Monthly Archives: June 2015

ALEKSEY TIMOFEEV – 32% Detection Rate

Hello! Just a note on a publisher called ALEKSEY TIMOFEEV. The ALEKSEY TIMOFEEV download was detected when I uploaded it to VirusTotal. Did you also find a download by ALEKSEY TIMOFEEV? Was it also detected when you uploaded it to VirusTotal?

ALEKSEY TIMOFEEV publisher

If you have a ALEKSEY TIMOFEEV file on your computer you may have noticed that ALEKSEY TIMOFEEV pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by Certum Code Signing CA.

ALEKSEY TIMOFEEV certificate

Aleksey appears to be located in Russia.

The scan result from VirusTotal below clearly shows why you should avoid the ALEKSEY TIMOFEEV file. It is detected under names such as a variant of Win32/Adware.MultiPlug.LX, Gen:Variant.Adware.Mplug and Trojan.Win32.Qudamah.Gen.2.

ALEKSEY TIMOFEEV anti-virus report

Did you also find a ALEKSEY TIMOFEEV download? What kind of download was it?

Thank you for reading.

Remove thedailytrader.net Pop Up Ads

Does this sound like what you are seeing right now? You see pop-up ads from thedailytrader.net while browsing sites that in general don’t advertise in pop-up windows. The pop-ups manage to find a way round the built-in pop-up blockers in Firefox, Chrome, Internet Explorer or Safari. Perhaps the thedailytrader.net pop-ups appear when clicking search results from the Google search engine? Or does the pop-ups appear even when you’re not browsing?

Here is how the thedailytrader.net ad looked like on my system, when it popped up in a new tab:

thedailytrader.net

If this description sounds like your story, you presumably have some adware installed on your machine that pops up the thedailytrader.net ads. So don’t write angry emails to the web site you were browsing, the ads are apparently not coming from them, but from the adware on your computer. I’ll do my best to help you with the thedailytrader.net removal in this blog post.

For those that are new to the blog: Some time ago I dedicated some of my lab machines and intentionally installed some adware programs on them. Since then I have been tracking the actions on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself automatically, or if it downloads additional unwanted software on the machines. I first found the thedailytrader.net pop-up on one of these lab systems.

thedailytrader.net resolves to the 50.7.157.122 address. thedailytrader.net was created on 2014-08-19. According to YouGetSignal’s reverse IP service, the following domains are also located at the same IP:

  • b32.binaryinstructor.net
  • b34.binaryinstructor.net
  • b40.binaryinstructor.net
  • b55.bincodesupport.com
  • c17.bluetradingonline.net
  • copytraderpro.com
  • dailyprofitmethod.org
  • guidetobinarytrading.com
  • media.guidetobinarytrading.com
  • w21.copytraderpro.com
  • w22.copytraderpro.com
  • www.freepatentsonline.com
  • www.guidetobinarytrading.com

So, how do you remove the thedailytrader.net pop-up ads? On the machine where I got the thedailytrader.net ads I had Movie Wizard, istartsurf and MedPlayerNewVersion installed. I removed them with FreeFixer and that stopped the thedailytrader.net pop-ups and all the other ads I was getting in .

It seems as thedailytrader.net is getting quite a lot of traffic, based on Alexa’s traffic rank:

thedailytrader.net traffic

The site started to get some major traffic in the beginning of April 2015.

The problem with pop-ups like this one is that it can be launched by many variants of adware, not just the adware on my system. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the thedailytrader.net ads removal:

The first thing I would do to remove the thedailytrader.net pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something shady listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started getting the thedailytrader.net pop-ups.

Then you can examine you browser add-ons. Adware often appear under the add-ons dialog in Chrome, Firefox, Internet Explorer or Safari. Is there something that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to find and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool designed to manually track down and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked like many other removal tools out there. It will not require you to purchase the program just when you are about to remove the unwanted files.

And if you’re having difficulties determining if a file is clean or adware in the FreeFixer scan result, click on the More Info link for the file. That will open up a web page which contains additional details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here you can see FreeFixer in action removing pop-up ads:

Did this blog post help you to remove the thedailytrader.net pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

SERGEY STAROSTIN – 12% Detection Rate – MultiPlug

Hello readers! Did you just find a file that’s digitally signed by SERGEY STAROSTIN and came here to find more about it?

SERGEY STAROSTIN publisher

You can see who the signer is when double-clicking on an executable file. SERGEY STAROSTIN appears in the publisher field in the dialog that pops up. The certificate is issued by Certum Code Signing CA. Sergey is located in Russia.SERGEY STAROSTIN certificate

So, why am I writing about the SERGEY STAROSTIN file? Check out what the anti-malware scanners report about the file:

SERGEY STAROSTIN virus total

are a few of the detection names for Medal Of Honour PC Game Full version Free Download.exe.

Did you also find a SERGEY STAROSTIN file? Do you remember where you downloaded it?

Thank you for reading.

ALEKSANDR SHORNIKOV – 30% Detection Rate at VirusTotal

Hi there! Just a quick post on a file digitally signed by ALEKSANDR SHORNIKOV.

ALEKSANDR SHORNIKOV publisher

If you have a ALEKSANDR SHORNIKOV file on your machine you may have noticed that ALEKSANDR SHORNIKOV is displayed as the publisher in the UAC dialog when double-clicking on the file. The certificate is issued by Certum Code Signing CA.

ALEKSANDR SHORNIKOV certificate

17 of the 56 anti-virus scanners detected the file. Avast classifies it as Win32:FakeDownload-E [PUP], Avira detects it as TR/Crypt.XPACK.Gen, F-Secure classifies it as Gen:Variant.Adware.MPlug, Tencent reports Trojan.Win32.Qudamah.Gen.2 and VBA32 detects it as suspected of Heur.Malware-Cryptor.Multiplug.

ALEKSANDR SHORNIKOV virus total report

Since you probably came here after finding a file that was digitally signed by ALEKSANDR SHORNIKOV, please share what kind of download it was and if it was detected by the anti-malware progams at VirusTotal.

Thank you for reading.