Category Archives: adware

“WARNING!!! Your Java Version is Outdated, Have Security Risks, Please Update Now!”

October 25, 2014adware, misleading advertising, pop-upsfake Java softwareRoger Karlsson

Are you getting messages or pop-ups while browsing the web saying:

“The page at http://s.mjytsw com says: WARNING!!! Your Java Version is Outdated, Have Security Risks, Please Update Now!”

When I got this message I was redirected to a “Java Update”. The update was digitally signed by a company called Fileangels, so it’s clearly not an official Java update. The Fileangels file is detected by some of the anti-virus programs at VirusTotal. A real Java update should be digitally signed by the company that owns Java, that is Oracle America, Inc.

I got these faked Java warnings while browsing with Firefox, but they can probably also appear if you are using Chrome or Internet Explorer as you web browser.

So, why are you getting these faked Java Update pop-ups? Most likely you have some adware installed on your machine. When I got these ads, I had lots of adwares installed on my lab machine. After removing them with FreeFixer, the “Java Update” pop-ups stopped. These where the adware programs I had and uninstalled: Browser Warden, SmartOnes, TinyWallet, BlockAndSurf, HQ-Video-Pro-2.1c.

To remove these faked Java warnings I would begin to examine the Add/Remove programs dialog in the Control Panel to see if something suspicious is listed there and remove it. Do you see some program that you don’t remember installing? If you sort the programs on the “Installed On” date, do you see anything that was installed approximately about the same time as you first noticed the “Java” warnings?

I think you should also check the add-ons installed into Chrome, Firefox, Internet Explorer. Do you see anything suspicious? Something that you don’t remember installing?

If that did not fix the problem, you can give FreeFixer a try. It’s a tool that I’ve been working on for some time now. FreeFixer is designed to help you manually identify and remove unwanted software, such as the adware that’s running on your machine. FreeFixer scans the processes running on your computer, browser add-ons, startups, scheduled tasks, recently modified files, and lots of other locations. FreeFixer is freeware and its removal feature is not crippled liked many other malware removers out there. If FreeFixer solved your problem, please help me spread the word and let your friends know about it.

Tip: If you are having difficulties to figure out whether a file or setting in FreeFixer’s scan result is legitimate or if it should be removed, please check out the information shown on the More Info page. It will show a VirusTotal report which can be quite useful when trying to determine whether to keep or remove a file.

Click the More Info links to get a VirusTotal report about the file. — The “More Info” links in FreeFixer. Click for full size.

Which adware programs did you have to uninstall to get rid of the “Java Update” warnings?

And if you are looking for the real Java download, go to the official Java site: https://www.java.com/en/

Thanks for reading.

Update 2014-10-26: These fake Java warnings are still going on. Found the same type of pop-up, but this time it mentions another web site: d.andoie.com. What web site does your warning message mention?

When clicking on the warning message, the faked Java site at phohyt.com opens up. Is this the site you are redirected to as well?

Update 2014-10-27: The pop-ups are still appearing. Now they mention d.mobcgm.com and d.mobdty.com. If clicking the OK button in the dialog, apprfv.com opens up containing a faked java update site.

Update 2014-10-30: These fake Java warnings and faked Java sites are still popping up. Today the pop-up mention www.qposwe.com and debajxcj.com and the faked site is hosted at irzsmdcs.com:

Update 2014-11-11: This is still going on. zpkaid.com is used host the fake Java Update site. The title of the page is “Update for Your Computer” and the download is signed by Safe Down.

Update 2014-11-13: Today the fake update site is hosted zrmica.com.

Update 2014-11-14: Today the fake site is hosted at zszpkt.com and ztcdnr.com. The downloads are signed by “Safe Down” and Fileangels.

Update 2014-11-16: Now the fake site is hosted at zwkuvp.com.

Remove “powered by SmartOnes” Ads

October 23, 2014adware, freefixerMultiPlugRoger Karlsson

Hello guys and gals. As usual I was looking around on the Internet to see what is being bundled with some software downloads. This time I found something called SmartOnes. If you have SmartOnes on your computer, you’ll find new add-ons installed in Chrome, Internet Explorer and Mozilla Firefox and ads labeled powered by SmartOnes while browsing the web. I’ll show how to remove SmartOnes in this blog post with the FreeFixer removal tool.

Here’s how SmartOnes appears in Firefox and Internet Explorer:

SmartOnes is distributed by a strategy called bundling. Bundling means that a piece of software is included in other software’s installers. When I first found SmartOnes, it was bundled with a download called a download claiming to be an episode of the Game of Thrones TV serie. Here’s how it appeared in the installer where I found it:

Generally, you can avoid bundled software such as SmartOnes by being careful when installing software and declining the bundled offers in the installer.

As always when I test some new bundled software I uploaded it to VirusTotal to see if the anti-viruses there detect anything. 4 of the scanners detected the file. MultiPlug seems to be the common detection name.

The SmartOnes removal with FreeFixer is straightforward. Check all the SmartOnes items for removal and click fix. Here’s a few screenshots from the removal that should help you:

To remove the Chrome extension, type in chrome://extensions/ in Chrome’s address bar.

Hope this helped you remove the SmartOnes adware.

Any idea how SmartOnes was installed on your computer? Please share by posting a comment. Thanks a bunch!

Thank you for reading and welcome back.

Remove HQ-Video-Pro-2.1cV22.10 Ads

October 23, 2014adware, freefixerCrossRiderRoger Karlsson

Hello there and welcome to the FreeFixer blog. Did something called HQ-Video-Pro-2.1cV22.10 appear on your machine? HQ-Video-Pro-2.1cV22.10 seems to be a variant of CrossRider that I’ve written about before. If you have HQ-Video-Pro-2.1cV22.10 on your machine, you will find ads labeled powered by HQ-Video-Pro-2.1cV22.10 in Google search results. You will also see new add-ons installed in Internet Explorer and Mozilla Firefox. I’ll show how to remove HQ-Video-Pro-2.1c in this blog post with the FreeFixer removal tool.

HQ-Video-Pro-2.1c is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found HQ-Video-Pro-2.1cV22.10, it was bundled with a download called FlvPlayer. Generally, you can avoid bundled software such as HQ-Video-Pro-2.1c by being careful when installing software and declining the bundled offers in the installer.

As usual when I play around with some new bundled software I uploaded it to VirusTotal to test if the anti-malware software there find something. The detection rate is 4/54 which I’d say is pretty low. Some of the detection names for HQ-Video-Pro-2.1cV22.10 are a variant of Win64/Toolbar.Crossrider.L, PUP.Optional.HQVideo.A and Crossrider (fs). The file is signed by “Radon Battery Technologies“.

The HQ-Video-Pro-2.1cV22.10 removal with FreeFixer is pretty straightforward. Check all the HQ-Video-Pro-2.1cV22.10 files/settings for removal and click fix. Here’s a few screenshots from the removal that should help you:

Hope this helped you remove the HQ-Video-Pro-2.1cV22.10 Adware.

Any idea how you got HQ-Video-Pro-2.1cV22.10 on your computer? Please share in the comments below. Thanks a bunch!

Hope you found this useful. Thanks for reading.

Update 2014-10-24: Found another variant called HQ-Video-Pro-2.1cV23.10.

Update 2014-10-25: Another variant: HQ-Video-Pro-2.1cV24.10.

Seems like the version number is updated every day. So I’ll assume we will see the following variants shortly:

HQ-Video-Pro-2.1cV25.10
HQ-Video-Pro-2.1cV26.10
HQ-Video-Pro-2.1cV27.10
HQ-Video-Pro-2.1cV28.10
HQ-Video-Pro-2.1cV29.10
HQ-Video-Pro-2.1cV30.10

WordProser Ads Removal Instructions

October 20, 2014adware, freefixerInfoAtoms, VitruvianRoger Karlsson

Hello readers. Welcome to the blog. Just a short post on a called Word Proser or WordProser. Word Proser appears to be a variant of Vitruvian that I’ve blogged about before. If you have WordProser installed and running on your computer, you will find ads labeled WordProser Ads or Ads by WordProser, new add-ons in Mozilla Firefox and Internet Explorer and a new service called wpsvc.exe. I’ll show how to remove WordProser in this blog post with the FreeFixer removal tool.

You may also see the “WordProser search results”:

Word Proser is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found Word Proser, it was bundled with a piece of software called FastPlayer. The screengrab below shows how the FastPlayer installer informed the user that Word Proser was bundled.

Generally, you can avoid bundled software such as Word Proser by being careful when installing software and declining the bundled offers in the installer.

As always when I find some new bundled software I uploaded it to VirusTotal to see if the anti-malware progams there detect anything interesting. 3 of the scanners detected the file. The Word Proser files are detected as a variant of Win32/AdWare.Vitruvian.D by ESET-NOD32 and InfoAtoms (fs) by VIPRE.

Since you probably want to remove Word Proser, wpnfd_1_10_1.sys, wpsvc.exe and WordProserClient.dll are the files you should check for removal if you want to remove it with FreeFixer. You might have to reboot your computer to complete the removal. Problem taken care of.

Hope that helped you with the removal.

Any idea how you got Word Proser on your computer? Please share your story the comments below. Thank you!

Hope you found this useful. Thanks for reading.

How To Remove OfferBoulevard

October 17, 2014adware, freefixerLinkuryRoger Karlsson

Hello there. Found another adware called OfferBoulevard right now. OfferBoulevard seems to be a variant of Linkury. If the OfferBoulevard adware is installed on your system, you will see OfferBoulevard.exe and OfferBoulevardW.exe running in the Task Manager. I’ll show how to remove OfferBoulevard in this blog post with the FreeFixer removal tool.

OfferBoulevard is bundled with other software. Bundled means that it is included in another software’s installer. When I first found OfferBoulevard, it was bundled with FastPlayerPro. Here’s how it appeared in the FastPlayerPro installer where I found it:

For some reason it is called Offer Blvd in the EULA.

Generally, you can avoid bundled software such as OfferBoulevard by being careful when installing software and declining the bundled offers in the installer.

When I play around with some new bundled software I always upload it to VirusTotal to check if the anti-viruses there detect something fishy. 10 of the 54 anti-virus scanners detected the file. ESET-NOD32 reports OfferBoulevard as a variant of MSIL/Toolbar.Linkury.H, Malwarebytes classifies it as PUP.Optional.Offer and VIPRE detects it as Adware.Linkury (fs).

The OfferBoulevard removal with FreeFixer is pretty easy. Check all the OfferBoulevard files for removal and click fix. Here’s a few screenshots from the removal that should help you:

Hope this helped you remove the OfferBoulevard adware.

Any idea how OfferBoulevard was installed on your computer? Please let me and the readers know by posting a comments. Thank you very much!

Thank you for reading.

Ads by VideosMediaPlayers – Removal Instructions

October 17, 2014adware, freefixerCrossRiderRoger Karlsson

Getting ads injected into web pages labeled Ads by VideosMediaPlayers_v1.2+ or Ad by VideosMediaPlayers_v1.2+.

No problem, just uninstall it from the Windows Control Panel:

If the uninstaller did not work, you can remove remove it with FreeFixer.

Thank you for reading.

Browsers+Apps+1.1 – Ads by Browsers+Apps+1.1 Removal Instructions

October 17, 2014adware, freefixerCrossRiderRoger Karlsson

Just wanted to put up a short post before going back to programming on FreeFixer. Today I wanted to talk about an adware named Browsers+Apps+1.1 and give you some removal instructions. Browsers+Apps+1.1 seems to be a variant of CrossRider that I’ve blogged about before. If the Browsers+Apps+1.1 adware is running on your machine, you will see ads tagged Ad by Browsers+Apps+1.1 or Ads by Browsers+Apps+1.1 injected into web pages while you browse and new add-ons in Firefox and Internet Explorer. I’ll show how to remove Browsers+Apps+1.1 in this blog post with the FreeFixer removal tool.

Browsers+Apps+1.1 is distributed by a strategy called bundling. Bundling means that a piece of software is included in other software’s installers.

As always when I find some new bundled software I uploaded it to VirusTotal to check if the anti-virus software there find something suspicious. 16% of the antimalware scanners detected the file. Malwarebytes classifies Browsers+Apps+1.1 as PUP.Optional.BrowsersApp.A, McAfee detects it as CrossRider-FRV and VIPRE detects it as Crossrider (fs).

You probably came here looking for removal instructions for Browsers+Apps+1.1 and you can do so with the FreeFixer removal tool. Just select the Browsers+Apps+1.1 files as the screenshots below shows. A restart of your machine may be required to complete the removal.

Hope that helped you with the removal.

I stumbled upon Browsers+Apps+1.1 while testing out some downloads that are known to bundled lots of unwanted software. Any idea how you got Browsers+Apps+1.1 on your computer? Please let me and the readers know by posting a comments. Thanks!

Hope you found this useful. Thanks for reading.

AdvanceElite Adware Removal Instructions

October 17, 2014adware, freefixerAltbrowse, artemis, BrowseFoxRoger Karlsson

Hello guys and gals. Today I wanted to talk about an adware called AdvanceElite and give you some removal instructions. AdvanceElite seems to be a variant of BrowseFox that I’ve written about before. If AdvanceElite is installed and running on your machine, you will see ads labeled AdvanceElite Ads in and new add-on called AdvanceElite 1.0.1 in Internet Explorer and Mozilla Firefox. I’ll show how to remove AdvanceElite in this blog post with the FreeFixer removal tool.AdvanceElite is bundled with a number of downloads. Bundling means that software is included in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.Generally, you can avoid bundled software such as AdvanceElite by being careful when installing software and declining the bundled offers in the installer.

When I play around with some new bundled software I always upload it to VirusTotal to test if the anti-virus tools there find something interesting. Of the 55 anti-virus scanners, 13 detected the file. Some of the detection names for AdvanceElite are BrowseFox.F, PUP.Optional.AdvanceElite.A and Artemis.

You probably came here looking for removal instructions for AdvanceElite and you can do so with the FreeFixer removal tool. Here’s a few screenshots from the removal that should help you: A restart of your system may be required to complete the removal.

Hope this helped you remove the AdvanceElite adware.

Do you also have AdvanceElite on your machine? Any idea how it installed? Please share your story the comments below. Thanks!

Thank you for reading and welcome back.

Astromenda and Astromenda.com Removal Instructions

October 16, 2014adware, freefixerRoger Karlsson

Hello readers. Welcome to the blog. I just found another bundled adware called Astromenda and thought I should give you some removal instructions. If you have Astromenda on your computer, you’ll spot home page and search settings changed to astromenda.com and add-ons added into Internet Explorer and Firefox. I’ll show how to remove Astromenda in this blog post with the FreeFixer removal tool.

Here’s how astromenda.com appears in Internet Explorer:

Astromenda is bundled with other software. Bundled means that it is included in another software’s installer. The following screenshot shows how Astromenda was disclosed when I found it.Generally, you can avoid bundled software such as Astromenda by being careful when installing software and declining the bundled offers in the installer.

The Astromenda removal with FreeFixer is pretty straightforward. Check all the Astromenda items for removal and click fix. Here’s a few screenshots from the removal that should help you:

Hope this helped you remove the Astromenda adware.

Do you also have Astromenda on your computer? Any idea how it installed? Please share in the comments below. Thanks!

Hope you found this useful and thanks you for reading.

Browser Warden Ads – Removal Instructions

October 15, 2014adware, freefixerGamePlayLabsRoger Karlsson

Just wanted to put up a short post before going back to programming. Today I wanted to talk about an adware called Browser Warden and give you some removal instructions. If the Browser Warden adware is installed on your machine, you’ll spot ads labeled Ads by Browser Warden in Google’s search results and a new add-on installed in Mozilla Firefox. You will also see banners tagged as “Ad by Browser Warden” injected into web pages. I’ll show how to remove Browser Warden in this blog post with the FreeFixer removal tool.

You will probably also see browserwarden-a.akamaihd.net in the browser’s status bar:

BrowserWarden is bundled with a number of downloads. Bundling means that software is included in other software’s installers.

Generally, you can avoid bundled software such as BrowserWarden by being careful when installing software and declining the bundled offers in the installer, but in this case I could not see any disclosure in the installer that bundled Browser Warden.

Here’s the scan results from VirusTotal. It also shows that the signer is Gratifying Apps. GamePlayLabs is one of the detection names.

If you’d like to remove Browser Warden you can do so with the FreeFixer removal tool. Just check the Browser Warden files as shown in the screenshots below. You might have to restart your computer to complete the removal.

Hope that helped you to figure out how to do the removal.

Do you also have Browser Warden on your computer? Any idea how it installed? Please share by posting a comment. Thank you very much!

Thank you for reading.