Monthly Archives: August 2014

istartsurf.com – How Did It Install On Your Machine

Uncategorized

Did your search settings in Internet Explorer, Firefox and Chrome recently change to istartsurf.com and you are wondering how this search engine was installed on your computer? Most likely, istartsurf.com was bundled with another software download. I’ve seen it bundled a couple of times and here’s how the disclosure looked like in the installers:

istartsurf in an installer istartsurf in a unofficial Google Chrome installer

If you’d like to remove istartsurf.com, you can do so from the Add/Remove programs dialog. If that does not work you can use FreeFixer to repair your browser settings.

Did you figure out which software download that bundled istartsurf.com? Please share by posting a comment below.

isearch.omiga-plus.com – How Did It Install On You Computer?

Uncategorized

Did your search settings recently change to isearch.omiga-plus.com and you are wondering how this search engine was installed on your machine? Most likely, Omiga-Plus  was bundled with another download. I’ve seen it bundled twice and here’s how the installer windows looked like:

omiga-plus.com installer omigaplus-installer

You can remove Omiga-Plus from the Uninstall programs dialog. If that does not work you can use FreeFixer to repair your search and homepage settings.

Did you figure out which software download that bundled Omiga-Plus? Please share by posting a comment.

What is RelevantKnowledge and How Did It Install On Your Computer?

Uncategorized

Did you just find something called RelevantKnowledge in the Add/Remove programs dialog or did you see a process running in the background named rlvknlg64.exe, rk.exe, rlvknlg.exe or rlservice.exe?

relevantknowledge uninstall

So, how did RelevantKnownledge install on your machine? I would say that it was likely bundled with another program that you installed. At least that’s how it installed in my case. I was installing one program, and all of a sudden another window popped up with an “Additional Offer”. This is how it could have looked like when it installed on your machine:

relevant knowledge bundled

Something that’s a bit strange is that the RelevantKnowledge installer window mention Linkular, but that was not what I was installing in the first place. If you want to find out when it was installed, you can check the “Created date” on the RelevantKnowledge file.

So what the RelevantSoftware do? Basically it monitors your browsing and shopping behaviour, then anonymise the data and aggregate it with other users that also run RelevantKnowledge, and generate a report that RelevantKnowledge’s clients use.

Hope that helped you figure out what RelevantKnowledge is.

Website Xplorer Removal Instructions

adware, freefixer

Just a quick post on a browser add-on called Website Xplorer that was installed into Mozilla Firefox while installing another piece of software. I could not see that Website Xplorer was disclosed during the installation.

website xplorer firefox add-on

According to the description, Website Xplorer 0.1 will:

“Searches for matching web site, relevant to you.”

I could not find much info about it. If you have some additional details, please share by posting a comment. The extension .RDF file does mention a domain named weliketheweb.com.

website xplorer - weliketheweb.com in the rdf

The removal is pretty easy. Just select the file for removal in FreeFixer or remove it directly in Firefox’s add-on menu.

website xplorer firefox etx

Any idea how you got Website Xplorer on your machine?

PriceLess and Supporter 1.80 Removal Instructions

Uncategorized

Did you spot something called PriceLess and Support 1.80 on your machine? No problem,  I’ll show how to remove them. I found PriceLess bundled in a download claiming to be an episode of a famous TV-series. If you got this on your computer, you will see ads labeled “Ads by PriceLess” or “Ad by PriceLess“.

Ad by PriceLess Ads by PriceLess inserted into Google search results

PriceLess adds itself in Internet Explorer and Mozilla Firefox as an add-on.

PriceLess 5.2 in Firefox Priceless in Internet Explorer

So what’s the problem with PriceLess? The scan result from VirusTotal clearly shows why you’d want to remove the PriceLess software. Adware/Win32.Agent and Multiplug.BAY are a few of the detection name. The detection rate is pretty low though, only 12%.

priceless virustotal report

Removing PriceLess and Supporter 1.80 can be done from the Add/Remove programs dialog, or if that for some reason would fail you can remove them using FreeFixer by selecting the files as shown in the screenshots below:

PriceLess uninstall

priceless bho priceless appinit_dlls priceless firefox ext

How did you get PriceLess on your machine? Please share by posting a comment.

TinyWallet – Removal Instructions

Uncategorized,

Yesterday I was playing around with one of those installers that usually bundles a bunch of adwares. Found a new one called TinyWallet. TinyWallet installs itself as an add-on in Firefox, Internet Explorer and Chrome. If you got this on your machine, you will see ads labeled “Ad by TinyWallet” and “Powered by TinyWallet“.

Powered by TinyWallet

 

Ad by TinyWallet

Here’s how TinyWallet appears in Firefox’s add-ons menu:

TinyWallet firefox add-on

Tiny Wallet appears to be brand new. The tinywallet.net domain was registered 6 days ago, on the 4th of August, 2014.

tinywallet.net web site

According to the web site, TinyWallet will:

offer you the best deals with the lowest prices, from coupons, to discounts and the hottest sales. .. It shall offer you suitable coupons and discounts whilst you are shopping

Some of the anti-virus scanners are already picking up the TinyWallet files according to VirusTotal. Preloader, PreLoad and MultiPlug are some of the detection names.

tinywallet virustotal

Removing TinyWallet is easy. Just uninstall it from the Add/Remove programs dialog, or select the TinyWallet files for removal in FreeFixer.

TinyWallet uninstall

TinyWallet browser helper object TinyWallet firefox extension

Did you also have TinyWallet on your machine? Any idea how it got there?

Update 2014-09-22: Here’s how TinyWallet is disclosed in one of the installers that bundled it:

tinywallet installer

KeepMySearch and OneKit – Removal Instructions

Uncategorized

Yesterday I was fooling around with one of those downloads that I know bundles various types of unwanted software. I ran the installer over and over again to see if any new bundled software would install. Bingo.

Found something called OneKit and KeepMySearch, which added a desktop icon in form of a orange magnifying glass and a process named onekit.exe running in the background. The onekit.exe file was digitally signed by Montiera Technologies LTD. The company description on the file is Pay By Ads LTD.

onekit icon

When double-clicking on the OneKit icon a dialog for something called KeepMySearch popped up.

keepmysearch popup

And when opening my Firefox browser, the Keep My Search widget appeared on the left side:

keepmysearch widget

The same KeepMySearch widget also appeared in Google Chrome.

Only a few of the anti-virus scanners are detecting the onekit.exe file according to VirusTotal. Just a 9% detection rate. Montiera and PUP.Optional.PayByAds.A are two of the detection names for onekit.exe.

onekit.exe virustotal report: 9% detection rate

OneKit has an entry in the Uninstall program dialog which should allow you to uninstall it. I have not tried it though. FreeFixer can remove the OneKit software by selecting the two entries in the scan result as shown in the screenshots below.

onekit uninstaller

onekit.exe process onekit.exe startup

Did you also get the OneKit and the KeepMySearch software on your computer? Any idea where you got it?

 

How Did ShopperFriend Install On Your Machine?

Uncategorized

Did you find something called ShopperFriend on your machine and wonder where it came from? Chances are that you got it from clicking one of the ads over at The Pirate Bay. That’s where I found ShopperFriend, bundled in an executable that pops up when mistakenly clicking one of the ads instead of the real .torrent download.

Here’s how the minimal disclosure looks like in the installer. As you can see, there’s no explanation of what the ShopperFriend software does.

shopperfriend

Did you also get ShopperFriend from The Pirate Bay?

Ads by SaferSurf – Removal Instructions

adware, freefixer

Are there are advertisements labeled Ads by SaferSurf while you browse the web, even on web pages that normally does not show any ads? Do you see “Visual Search results” labeled powered by safer-surf in when using the Google search engine. Then chances are you have the Safer-Surf adware installed on your machine.

safersurf - Ads by SaferSurf

powered by safer-surf

You can also see Safer-Surf in your browser’s add-on menu. Here it is in Mozilla Firefox:

safersurf in firefox

Software such as SaferSurf is generally distributed with bundling. That is, SaferSurf is included inside another software’s installer file. During the installation the user is offered to also install SaferSurf. Most often, the bundled software’s “I agree” radio button is already selected which will result in some users proceeding through the installer without realising that they accepted the bundled software.

Some of the anti-virus programs at VirusTotal are detecting the SaferSurf files, under names such as Strictor or AddLyrics.

If you’d like to get rid of the Safer-Surf ads you can simply uninstall it from the Add/Remove programs dialog. You can also nuke the SaferSurf adware with FreeFixer. Start the FreeFixer scan, and then select the Safer-Surf files in the scan result:

safer-surf uninstall

safer surf firefox ext safer-surf.exe process safersurf task safersearch in internet explorer and a startup

How did you get SaferSurf on you machine? Please share by posting a comment.

CouponSupport – Removal Instructions

adware, freefixer, , ,

Just found another adware, called CouponSupport. As usual with this type of software, it was bundled with another software download. If you have this little CouponSupport bugger running on your machine, you’ll see couponsupport.exe running in the background  in the Windows Task Manager.

The detection rate for couponsupport.exe is impressive. 41 of 50 anti-virus programs detected it. Trojan.Cafelom, Gen:Variant.Symmi, PUP.Optional.MultiPlug.A and ZBot are some of the detection names.

Regarding the removal, there is an entry in the Add/Remove programs dialog, but I have not tried it. Notice the faked “Installed On” date in the screenshot. It was installed today, the 8th of August 2014, not in 2012.

couponsupport uninstall

You can also remove it with FreeFixer with a few clicks. Select the couponsupport.exe file and scheduled task for removal as shown in the screenshots below. You may have to restart your machine to complete the removal.

couponsupport.exe file couponsupport.exe process

Did you also get CouponSupport on your machine? Any idea how you got it?