adware that caused pop-up ads:

Did you find any adware on your machine? Did that stop the thearbitragetrader.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

93.89.204.67 – That “Free Piano” Spam

I don’t know how many of these “Free Piano” spam I’ve been getting from 93.89.204.67:

93.89.204.67 Free Piano spam

The spam bot seems to have to problem with my anti-bot question. I guess the question is to easy answer.

Here’s some details for 93.89.204.67, thanks to DomainTools:

Poland Barwice Telewizja Kablowa Kolobrzeg Agencja Uslugowo – Reklamowa Sp. Z O.o.
ASN Poland AS201328 TKK-NET-ASN Telewizja Kablowa Kolobrzeg, Agencja Uslugowo – Reklamowa sp. z o.o. (registered Nov 24, 2014)
Resolve Host host-abn-93-89-204-67.tkk.pl

Are you also getting spammed by 93.89.204.67?

NEW SOFT Inkorporeishn, TOV – 11% Detection Rate – Amonetize

Welcome! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called NEW SOFT Inkorporeishn, TOV.

NEW SOFT Inkorporeishn, TOV publisher

You can see who the signer is when double-clicking on an executable file. NEW SOFT Inkorporeishn, TOV appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the NEW SOFT Inkorporeishn, TOV certificate.

NEW SOFT Inkorporeishn, TOV cert

So, why am I writing about the NEW SOFT Inkorporeishn, TOV file? Check out what the anti-malware software report about the file:

NEW SOFT Inkorporeishn TOV anti-virus report

SUPERAntiSpyware reports PUP.Amonetize/Variant, Malwarebytes classifies it as PUP.Optional.Amonetize, Qihoo-360 calls it HEUR/QVM10.1.Malware.Gen and DrWeb reports Download Uc Browser V Handler Zip__15022_i1756037767_il542797.exe as Trojan.Amonetize.11110 are a few of the detection names for Download Uc Browser V Handler Zip__15022_i1756037767_il542797.exe.

Did you also find a NEW SOFT Inkorporeishn, TOV download? What kind of download was it?

Thanks for reading.