Monthly Archives: April 2014

How To Remove SaveClicker

I was actually searching for another adware, but ran into the SaveClicker adware instead. When I found SaveClicker, it was bundled with a free download manager. Here’s the info it displays in the installer.

saveclicker install info

“Just install the add-on on your browser, surf the web and get specials offers (special coupons, discounts and sales)”

Obviously SaveClicker is adware. Here’s how the SaveClicker ad looks like:

Powered by SaveClicker

SaveClicker can easily be uninstalled  by selected in the SaveClicker files in FreeFixer, or by using the entry in the Programs and Features dialog:

SaveClicker saveclicker in internet explorer saveclicker uninstall

How did you get SaveClicker on your computer? Please share by posting a comment.

How To Remove the AtuZi Adware

CNet’s Download.com site recently started bundling a new adware called AutZi. Basically it will show ads and change some browser settings:AtuZi CNet Installer

AutZi adds itself into Internet Explorer and Mozilla Firefox as shown in the screenshots below:

AtuZi-1.0.1 Firefox add-on requesting install AtuZi In FirefoxAtuZi add-on Internet Explorer

Removing AutZi is pretty straightforward. You can just select the AtuZibho.dll file and the AtuZi Firefox extension in FreeFixer:AtuZibho.dllAutZi Firefox Extension

Here’s a step-by-step removal video that shows how to uninstall AtuZi with FreeFixer:

There’s also an entry in the Program and Features dialog which allows you to uninstall AtuZi:AtuZi Uninstall

Please let me know if this helped you remove AtuZi by posting a comment.

SW-Booster.exe, SW-Sustainer 1.80, saVee aNete 5.14

Played around with another download this morning. This time a bunch of new files and settings appeared. The first notable change was a new process and scheduled task called SW-Booster.exe appearing:sw-booster.exe

SW-Booster.exe is detected under names such as “a variant of Win32/TrojanDownloader.Agent.AFD” and “PUP.Optional.MultiPlug.A

Two new Firefox extensions also appeared, Y**tubeAdBlocker and saVee aNete 5.14:savee-anete-5.14

I’ve verified that FreeFixer removed these completely. There are also entries in the Programs and Features dialog.SW-Booster-SW-Sustainer 1.80

Please let me know if this helped you remove the SW-Booster malware by posting a comment.

Update 2014-11-21: Seems to be a variant around called SoftwareBooster.exe:

SoftwareBooster.exe task manager

 

How To Remove SaveNet

Played around with an adware called SaveNet this evening. The screenshot below explains what types of ads SaveNet will show:

SaveNet Install

Basically you’ll see SaveNet coupons while you browse the web.

If you have SaveNet on your machine, you may also see a file called SN.Booster.exe in the Task Manager. SN.Booster.exe will also run as a service:SN.booster.exe

You’ll also see a Browser Helper Object and a Mozilla Firefox extension when scanning your computer with FreeFixer. The nasty thing about SaveNet is that it will use some sort of semi-random names displayed in Mozilla, Internet Explorer and the Programs and Features dialog. I’ve seen names such as:

  • saVe neut
  • ssave net
  • saveE! neot
  • save. net
  • Save net
  • SNT
  • savve noeT
  • Y**t*beAdblocker
  • saVVE Net
  • saVe neut
  • ssave net
  • saveE! neot
  • savve noeT
  • SN.Booster
  • SN.Sustainer 1.80

What names did you see? Please share by posting a comment.

SaveNet Browser Helper ObjectsSaveNet Firefox Extensions

Luckily it’s pretty easy to remove SaveNet with FreeFixer. Just select the SaveNet files and click Fix and the problem will be gone. You might need to restart your machine to complete the removal.

So, what does the anti-virus programs say about SaveNet? Here’s the detections for SN.Booster.exe:

  • Avast Win32:Agent-ASOC [Adw] 20140419
  • ESET-NOD32 Win32/TrojanDownloader.Agent.AFD 20140419
  • Qihoo-360 Win32/Trojan.Downloader.ec6 20140419
  • TotalDefense Win32/Tnega.VeAcWa 20140419
  • Kingsoft Win32.Troj.Generic.a.(kcloud) 20140419
  • F-Prot W32/Trojan2.OBQW 20140419
  • Commtouch W32/Trojan.ZIUW-3330 20140419
  • Fortinet W32/Agent.AFD!tr.dldr 20140418
  • Bkav W32.SauseiLTAR.Trojan 20140418
  • Comodo TrojWare.Win32.TrojanDownloader.Agent.AFD 20140419
  • Jiangmin TrojanDownloader.Adload.vxu 20140419
  • CAT-QuickHeal TrojanDownloader.Adload.dsd.cw4 20140418
  • VBA32 TrojanDownloader.Adload 20140418
  • AhnLab-V3 Trojan/Win32.Agent 20140419
  • TheHacker Trojan/Downloader.Agent.afd 20140419
  • ViRobot Trojan.Win32.S.Agent.729600.B 20140419
  • VIPRE Trojan.Win32.Generic!BT 20140419
  • NANO-Antivirus Trojan.Win32.Agent.cojdgu 20140419
  • Baidu-International Trojan.Win32.Agent.50 20140418
  • Symantec Trojan.Gen.2 20140419
  • ByteHero Trojan.Exception.gen.101 20140419
  • DrWeb Trojan.DownLoad3.30962 20140419
  • Agnitum Trojan.DL.Adload!sfG54tBszYg 20140418
  • Ad-Aware Trojan.Agent.WDCR.C 20140419
  • BitDefender Trojan.Agent.WDCR.C 20140419
  • F-Secure Trojan.Agent.WDCR.C 20140419
  • GData Trojan.Agent.WDCR.C 20140419
  • MicroWorld-eScan Trojan.Agent.WDCR.C 20140419
  • nProtect Trojan.Agent.WDCR.C 20140418
  • Kaspersky Trojan-Downloader.Win32.Adload.dyhq 20140419
  • Emsisoft Trojan-Downloader.Win32.Adload (A) 20140419
  • Ikarus Trojan-Downloader.Adload 20140419
  • K7AntiVirus Trojan-Downloader ( 0048ec4f1 ) 20140418
  • K7GW Trojan-Downloader ( 0048ec4f1 ) 20140418
  • TrendMicro TROJ_DLOADER.ADFK 20140419
  • TrendMicro-HouseCall TROJ_DLOADER.ADFK 20140419
  • Sophos Troj/Agent-AFFX 20140419
  • Panda Trj/WLT.A 20140419
  • AntiVir TR/Downloader.A.988 20140419
  • Norman Suspicious_Gen4.FKQEC 20140419
  • McAfee RDN/Downloader.a!oi 20140419
  • McAfee-GW-Edition RDN/Downloader.a!oi 20140419
  • Malwarebytes PUP.Optional.MultiPlug.A 20140419
  • AVG Downloader.Generic13.BRBQ 20140419

There are entries to uninstall SaveNet in the Programs and Features dialog. In my case, they appear as SN-Booster, SN-Sustainer, SNT and Y**tubeAdBlocker. What names did SaveNet use on your computer?

SN.Booster SN.Sustainer

Did this help you remove SaveNet? Please let me know by posting a comment.

How To Remove istart.webssearches.com

Is your browser starting with istart.webssearches.com as the start page?istart.webssearches.com

No problem, just check the istart.webssearches.com items in FreeFixer and it will be removed from Firefox and Internet Explorer:istart.webssearches.com in freefixer

istart.webssearches.com in freefixer

There is also an entry for webssearches.com in the Programs and Features dialog in the Windows Control Panel. I have not tried it. If you do, please let me know if that removed webssearches.com completely.istart.webssearches.com remove

Please let me know if you found this useful when removing istart.webssearches.com by posting a comment. Any idea how you got istart.webssearches.com on your machine?

 

How To Remove TowerTilt

Found a new adware called TowerTilt while testing a free download.  This is how it will appear when it adds itself in Firefox:

TowerTilt 1.0.1 Firefox Extension

Removing TowerTilt from Firefox and Internet Explorer with help from FreeFixer is pretty straightforward. Just check the TowerTiltBho.dll file and the Firefox extension in FreeFixer:

TowerTilt in Firefoxtowertiltbho.dll

I haven’t tried it, but TowerTilt also has an uninstall entry in the Windows Control Panel:Remove TowerTilt

Please let me know if this helped you remove TowerTilt by posting a comment. Do you know how you got TowerTilt on your computer?

PriceMeter – Just Another Adware

Found another adware called PriceMeter. Here’s the info displayed in a few of the installers:

pricemeter adware

PriceMeter install screen

However, PriceMeter would not install, not when testing it on a 64-bit Windows 8.1 machine, nor on my old 32-bit Windows XP system. Since it refused to install, I could not examine how to uninstall it, but usually these adware programs have an entry in Add/Remove programs dialog, accessible from the Windows Contol Panel, which allows you to uninstall it. I’m pretty sure FreeFixer also can remove it completely.

Did you know more about uninstalling PriceMeter, please share by posting a comment.