Category Archives: adware

PortalMore Adware – How To Remove It

October 15, 2014adware, freefixerAltbrowse, BrowseFoxRoger Karlsson

Hello there and welcome to the FreeFixer blog. Today I wanted to talk about an adware called PortalMore that I found a few days ago and give you some removal instructions. PortalMore seems to be a variant of BrowseFox/AltBrowse that I wrote about previously. If the PortalMore adware is installed and running on your computer, you’ll see ads labeled PortalMore Ads inserted into web pages while you browse and new add-ons added in Firefox and Internet Explorer. I’ll show how to remove PortalMore in this blog post with the FreeFixer removal tool.

PortalMore is bundled with a number of downloads. Bundling means that software is included in other software’s installers. This is how PortalMore was disclosed in the installer when I found it:

Generally, you can avoid bundled software such as PortalMore by being careful when installing software and declining the bundled offers in the installer.

As usual when I run into some new bundled software I uploaded it to VirusTotal to check if the anti-viruses there find something. Of the 55 anti-malware scanners, 37 detected the file. Some of the detection names for PortalMore are BrowseFox.F, Application.Win32.Altbrowse.AK and PUP.Optional.PortalMore.A.

All you need to do to remove PortalMore is to check the PortalMore files in the FreeFixer scan result and click the Fix button. You may have to restart your machine to complete the removal. Here’s a few screenshots that should help you along the way:

Hope that helped you to figure out how to do the removal.

I stumbled upon PortalMore while testing out some downloads that are known to bundled lots of unwanted software. Any idea how you got PortalMore on your machine? Please share in the comments below. Thank you very much!

Thank you for reading.

dtw.getupslipperyskullcap.com Pop-Ups – Removal Instructions

October 14, 2014adware, pop-upsRoger Karlsson

Getting pop-ups from dtw.getupslipperyskullcap.com in Chrome, Firefox or Internet Explorer? Then it’s likely you have some adware installed on your machine 🙁

I got the dtw.getupslipperyskullcap.com pop-up ads after testing out a download on my lab machine, that I knew bundled some unwanted software. It installed BlockAndSurf, TinyWallet and Browser Warden. After removing these unwanted programs, and a bunch of other unwanted files, with the FreeFixer removal tool, the pop-ups ads stopped. These were the files I also deleted in FreeFixer:

bservice.exe
bservice64.exe
wd.exe
webinstrnew.sys

Hope that helped you with the removal.

Any idea how you got the dtw.getupslipperyskullcap.com pop-up ads on your machine?

Client.exe by Software Jockey – Detected as IBryte and AdKnowledge

October 13, 2014adwareAdKnowledge, iBryteRoger Karlsson

Do you see a file called Client.exe that’s signed by Software Jockey in the Task Manager?Then you have an adware called RocketTab installed on your machine. Client.exe is detected as iBryte and AdKnowledge:

Lampy Lighty Removal Instructions

October 13, 2014adware, freefixerAltbrowse, BPlug, BrowseFoxRoger Karlsson

Hello there and welcome to the FreeFixer blog. I just found another bundled adware called Lampy Lighty and thought I should give you some removal instructions. Lampy Lighty seems to be a variant of BrowseFox/AltBrowse that I’ve blogged about before. If the Lampy Lighty adware is installed on your computer, you will notice ads labeled Lampy Light Ads, something called Related Searches appearing in the left column of the browser window and new add-ons added in Internet Explorer and Mozilla Firefox. I’ll show how to remove Lampy Lighty in this blog post with the FreeFixer removal tool.

LampyLighty is bundled with other software. Bundled means that it is included in another software’s installer. Generally, you can avoid bundled software such as Lampy Lighty by being careful when installing software and declining the bundled offers in the installer. The screenshot shows how LampyLighty was disclosed in the installer:

As always when I find some new bundled software I uploaded it to VirusTotal to test if the anti-viruses there find something fishy. 13% of the anti-malware scanners detected the file which is in my view a pretty low detection rate. The Lampy Lighty files are detected as BrowseFox.F by AVG, Trojan.BPlug.167 by DrWeb and PUP.Optional.LampyLighty.A by Malwarebytes.

If you would like to remove Lampy Lighty you can do so with the FreeFixer removal tool. Just select the Lampy Lighty files as the screenshots below shows. You might have to restart your machine to complete the removal.

Hope that helped you to figure out how to do the removal.

Did you also find LampyLighty on your machine? Any idea how it was installed? Please let me and the readers know by posting a comments. Thanks!

Thank you for reading and welcome back.

SearchSnacks Removal Instructions

October 9, 2014adware, freefixerVitruvianRoger Karlsson

Hello there. Today I wanted to talk about an adware called SearchSnacks and give you some removal instructions. If the Search Snacks Adware is installed and running on your system, you will see new add-ons in your web browsers and sssvc.exe running in the Windows Task Manager. You will also see ads labeled “brought by Search Snacks” and “Powered by SearchSnacks”. I’ll show how to remove Search Snacks in this blog post with the FreeFixer removal tool.

SearchSnacks is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found SearchSnacks, it was bundled with a software called FastPlayerPro. Here’s one example how it appears in the FastPlayerPro installer.

This screenshot also clearly explains that Search Snacks is adware.

When I mess around with some new bundled software I normally upload it to VirusTotal to test if the anti-malwares there find anything. 20% of the scanners detected the file. Some of the detection names for SearchSnacks are Adware.Vitruvian.B, a variant of Win32/AdWare.Vitruvian.D and InfoAtoms (fs).

If you would like to remove SearchSnacks you can do so with the freeware FreeFixer tool. Select the SearchSnacks files for removal in FreeFixer, click Fix, restart your machine and the problem will be gone. Here’s a few screenshots to point you in the right direction:

Hope this helped you solved the SearchSnacks problem.

Any idea how SearchSnacks was installed on your machine? Please let me and the readers know by posting a comments. Thank you!

Thanks for reading. Welcome back!

How To Remove BrowsersApp_Pro_v1.1

October 9, 2014adware, freefixerCrossRider, Cyprus, Nicosia, Numlock Apps, Railroad Party AppsRoger Karlsson

Hello there and welcome to the FreeFixer blog. Just a quick post on the BrowsersApp_Pro_v1.1 adware. This appears to be a variant of CrossRider that I’ve previously written about. If the BrowsersApp_Pro_v1.1 adware is installed on your computer, you will find ads labeled Ad by BrowsersApp_Pro_v1.1 while browsing the web, new add-ons added in your web browsers and new files, digitally signed by Numlock Apps, on the hard-drive. I’ll show how to remove BrowsersApp_Pro_v1.1 in this blog post with the FreeFixer removal tool.

BrowsersApp_Pro_v1.1 is bundled with other software. Bundled means that it is included in another software’s installer.

Generally, you can avoid bundled software such as BrowsersApp_Pro_v1.1 by being careful when installing software and declining the bundled offers in the installer.

When I play around with some new bundled software I always upload it to VirusTotal to check if the anti-malware scanners there find anything suspicious. 6 of the 54 scanners detected the file. The BrowsersApp_Pro_v1.1 files are detected as PUP/Win32.CrossRider by AhnLab-V3, PUP.Optional.BrowserApp.A by Malwarebytes and Crossrider (fs) by VIPRE.

Since you probably want to remove BrowsersApp_Pro_v1.1, these are the files you should check for removal if you want to remove it with FreeFixer. A restart of your computer might be required to complete the removal.

Hope this helped you remove the BrowsersApp_Pro_v1.1 adware.

Did you also find BrowsersApp_Pro_v1.1 on your computer? Any idea how it was installed? Please let me and the readers know by posting a comments. Thank you!

Thanks for reading. Welcome back!

Update 2014-11-05: The BrowsersApp_Pro_v1.1 adware is still distributed through bundling. The files are now signed by Railroad Party Apps as you can see in the screenshot below. The Railroad Party Apps company appears to be located in Nicosia, Cyprus.

How To Remove The Framed Display Adware

October 6, 2014adware, freefixerAltbrowse, artemis, BrowseFoxRoger Karlsson

Just wanted to write a short post before going calling it a day. Stumbled upon the Framed Display adware. Framed Display appears to be a variant of AltBrowse/BrowseFox. If the Framed Display adware is running on your machine, you will see various type of advertisements according to the Frame Display EULA. However, for some reason I don’t see any ads. Do you? If you got this on your machine, you will also notice it in the browser’s add-on menu. For example, here’s Frame Display in Firefox:

Framed Display is bundled with a number of downloads. Bundling means that software is included in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.

When I find some new bundled software I usually upload it to VirusTotal to check if the antimalware scanners there detect something interesting. 20% of the anti-virus scanners detected the file. The Framed Display files are detected as BrowseFox.F by AVG, PUP.Optional.FramedDisplay.A by Malwarebytes and Artemis!032AA150BDFB by McAfee. framed display virustotal

So, how about the Framed Display removal? You can remove Framed Display with the FreeFixer removal tool. Just select the Framed Display files as the screenshots below shows. A restart of your machine might be required to complete the removal.

Hope that helped you to figure out how to do the removal.

I found Framed Display while testing out some downloads that are known to bundled lots of unwanted software. Any idea how you got Framed Display on your computer? Please share your story the comments below. Thank you very much!

Hope you found this useful. Thanks for reading.

InstallationSafe – 15% Detection Rate – Detected as AdGazelle

October 6, 2014adware, digital signatureAdGazelleRoger Karlsson

Was looking for some downloads to play around with and found one, digitally signed by InstallationSafe, that claimed “Your Java version may be outdated” trying to get me to installs something else than the official Java download.

The InstallationSafe download is distributed from fugupdates101 dot com. Some of the anti-virus programs are detecting the InstallationSafe file. The detection rate is 15 %. AdGazelle is one of the detection names.

Did you also find a download that was digitally signed by InstallationSafe? What kind of download was it and was it detected by the anti-virus programs at VirusTotal? Please share by posting a comment.

Thank you for reading.

Remove Cantataweb – Adware Removal Instructions

October 6, 2014adware, freefixerAltbrowse, BrowseFox, New IT LimitedRoger Karlsson

Welcome! Found another adware called Cantataweb right now. This appears to be yet another variant of BrowseFox/AltBrowse that I’ve previously written about. According to the other anti-malware bloggers, Cantataweb has been around since August 2014.

If you got Cantataweb installed on your computer, you will see new add-ons added in Mozilla Firefox and Internet Explorer and a folder called Cantataweb added under the Programs Files folder. I’ll show how to remove Cantataweb in this blog post with the FreeFixer removal tool.

Cantataweb is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found Cantataweb, it was bundled with a software download claiming to be an episode of the Game of Thrones TV show. The download was digitally signed by New IT Limited.

Generally, you can avoid bundled software such as Cantataweb by being careful when installing software and declining the bundled offers in the installer.

As usual when I stumble upon some new bundled software I uploaded it to VirusTotal to test if the anti-malwares there find anything suspicious. 40 of the scanners detected the file which is a pretty good detection rate. The Cantataweb files are detected as Win32:BrowseFox-AW [PUP] by Avast, Application.Win32.Altbrowse.AK by Comodo, a variant of Win32/BrowseFox.F by ESET-NOD32 and PUP.Optional.Cantataweb.A by Malwarebytes.

You probably came here looking for removal instructions for Cantataweb and you can do so with the FreeFixer removal tool. Just select the Cantataweb files/settings as the screenshots below shows. A reboot of your computer may be required to complete the removal. Problem solved.

Hope this helped you remove the Cantataweb adware.

Do you also have Cantataweb on your system? Any idea how it was installed? Please let me and the readers know by posting a comments. Thank you!

Hope you found this useful and thanks you for reading.

How to remove ProtectedBrowsing adware

October 4, 2014adware, freefixerGeneric.D4CRoger Karlsson

Just wanted to write a short post before going back to coding on FreeFixer. Found another adware called ProtectedBrowsing right now.

If ProtectedBrowsing is installed on your machine, you will find ads labeled Ad by ProtectedBrowsing and green links inserted into web pages saying Click to Continue by ProtectedBrowsing.

You will also see a notification message from the system tray saying Proxy Protection Enabled and an icon in the system tray. New processes will appear in the Windows Task Manager: bservice.exe, bservice64.exe, wd.exe, pwdg.exe and proc.exe. ProtectedBrowsing also adds a new entry “54.204.28.26 baefoldjnepdncjikpmjiamfbjgicfol” in the HOSTS file. I’ll show how to remove ProtectedBrowsing in this blog post with the FreeFixer removal tool.

ProtectedBrowsing also installs add-ons in your browsers. Here’s two screenshots showing the adware in Chrome and Firefox:

ProtectedBrowsing is bundled with a number of downloads. Bundling means that software is included in other software’s installers.

Generally, you can avoid bundled software such as ProtectedBrowsing by being careful when installing software and declining the bundled offers in the installer.

When I test some new bundled software I always upload it to VirusTotal to test if the anti-virus scanners there find something fishy. I uploaded FrameworkBHO.dll which is digitally signed by Gratifying Apps. The detection rate is very low. Only 1 of the scanners detected the file. AVG names ProtectedBrowsing as Generic.D4C.

Removing ProtectedBrowsing is pretty easy with FreeFixer. Here’s a few screenshots from the removal that should help you: A restart of your system may be required to complete the removal. Problem fixed.