Getting ads labled “Ad by Browser App” or “Ads by Browser App“, like in the screenshots below:
Then you have the BrowserApp adware installed on your machine. You will also Browser App listed as a browser add-on. Here it is in Firefox:
The detection rate by the anti-virus programs are currently very low. Only 3 of the 50+ anti-virus scanners at VirusTotal detects the Browser App files. Eldorado and Crossrider are two of the detection names:
How to remove Browser App? No problem, just selected the Browser App files in FreeFixer and you will no longer see the ads:
How did you get the BrowserApp adware on your machine?
These are the variants I’ve found:
- Browser_AppS 1.1
- Browseri_Appe 1.2
- Browsers App
- Browsers Apps +
Getting ads saying “Ad by PriceChop” or “Click to continue > by PriceChop“? Then you got the PriceChop adware running on your machine. I’ll show how to remove the PriceChop ads in this blog post.
PriceChop is installed as an add-on in your browser. Here’s how it appears in Firefox:
Removal is pretty straightforward with FreeFixer. Just select the PriceChop, Adblocker, Assist.dll and SW-Booster files as shown in the screenshots below.
By the way, here’s the scan results from VirusTotal for the PriceChop file loaded into Internet Explorer:
How did you get PriceChop on your computer?
Just wanted to give you the heads up on a publisher called KOMPANIYA КRЕАТА LLC. When I scanned the KOMPANIYA КRЕАТА LLC file, it was detected by 16 of the anti-virus scanners at VirusTotal. Many of the scanners detects it as Amonetiz or Amonetize.
Here’s how KOMPANIYA КRЕАТА LLC appears when running the downloaded file.
You can also view the KOMPANIYA КRЕАТА LLC certificate from the file’s properties. KOMPANIYA КRЕАТА appears to be a Ukrainian company.
Did you also find a file signed by KOMPANIYA КRЕАТА? Where did you find it and what kind of download was it?
Found a new adware called Adanak today. If you got the Adanak adware on your machine, you’ll notice it when starting Mozilla Firefox.
Here’s how Adanak appears in Firefox’s Add-ons dialog:
The anti-virus programs have a pretty decent detection rate for the Adanak adware. 20 of 53 anti-virus scanners detect Adanak according to VirusTotal:
Removal is easy with FreeFixer, just select the Adanak files for removal, and then click Fix and the problem will be solved:
How did you get Adanak on your machine?
Found a download a few days ago called JDownloader which was digitally signed by Software Updater LLC.
What caught my attention was the VirusTotal scan report where 12 of the anti-virus programs detected the Software Updater LLC file:
Some of the detection names are BundleApp_r, Trojan.Generic, CryptVittalia, and Adware.Win32.Vittalia.
By looking at the certificate information, it appears that Software Updater LLC is located in Delaware in the United States.
Since the download was detected by some of the anti-virus programs I got curious to see what the Software Updater LLC file installed: Webssearches, SaveClicker, “Help fight Cancer”, VuuPC, PriceMeter, PlusHD and “Acelar el PC” are the programs I could see bundled with the Software Updater LLC download.
Have you also found a download signed by Software Updater LLC? What kind of download was it and where did you find it?
Just a short post on the SITE ON SPOT Ltd. publisher. I found a download called “FlvPlayer”, digitally signed by SITE ON SPOT Ltd. this morning. After uploading the file to VirusTotal, it is clear why it’s a good idea to be careful. 20 of the 54 anti-virus programs detects the SITE ON SPOT Ltd. file:
The SITE ON SPOT Ltd. publisher will appear when double-clicking on the file:
The certificate information can also be viewed from Windows Explorer. The certificate shows that SITE IN SPOT is located in Tel Aviv, Israel.
Did you also find a file signed by SITE ON SPOT Ltd.? What kind of download was it and where did you find it?
Update 2015-02-19: Found another file, signed by “Site on Spot Limited“. I guess it could be from the same publisher.
Sorry for the lack of blog posts during the last two weeks. Back to Stockholm after some vacation. Just wanted to give you the heads up on files digitally signed by Alexey Kurilenko. These files may not install what their filename suggests. Just check out the scan results from VirusTotal:
You may see Alexey Kurilenko appear as the publisher when double-clicking on the file. The program name appears as Installer for Wideblue installer.
It’s also possible to view the Alexey Kurilenko certificate by looking at the files properties:
According to the certificate, Alexey Kurilenko is located in Russia.
Did you also find a file signed by Alexey Kurilenko? Where did you find it, and what kind of download was it?