Monthly Archives: February 2015

Remove gid.mappingtools.net from Firefox, Chrome and Internet Explorer

This page shows how to remove gid.mappingtools.net from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see gid.mappingtools.net in the status bar of your browser and ponder where it came from? Or did gid.mappingtools.net show up while you search for something on one of the big search engines, such as the Google search engine?

Here’s a screenshot of gid.mappingtools.net when it showed up on my computer, while I did a standard search at Google:

gid.mappingtools.net status bar

The following are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for gid.mappingtools.net…
  • Transferring data from gid.mappingtools.net…
  • Looking up gid.mappingtools.net…
  • Read gid.mappingtools.net
  • Connected to gid.mappingtools.net…

Does this sound like your computer, you most likely have some potentially unwanted program installed on your system that makes the gid.mappingtools.net domain appear in your browser. There’s no use contacting the owners of the web site you currently were browsing. The gid.mappingtools.net status bar messages are not coming from them. I’ll try help you with the gid.mappingtools.net removal in this blog post.

If you have been spending some time on this blog already know this, but if you are new: Some time ago I dedicated a few of my lab computers and deliberately installed some potentially unwanted programs on them. Since then I have been observing the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself automatically, or if it downloads and installs additional potentially unwanted programs on the computers. I first found the gid.mappingtools.net in Mozilla Firefox’s status bar on one of these lab computers.

gid.mappingtools.net resolves to 208.43.241.242 and is protected by Domains By Proxy LLC. gid.mappingtools.net was registered on 2013-06-26. According to YouGetSignal’s Reverse IP service, a few other domains have also resolved to 208.43.241.242:

  • ale.coupthree.com
  • article.wn.com
  • businessjournaldaily.com
  • control.staticlyrics.com
  • dvl.cooloideas.com
  • enl.trepage.net
  • gip.driverdiv.net
  • gir.driveropti.net
  • gys.mappingdo.net
  • jak.gzipdistro.net
  • jib.exploitfreebelted.com
  • jxs.mappingjava.net
  • jxw.javadrive.net
  • luu.lightquartrate.com
  • mkd.fastdist.net
  • nsl.mapticket.net
  • pnl.hostjs.net
  • vei.screedkeywaybrookite.com

So, how do you remove gid.mappingtools.net from your web browser? On the machine where gid.mappingtools.net showed up in the status bar I had WebWaltz, YTDownloader, SpeedChecker and PriceFountain installed. I removed them with FreeFixer and that stopped the web browser from loading data from gid.mappingtools.net.

The issue with status bar messages such as this one is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program on my computer. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

So, what can be done? To remove gid.mappingtools.net you need to review your machine for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. You can also review the web browser add-ons. Same thing here, do you see anything that you don’t remember installing?
  3. If that did not help, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down potentially unwanted programs. It is a freeware utility that I’ve been working since 2006 and it scans your machine at lots of locations where unwanted software is known to hook into your system. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop gid.mappingtools.net? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

Remove chnlove.com Pop Up Ads

Did you just get a pop-up from chnlove.com and ask yourself where it came from? Did the chnlove.com ad appear to have been popped up from a web site that under normal circumstances don’t use advertising such as pop-up windows? Or did the chnlove.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?

Here’s how the chnlove.com pop-up looked like when I got it on my machine:

chnlove.com pop up

Does this sound like what you see your system, you almost certainly have some adware installed on your machine that pops up the chnlove.com ads. Contacting the owner of the website you were visiting would be a waste of time. They are not responsible for the ads. I’ll do my best to help you with the chnlove.com removal in this blog post.

Those that have been reading this blog already know this, but for new visitors: Not long ago I dedicated some of my lab computers and intentionally installed a few adware programs on them. Since then I have been monitoring the behaviour on these machines to see what kinds of ads that are displayed. I’m also looking on other interesting things such as if the adware updates itself, or if it downloads additional unwanted software on the computers. I first noticed the chnlove.com pop-up on one of these lab systems.

chnlove.com resolves to the 202.67.196.188 address.

So, how do you remove the chnlove.com pop-up ads? On the machine where I got the chnlove.com ads I had TinyWallet, BrowserWarden and BlockAndSurf installed. I removed them with FreeFixer and that stopped the chnlove.com pop-ups and all the other ads I was getting in Mozilla Firefox.

The problem with pop-ups such as this one is that it can be launched by many variants of adware, not just the adware on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what can be done? To remove the chnlove.com pop-up ads you need to examine your machine for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the chnlove.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspicious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started observing the chnlove.com pop-ups.

Then you can examine you browser add-ons. Adware often turn up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to track down and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. It’s a tool designed to manually find and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having a hard time deciding if a file is legit or unsafe in FreeFixer’s scan report, click on the More Info link for the file. That will open up your web browser with a page which contains more details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video guide showing how to remove pop-up ads with FreeFixer:

Did this blog post help you to remove the chnlove.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove cdncache-a.akamaihd.net Pop Up Ads From Chrome, Firefox and Internet Explorer

Does this sound like what you are seeing right now? You see pop-up advertisements from cdncache-a.akamaihd.net while browsing web sites that in general don’t advertise in pop-up windows. The popups manage to get round the built-in pop-up blockers in Chrome, Firefox, Internet Explorer or Safari. Maybe the cdncache-a.akamaihd.net pop-ups appear when clicking search results from the Google search engine? Or does the pop-ups appear even when you’re not browsing?

Here’s how the cdncache-a.akamaihd.net pop-up looked like when I got it on my computer in a new tab:

cdncache-a.akamaihd.net pop up

The URL mentions the clkmon.com domain.

If this sounds like what you are seeing on your computer, you presumably have some adware installed on your computer that pops up the cdncache-a.akamaihd.net ads. So there’s no use contacting the site owner. The adverts are not coming from them. I’ll do my best to help you remove the cdncache-a.akamaihd.net pop-up in this blog post.

For those that are new to the blog: A little while back I dedicated some of my lab systems and deliberately installed some adware programs on them. I have been observing the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself automatically, or if it downloads and installs additional unwanted software on the machines. I first found the cdncache-a.akamaihd.net pop-up on one of these lab systems.

So, how do you remove the cdncache-a.akamaihd.net pop-up ads? On the machine where I got the cdncache-a.akamaihd.net ads I had TinyWallet, BlockAndSurf and TinyWallet installed. I removed them with FreeFixer and that stopped the cdncache-a.akamaihd.net pop-ups and all the other ads I was getting in Mozilla Firefox.

In my case, TinyWallet was probably responsible for the cdncache-a.akamaihd.net connection as you can see from the network log:

cdncache-a.akamaihd.net connection

The bad news with pop-ups such as this one is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

To remove the cdncache-a.akamaihd.net pop-up ads you need to check your computer for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the cdncache-a.akamaihd.net pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspicious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed approximately about the same time as you started getting the cdncache-a.akamaihd.net pop-ups.

Then I would check the browser add-ons. Adware often show up under the add-ons dialog in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to identify and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. Freefixer is a tool designed to manually find and remove unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having difficulties figuring out if a file is legit or adware in FreeFixer’s scan result, click on the More Info link for the file. That will open up your browser with a page which contains more information about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial on how to remove the pop-ups with FreeFixer:

Did this blog post help you to remove the cdncache-a.akamaihd.net popup ads? Please let me know or how I can improve this blog post.

Thank you!

Remove jsgnr.datafastguru.info, pstatic.datafastguru.info and app.datafastguru.info

This page shows how to remove jsgnr.datafastguru.info, pstatic.datafastguru.info and app.datafastguru.info from Mozilla Firefox, Google Chrome and Internet Explorer.

Update 2015-03-13: I’ve also spotted the cwbl.datafastguru.info subdomain in use.

Does this sound familiar? You see datafastguru.info in your web browser’s status bar while browsing web sites that normally don’t load any content from third party domains. Perhaps the datafastguru.info domain appear when performing a search at the Google.com search engine?

Here’s a screenshot of jsgnr.datafastguru.info when it showed up on my computer:

jsgnr.datafastguru.info status bar

Datafastguru.info appeared in the Firefox status bar, while I did a search at Google.se.

Here’s a screenshot of app.datafastguru.info:

app.datafastguru.info status bar

Here are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for jsgnr.datafastguru.info…
  • Transferring data from jsgnr.datafastguru.info…
  • Looking up jsgnr.datafastguru.info…
  • Read jsgnr.datafastguru.info
  • Connected to jsgnr.datafastguru.info…

Does this sound like what you see on your system, you most likely have some adware installed on your system that makes the jsgnr.datafastguru.info domain appear in your web browser. There’s no use contacting the owners of the site you currently were browsing. The jsgnr.datafastguru.info status bar messages are not coming from them. I’ll try help you to remove the jsgnr.datafastguru.info status bar messages in this blog post.

I found jsgnr.datafastguru.info on one of the lab machines where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show ads, or if some new files have been saved to the hard-drive.

datafastguru.info was registered on 2013-08-14 and is protected by WhoisProtectService.net. jsgnr.datafastguru.info resolves to the 69.16.175.10 IP address and pstatic.datafastguru.info to 69.16.175.42. app.datafastguru.info resolves to the 54.186.138.39 host.

So, how do you remove jsgnr.datafastguru.info from your browser? On the machine where jsgnr.datafastguru.info showed up in the statusbar I had TinyWallet, BlockAndSurf and BrowserWarden installed. I removed them with FreeFixer and that stopped the browser from loading data from jsgnr.datafastguru.info.

If you are wondering if there are many others out seeing jsgnr.datafastguru.info in the browser, the answer is probably yes. Check out the traffic rank from Alexa:

datafastguru.info

The issue with status bar messages such as this one is that it can be caused by many variants of adware, not just the adware on my computer. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

So, what can be done? To remove jsgnr.datafastguru.info you need to check your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove jsgnr.datafastguru.info is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started observing the jsgnr.datafastguru.info statusbar messages.

Then I would check the web browser add-ons. Adware often appear under the add-ons menu in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to track down and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop many years ago. Freefixer is a tool designed to manually identify and remove unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having problems figuring out if a file is legit or malware in the FreeFixer scan result, click on the More Info link for the file. That will open up your browser with a page which contains more details about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove jsgnr.datafastguru.info? Please let me know or how I can improve this blog post.

Thank you!

Remove i_spigpcjs_info.tlscdn.com from Firefox, Chrome and Internet Explorer.

This page shows how to remove i_spigpcjs_info.tlscdn.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see i_spigpcjs_info.tlscdn.com in the status bar of your browser and wonder where it came from? Or did i_spigpcjs_info.tlscdn.com show up while you search for something on one of the major search engines, such as the Google search engine?

Here’s how the i_spigpcjs_info.tlscdn.com connection looked in the network log when I got it on my computer:

i_spigpcjs_info.tlscdn.com connection

The following are some of the statusbar messages you may see in your browser’s status bar:

  • Waiting for i_spigpcjs_info.tlscdn.com…
  • Transferring data from i_spigpcjs_info.tlscdn.com…
  • Looking up i_spigpcjs_info.tlscdn.com…
  • Read i_spigpcjs_info.tlscdn.com
  • Connected to i_spigpcjs_info.tlscdn.com…

If you also see this on your machine, you probably have some potentially unwanted program installed on your machine that makes the i_spigpcjs_info.tlscdn.com domain appear in your browser. Contacting the owner of the site you were browsing would be a waste of time. They are not responsible for the i_spigpcjs_info.tlscdn.com status bar messages. I’ll try help you to remove the i_spigpcjs_info.tlscdn.com status bar messages in this blog post.

Those that have been spending some time on this blog already know this, but here we go: Recently I dedicated some of my lab systems and intentionally installed a few potentially unwanted programs on them. I have been monitoring the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself automatically, or if it downloads and installs additional potentially unwanted programs on the computers. I first noticed the i_spigpcjs_info.tlscdn.com in ‘s status bar on one of these lab machines.

So, how do you remove i_spigpcjs_info.tlscdn.com from your web browser? On the machine where i_spigpcjs_info.tlscdn.com showed up in the status bar I had EBay Shopping Assistant 2.2, Start Page 2.7, Browser Extensions, Search Protection and Slick Savings 3.6 installed. Unfortunately I don’t know which one of them was responsible for the connection. I removed them with FreeFixer and that stopped the browser from loading data from i_spigpcjs_info.tlscdn.com.

Anyway, here’s my suggestion for the i_spigpcjs_info.tlscdn.com removal:

The first thing I would do to remove i_spigpcjs_info.tlscdn.com is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows OS you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed approximately about the same time as you started observing the i_spigpcjs_info.tlscdn.com status bar messages.

The next thing to check would be your browser’s add-ons. Potentially unwanted program often appear under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to find and remove the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop many years ago. It’s a tool designed to manually identify and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It will not require you to purchase the program just when you are about to remove the unwanted files.

And if you’re having problems deciding if a file is safe or potentially unwanted in the FreeFixer scan result, click on the More Info link for the file. That will open up your browser with a page which contains more details about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove i_spigpcjs_info.tlscdn.com? Please let me know or how I can improve this blog post.

Thank you!

Remove static.dreamsadnetwork.com from Firefox, Chrome and Internet Explorer

This page shows how to remove static.dreamsadnetwork.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see static.dreamsadnetwork.com in the status bar of your web browser and ask yourself where it came from? Or did static.dreamsadnetwork.com show up while you search for something on one of the major search engines, such as the Google search engine?

Here are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for static.dreamsadnetwork.com…
  • Transferring data from static.dreamsadnetwork.com…
  • Looking up static.dreamsadnetwork.com…
  • Read static.dreamsadnetwork.com
  • Connected to static.dreamsadnetwork.com…

Does this sound like what you are seeing, you presumably have some potentially unwanted program installed on your machine that makes the static.dreamsadnetwork.com domain appear in your browser. So don’t blame the people that runs the website you were at when you first spotted static.dreamsadnetwork.com in the status bar. They are almost certainly not responsible, but from the potentially unwanted program that’s installed on your system. I’ll try help you with the static.dreamsadnetwork.com removal in this blog post.

I found static.dreamsadnetwork.com on one of the lab machines where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if anything new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show ads, or if some new files have been saved to the hard-drive. dreamsadnetwork.com appeared in my network log while I did a search at Google.

static.dreamsadnetwork.com resolves to 69.28.58.33. static.dreamsadnetwork.com was created on 2013-08-29.

So, how do you remove static.dreamsadnetwork.com from your browser? On the machine where static.dreamsadnetwork.com showed up in the statusbar I had WebWaltz, YTDownloader, SpeedChecker and PriceFountain installed. I removed them with FreeFixer and that stopped the browser from loading data from static.dreamsadnetwork.com.

The issue with statusbar messages such as this one is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program on my system. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

Anyway, here’s my suggestion for the static.dreamsadnetwork.com removal:

  1. Check what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see something that you don’t remember installing or that was recently installed?
  2. How about your add-ons you have in your web browsers. Anything in the list that you don’t remember installing?
  3. If that does not help, I’d recommend a scan with FreeFixer to manually track down the potentially unwanted program. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop static.dreamsadnetwork.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

Remove fsn2ip0s.com Pop Up Ads

Did you just get a pop-up from fsn2ip0s.com and wonder where it came from? Did the fsn2ip0s.com ad appear to have been popped up from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows? Or did the fsn2ip0s.com pop up show up while you clicked a link on one of the big search engines, such as Google, Bing or Yahoo?

Here is a screenshot on the fsn2ip0s.com pop-up from my machine:

fsn2ip0s.com pop up

fsn2ip0s.com resolves to 54.200.143.216. The following domains also resolves to the same IP, thanks to DomainTools.com:

  •  62wfo4ys8z.com
  • 7uwfj0k.com
  • f1v476z.com

If this description sounds like your story, you apparently have some adware installed on your system that pops up the fsn2ip0s.com ads. Contacting the site owner would be a waste of time. The ads are not coming from them. I’ll do my best to help you with the fsn2ip0s.com removal in this blog post.

Those that have been visiting this blog already know this, but for new visitors: Not long ago I dedicated a few of my lab computers and purposely installed a few adware programs on them. I’ve been tracking the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads and installs additional unwanted software on the machines. I first observed the fsn2ip0s.com pop-up on one of these lab computers.

So, how do you remove the fsn2ip0s.com pop-up ads? On the machine where I got the fsn2ip0s.com ads I had installed. I removed them with FreeFixer and that stopped the fsn2ip0s.com pop-ups and all the other ads I was getting in .

The issue with pop-ups like this one is that it can be popped up by many variants of adware, not just the adware running on my machine. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the fsn2ip0s.com ads removal:

  1. Review what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see something that you don’t remember installing or that was recently installed?
  2. How about your add-ons you installed in Chrome, Firefox, Internet Explorer or Safari. Anything in the list that you don’t remember installing?
  3. If that didn’t solve the problem, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your computer at lots of locations where unwanted software is known to hook into your system. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove the fsn2ip0s.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove js.ourstatsstaticstack.com From Firefox, Chrome and Internet Explorer

This page shows how to remove js.ourstatsstaticstack.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Sound familiar? You see js.ourstatsstaticstack.com in your browser’s status bar or in the network log while browsing sites that usually don’t load any content from third party domains. Maybe the js.ourstatsstaticstack.com domain appear when performing a search at the Google search engine?

Here’s how the js.ourstatsstaticstack.com connection looked like when I got it in the network log on my computer:

js.ourstatsstaticstack.com connection

The following are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for js.ourstatsstaticstack.com…
  • Transferring data from js.ourstatsstaticstack.com…
  • Looking up js.ourstatsstaticstack.com…
  • Read js.ourstatsstaticstack.com
  • Connected to js.ourstatsstaticstack.com…

I’ve also spotted the app.ourstatsstaticstack.com (69.16.175.10), errors.ourstatsstaticstack.com (54.231.33.68) and logs.ourstatsstaticstack.com (69.16.175.10) subdomains.

Does this sound like your computer, you presumably have some potentially unwanted program installed on your machine that makes the js.ourstatsstaticstack.com domain appear in your browser. Contacting the owner for the site you were at would be a waste of time. The js.ourstatsstaticstack.com statusbar messages are not coming from them. I’ll try help you to remove the js.ourstatsstaticstack.com status bar messages in this blog post.

I found js.ourstatsstaticstack.com on one of the lab systems where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the web browsers, injected ads on site that usually don’t show ads, or if some new files have been saved to the hard-drive.

js.ourstatsstaticstack.com resolves to the 69.16.175.42 address and ourstatsstaticstack.com to 208.109.4.201. js.ourstatsstaticstack.com was created on 2014-02-18.

So, how do you remove js.ourstatsstaticstack.com from your browser? On the machine where js.ourstatsstaticstack.com showed up in the status bar I had TornTV installed. I removed it with FreeFixer and that stopped the browser from loading data from js.ourstatsstaticstack.com.

The problem with this type of status bar message is that it can be caused by many variants of potentially unwanted programs. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

So, what can be done? To remove js.ourstatsstaticstack.com you need to examine your computer for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:

The first thing I would do to remove js.ourstatsstaticstack.com is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started observing the js.ourstatsstaticstack.com status bar messages.

Then you can examine you browser add-ons. Potentially unwanted program often appear under the add-ons dialog in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to identify and remove the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. Freefixer is a tool designed to manually track down and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having troubles deciding if a file is safe or potentially unwanted in FreeFixer’s scan report, click on the More Info link for the file. That will open up your browser with a page which contains more information about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove js.ourstatsstaticstack.com? Please let me know or how I can improve this blog post.

Thank you!

ocsp.godaddy.com – Your Browser Is Connecting to GoDaddy’s OCSP Server

If you see a HTTP connection to ocsp.godaddy.com in your browser’s network traffic log, there’s no need to worry. ocsp.godaddy.com is GoDaddy’s OCSP server and is used to check the revocation status of digital certificates. OCSP is an acronym for Online Certificate Status Protocol. GoDaddy sells domain names, SSL certificates, and lots of other services.

Here’s a screenshot of the ocsp.godaddy.com HTTP requests and responses:

ocsp.godaddy.com connection

As you can see in the screenshot above, the request has the “application/ocsp-request” type.

If you see Google Chrome, Mozilla Firefox or Internet Explorer connecting to ocsp.godaddy.com, they are in the middle of the process of verifying a digital certificate. Perhaps a certificate for a HTTPS connection you just made? The connection can also be initiated by a javascript running in the browser if that script, for example, makes a HTTPS connection.

Thanks for reading!

Lamphouse Media LLC – 21% Detection Rate – Adware.Agent.PGG

Hi there! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called Lamphouse Media LLC while checking out some of the more recent submissions to the FreeFixer database.

You can view the details of a digital signature by looking at a file’s properties from Windows Explorer.

The reason why I think the Lamphouse Media LLC file is interesting is because it is detected by some of the scanners at VirusTotal. It came up with a 21% detection rate. The file is detected as Generic.BAF by AVG, Adware.Agent.PGG by BitDefender and Adware.Agent.PGG by nProtect.

Lamphouse Media LLC anti-virus report

Did you also find an Lamphouse Media LLC? Do you remember the download link? Please post it in the comments below. I’d like to check it out on my lab machine.

Thanks for reading.