Monthly Archives: July 2014

Remove Browser App Adware

Getting  ads labled “Ad by Browser App” or “Ads by Browser App“, like in the screenshots below:

Browseri_Appe Ad by Browser App

Browseri_Appe Ads by Browser App

Then you have the BrowserApp adware installed on your machine. You will also Browser App listed as a browser add-on. Here it is in Firefox:

Browseri_Appe 1.2 Firefox

The detection rate by the anti-virus programs are currently very low. Only 3 of the 50+ anti-virus scanners at VirusTotal detects the Browser App files. Eldorado and Crossrider are two of the detection names:

Browser App virus total report

How to remove Browser App? No problem, just selected the Browser App files in FreeFixer and you will no longer see the ads:

Browseri_Appe tasks Browseri_Appe firefox extensions Browseri_Appe browser helper objectHow did you get the BrowserApp adware on your machine?

These are the variants I’ve found:

  • Browser_AppS 1.1
  • Browseri_Appe 1.2
  • Browsers App
  • Browsers Apps +



PriceChop Ads Removal

Getting ads saying “Ad by PriceChop” or “Click to continue > by PriceChop“? Then you got the PriceChop adware running on your machine. I’ll show how to remove the PriceChop ads in this blog post.

pricechop - ad by Pricechop

PriceChop is installed as an add-on in your browser. Here’s how it appears in Firefox:

pricechop adblocker firefox add-on

Removal is pretty straightforward with FreeFixer. Just select the PriceChop, Adblocker, Assist.dll and SW-Booster files as shown in the screenshots below.

pricechop adblocker bho pricechop - trusted publisher sw-booster pricechop - sw-booster.exe pricechop - assist.dll pricechop - adblocker

By the way, here’s the scan results from VirusTotal for the PriceChop file loaded into Internet Explorer:

pricechop virus total

How did you get PriceChop on your computer?

KOMPANIYA КRЕАТА LLC – Detected by 16 anti-virus scanners

Just wanted to give you the heads up on a publisher called KOMPANIYA КRЕАТА LLC. When I scanned the KOMPANIYA КRЕАТА LLC file, it was detected by 16 of the anti-virus scanners at VirusTotal. Many of the scanners detects it as Amonetiz or Amonetize.


Here’s how KOMPANIYA КRЕАТА LLC appears when running the downloaded file.


You can also view the KOMPANIYA КRЕАТА LLC certificate from the file’s properties. KOMPANIYA КRЕАТА appears to be a Ukrainian company.KOMPANIYA КRЕАТА LLC certificate

Did you also find a file signed by KOMPANIYA КRЕАТА? Where did you find it and what kind of download was it?

Adanak Adware Removal

Found a new adware called Adanak today. If you got the Adanak adware on your machine, you’ll notice it when starting Mozilla Firefox.

Adanak modify firefox

Here’s how Adanak appears in Firefox’s Add-ons dialog:

Adanak Firefox add-on

The anti-virus programs have a pretty decent detection rate for the Adanak adware. 20 of 53 anti-virus scanners detect Adanak according to VirusTotal:

Adanak virustotal report

Removal is easy with FreeFixer, just select the Adanak files for removal, and then click Fix and the problem will be solved:


Adanak firefox addon in FreeFixer

How did you get Adanak on your machine?

Software Updater LLC – VirusTotal and Bundling Report

Found a download a few days ago called JDownloader which was digitally signed by Software Updater LLC.

software updater llc publisher

What caught my attention was the VirusTotal scan report where 12 of the anti-virus programs detected the Software Updater LLC file:

software updater llc virustotal

Some of the detection names are BundleApp_r, Trojan.Generic, CryptVittalia, and Adware.Win32.Vittalia.

By looking at the certificate information, it appears that Software Updater LLC is located in Delaware in the United States.

software updater llc certificate

Since the download was detected by some of the anti-virus programs I got curious to see what the Software Updater LLC file installed: Webssearches, SaveClicker, “Help fight Cancer”, VuuPC, PriceMeter, PlusHD and “Acelar el PC” are the programs I could see  bundled with the Software Updater LLC download.

software updater llc websearches saveclicker help fight cancer software updater llc vuupc software updater llc pricemeter software updater llc plushd software updater llc passwidget software updater llc acelerar el pc

Have you also found a download signed by Software Updater LLC? What kind of download was it and where did you find it?

SITE ON SPOT Ltd – Detected by 20 of the 51 anti-virus programs

Just a short post on the SITE ON SPOT Ltd. publisher. I found a download called “FlvPlayer”, digitally signed by  SITE ON SPOT Ltd. this morning. After uploading the file to VirusTotal, it is clear why it’s a good idea to be careful. 20 of the 54 anti-virus programs detects the SITE ON SPOT Ltd. file:

SITE ON SPOT Ltd virustotal

The SITE ON SPOT Ltd. publisher will appear when double-clicking on the file:

SITE ON SPOT Ltd publisher

The certificate information can also be viewed from Windows Explorer. The certificate shows that SITE IN SPOT is located in Tel Aviv, Israel.

SITE ON SPOT Ltd certificate

Did you also find a file signed by SITE ON SPOT Ltd.? What kind of download was it and where did you find it?

Update 2015-02-19: Found another file, signed by “Site on Spot Limited“. I guess it could be from the same publisher.

Alexey Kurilenko – Digital Certificate Warning!

Sorry for the lack of blog posts during the last two weeks. Back to Stockholm after some vacation. Just wanted to give you the heads up on files digitally signed by Alexey  Kurilenko. These files may not install what their filename suggests. Just check out the scan results from VirusTotal:

Alexey  Kurilenko virus total scan result

You may see Alexey  Kurilenko appear as the publisher when double-clicking on the file. The program name appears as Installer for Wideblue installer.

Alexey  Kurilenko publisher - Installer for Wideblue installer

It’s also possible to view the Alexey  Kurilenko certificate by looking at the files properties:

Alexey  Kurilenko certificate

According to the certificate, Alexey  Kurilenko is located in Russia.

Did you also find a file signed by Alexey  Kurilenko? Where did you find it, and what kind of download was it?