Getting ads labelled Ad by AdSupply while searching at Google? No problem, I just removed Jelbrus Secure Web and NetMon from my machine with FreeFixer and the ad problem was gone. Here’s how the Ad by AdSupply advertisement looked on my machine:
I’ve zoomed in to show the ad more clearly.
Hope this helped you solve the problem. Thanks for reading.
Just wanted to write a short blog post before going back to programming. As usual I was looking around on the Internet to see what is being bundled with some software downloads. This time I found something called Fruit Basket. Fruit Basket seems to be a variant of BrowseFox that I blogged about previously. If Fruit Basket is installed and running on your computer, you will see a new add-on called FruitBasket added into Firefox and Internet Explorer.
I didn’t see anything added into Google Chrome. Did FruitBasket install into Chrome on your machine?
I’ll show how to remove Fruit Basket in this blog post with the FreeFixer removal tool.
Fruit Basket is bundled in other software’s installers.
When I stumble upon some new bundled software I normally upload it to VirusTotal to verify if the anti-malware scanners there detect anything interesting. 20 of the scanners detected the file. Some of the detection names for Fruit Basket are ADWARE/BrowseFox.Gen2, W32/S-f64f6ec1!Eldorado, Gen:Variant.Adware.Mikey, Gen:Variant.Adware.Mikey.11547 and AdWare.MSIL.Agent.
Removing Fruit Basket is straightforward with FreeFixer. Just select the Fruit Basket files/settings for removal and then click the Fix button and the problem will be solved.
Hope this helped you remove the Fruit Basket adware.
Do you also have Fruit Basket on your machine? Any idea how it installed? Please let me and the readers know by posting a comments. Thank you very much!
Welcome! Just a quick post on the PriceMinusadware. PriceMinus seems to be a variant of SalePlus that I blogged about some time ago. If PriceMinus is running on your computer, you will notice ads labeled “Ads by PriceMinus” inserted into Google search results and on other web sites.
You will also see new add-ons installed into Firefox and Internet Explorer. In my case, it was called PriceMinus 2.0.
In my specific case, the installer file was digitally signed by Rodion Veresev. I’ve also seen Saul Perec signing PriceMinus installer files.
I’ll show how to remove PriceMinus in this blog post with the FreeFixer removal tool.
PriceMinus is bundled in other software’s installers. Here’s how it appeared in the installer:
Generally, you can avoid bundled software such as PriceMinus by being careful when installing software and declining the bundled offers in the installer.
Here’s a screenshot of the adware’s web site, priceminus.info:
Another program, called BestAdBlocker was also bundled side by side with PriceMinus. You probably want to remove BestAdBlocker too.
When I run into some new bundled software I always upload it to VirusTotal to see if the anti-malware programs there detect something suspicious. 36 of the 56 scanners detected the file. ClamAV classifies PriceMinus as Win.Trojan.Multiplug-3213, F-Secure calls it Gen:Variant.Application.Zusy, GData detects it as Gen:Variant.Application.Zusy.139555, Malwarebytes calls it PUP.Optional.MultiPlug.A and TrendMicro reports TROJ_GEN.R08NC0EE515.
All you need to do to remove PriceMinus is to check the PriceMinus files in the scan result and click the Fix button. You may have to restart your machine to complete the removal. Just select the PriceMinus files as shown in the screenshots below.
Hope this helped you remove the PriceMinus adware.
Do you also have PriceMinus on your computer? Any idea how it was installed? Please let me and the readers know by posting a comments. Thank you!
Are you getting pop-up surveys from consumer-responses.com while browsing on sites that typically don’t advertise in pop-up windows or by opening new tabs. Do the pop-ups manage to escape the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer or Safari.
Here’s how the consumer-responses.com survey looked like when I got it on my computer:
Does this sounds like your experience, you probably have some adware installed on your system that pop up the consumer-responses.com surveys. I’ll try help you to remove the consumer-responses.com in this blog post.
If you have been visiting this blog already know this, but if you are new: Some time ago I dedicated some of my lab machines and deliberately installed some adware programs on them. I’ve been monitoring the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads additional unwanted software on the computers. I first found the consumer-responses.com pop-up on one of these lab computers.
Generally these survey pop-ups claim that they are “official” surveys from the web site you were currently browsing and that you will get a reward or have a chance of winning a price by completing the survey. Sometimes they also claim that your feedback will be used to improve the web site you were visiting. Since I own the freefixer.com web site, I know the survey is 100% fake.
So, how do you remove the consumer-responses.com pop-up ads? On the machine where I got the consumer-responses.com ads I had GoSave, CheckMeUp and PennyBee installed. I removed them with FreeFixer and that stopped the consumer-responses.com pop-ups and all the other ads I was getting in Mozilla Firefox.
It seems as consumer-responses.com is getting quite a lot of traffic, based on Alexa’s traffic rank:
From the traffic graph we can see that the traffic has booming since in the beginning of November. consumer-responses.com was registered in July 2014, and the domain resolves to 18.104.22.168.
The issue with this type of pop-up is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
Anyway, here’s my suggestion for the consumer-responses.com ads removal:
The first thing I would do to remove the consumer-responses.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows OS you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something suspect listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started seeing the consumer-responses.com pop-ups.
The next thing to check would be your browser’s add-ons. Adware often show up under the add-ons dialog in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
I think you will be able to track down and remove the adware with the two steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop many years ago. It’s a tool built to manually identify and uninstall unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to purchase the program just when you are about to remove the unwanted files.
And if you’re having difficulties determining if a file is clean or malware in FreeFixer’s scan report, click on the More Info link for the file. That will open up your browser with a page which contains more information about the file. On that web page, check out the VirusTotal report which can be quite useful:
Are you a Mac or Linux user and get the consumer-responses.com pop-ups? What did you do to stop the pop-up in your browser? Please share in the comments below. Thank you!
Did this blog post help you to remove the consumer-responses.com pop-ups ads? Please let me know or how I can improve this blog post.
Hello there guys and gals. This saturday night I wanted to talk about an adware called SalePlus and give you some removal instructions. This seems to be a variant of UniSales that I’ve previously blogged about. If you got SalePlus running on your machine, you will notice ads labeled “Ads by SalePlus” or “Ads by SalePlus” inserted into web pages and new add-ons installed into Chrome, Firefox and Internet Explorer. I’ll show how to remove SalePlus in this blog post with the FreeFixer removal tool.
Removing SalePlus is pretty easy with FreeFixer. Just select the SalePlus files for removal and then click the Fix button and the problem will be solved.
You’ll need to remove the Chrome extensions manually from the Chrome settings page.
Hope that helped you to figure out how to do the removal.
Any idea how you got SalePlus on your computer? Please let me and the readers know by posting a comments. Thank you!
Hi there. Found an adware called SpeeditApp tonight and wanted give you some removal instructions. SpeeditApp appears to be a variant of Graftor. If SpeeditApp is running on your machine, you will see ads labeled SpeeditApp Ads appearing while searching at Google.
I’ll show how to remove SpeeditApp in this blog post with the FreeFixer removal tool.
SpeeditApp is distributed by a method called bundling. Bundling means that a piece of software is included in other software’s installers. This is how SpeeditApp was disclosed in the installer when I found it.
As always when I run into some new bundled software I uploaded it to VirusTotal to check if the anti-malware programs there detect anything interesting. Of the 57 scanners, 16 detected the file. The SpeeditApp files are detected as AddLyrics_r.ME by AVG, a variant of Win32/Adware.AddLyrics.DW by ESET-NOD32, Gen:Variant.Graftor.179236 by GData, Trj/Genetic.gen by Panda and Adware.AddLyrics/Variant by SUPERAntiSpyware.
You probably want to remove SpeeditApp. You can just select the SpeeditApp files in FreeFixer for removal. A restart of your computer may be required to complete the removal. Problem taken care of.
Hope that helped you with the removal.
Did you also find SpeeditApp on your computer? Any idea how it installed? Please share by posting a comment. Thank you!
Hello guys and gals. Just a short post on an adware called Primary Result. Found this while reviewing some of the files recently submitted to FreeFixer. This is a BrowseFox variant.
Of the 57 anti-virus scanners at VirusTotal, 23 detected the file. The Primary Result files are detected as Adware.SwiftBrowse.CH by BitDefender, Tool.NetFilter.313 by DrWeb, W64/A-59c9c70a!Eldorado by F-Prot, HS_BROWSEFOX.SM by TrendMicro and HS_BROWSEFOX.SM by TrendMicro-HouseCall.
If you are using FreeFixer to remove Primary Result, just look for files digitally signed by Primary Result.
Do you also have Primary Result on your system? Any idea how it was installed? Please share your story the comments below. Thank you very much!
Welcome! If you are a regular here on the FreeFixer blog, you know that I’ve been examining files that have a digital signature and bundle various types of potentially unwanted software. Today I found another publisher named Techsnab LLC that bundles some software.
To get more details on the publisher, you can view the certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the embedded certificate we can see that Techsnab LLC is located in Moscow, Russia and that the certificate is issued by COMODO Code Signing CA 2. This Techsnab certificate has been revoked:
16% of the scanners detected the file. The Game_of_Thrones_S04E02_HDTV_x264-2HD[ettv].exe file is detected as APPL/Techsnab.onemb by Avira, W32.HfsAdware.894E by Bkav, Trojan ( 004b5df41 ) by K7GW, Trojan.Win32.Techsnab.dossoy by NANO-Antivirus and GetPrivate (fs) by VIPRE.
Did you also find a Techsnab LLC file? What kind of download was it? If you remember the download link, please post it in the comments below.
Welcome! Saturday night post this time 😉 Just wanted to let you know about a publisher called Jelbrus LLC. You may run into this download if you are visiting sites such as The Pirate Bay.
Information about a digital signature and the certificate can also be found under the Digital Signature tab. According to the embedded certificate we can see that Jelbrus LLC seems to be located in Moscow in Russia and that the certificate is issued by Thawte Code Signing CA – G2.
You will also see advertisements while browsing the web labelled “Ad by CouponDropDown“. Here’s the “Ad by CouponDropDown” ads on Google:
So what does the anti-virus scanners at VirusTotal say about Jelbrus’ “Breaking Bad” file? The detection rate is 13/57. Gen:Variant.Strictor.75172, Jelbrus.3C0, Adware/Techsnab.9058, Jelbrus LLC (fs), W32.HfsAdware.307F and Gen:Variant.Strictor.75172 were some of the detection names.
Did you also find an Jelbrus LLC? Did you also find it at The Pirate Bay?
Hello readers. Another day, another blog post. Did you just see something called SpadeCast on your machine? I just spotted SpadeCast while reviewing some of the latest submissions to FreeFixer’s database.
I first thought that this was a BrowseFox variant, based on how it named its filename. But the VirusTotal and the anti-virus programs there detect it as “Adware.SpadeCast“. The detection rate is 9/53. Some of the detection names for SpadeCast are Adware.SpadeCast.A and Trojan.Win32.Generic!BT. I guess it could still be a BrowseFox variant.
So, how about the removal? If you’d like to remove SpadeCast you can do so with the FreeFixer removal tool. Just select the files digitally signed by “SpadeCast”, click the Fix, reboot, and the problem should be solved.
Hope that helped you with the removal.
Did you also find SpadeCast on your computer? Any idea how it installed? Please share by posting a comment. I’d like to install and test this on my lab machine.