Category Archives: adware

Freeven Pro – Removal Instructions

adware, freefixer, , , ,

Are you getting ads while browsing the web labeled “Click to Continue > by Freeven pro 1.2“, like the one shown below?

Click to Continue by Freeven Pro 1.2

Then you have a piece of software called Freeven Pro installed on your machine. Freeven Pro comes bundled with various software downloads. In my case I found it while testing a non-official download of the Google Chrome browser.

So, what is Freeven Pro? Obviously it’s adware since it shows advertisements. The anti-virus programs over at VirusTotal classify the Freeven pro 201.2-bho.dll file with names such as MultiBundle.RWin32.Application.Plush.BAdWare.PlusHD and AppRider.

Preeven Pro VirusTotal scan result

Removing Freeven Pro is pretty easy. Simply check the Freven Pro files for removal in FreeFixer. The screenshots below shows which files to remove:

Freeven Pro DLL in Internet ExplorerFreeven Pro Scheduled TasksFreeven Pro in Firefox

I’ve also captured a video that shows FreeFixer in action while deleting the Freeven Pro files. Hope you find it useful:

It seems as the Freeven developers are randomizing the product name. These are the variants I’ve found so far:

  • Frevens Pro 13
  • Fre_Ven_s Pro 23
  • Free_Ven_s_pro 25
  • Frieven_s_Prox_1.8
  • Fraven 1.1

What variants of Freeven have you found?

How To Remove Search-NewTab

adware, freefixer, trojan, ,

I’m currently looking at what is advertised on some of the torrent sites. Today I found another adware called Search-NewTab that installed into Internet Explorer and Mozilla Firefox:

search-newtab Firefox add-on 

The software seems to use some semi-random naming. I’ve seen in appear as “Seeaerch-oNeewTAb”, “Seearch-NewTTab”, “Sieaarch-NewTab” and “Search-NewTaBi”. What name did Search-Newtab use on your machine?

Currently, Search-NewTab is detected by many of the anti-virus program under names such as MultiPlug and MultiPlag. Most of the antivirus programs classify it as adware, but some report Search-NewTTab as a trojan, as you can see in the screenshot from VirusTotal below:

search-newtab virustotal results

So how about the removal? You can easily remove Search-NewTab by checking its files in FreeFixer:search-newtab bho in Internet ExplorerSearch-newtab as it appears in Freefixer

There’s also a Search-NewTab entry in the Add/Remove programs dialog in the Windows Control Panel, but I have not tested it. So no guarantees there.Seearch-newttab Uninstall from the Programs and Features dialog

Hope this helped you with the Search-Newtab removal.

How did you get Search-Newtab on your machine Please share by posting a comment.

Remove PlurPush Ads

adware, freefixer

If you see updatePlurPush.exe in the Task Manager or pop-up ads labeled PlurPush you have the PlurPush adware installed on your machine.

I found PlurPush when testing a free download, where the following information was displayed in the installer:

PlurPush info displayed in the installer

In other words: PlurPush will show ads while you browse the web.

PlurPush will add itself into Internet Explorer and Mozilla Firefox as shown below:

PlurPush 1.0.1 Mozilla Add-On

If you’d like to remove PlurPush with FreeFixer, you can easily do so by checking PlurPushBho.dll, updatePlurPush.exe and the PlurPush Firefox Extension for removal:

plurpushbho.dllUpdatePlurPush.exeThe PlurPush Firefox Extension

I’ve created a short video that shows FreeFixer in action while removing PlurPush:

Hope you found this useful.

How did you get PlurPush on your machine? Please share in the comments field below.

How To Remove SaveClicker

adware, freefixer

I was actually searching for another adware, but ran into the SaveClicker adware instead. When I found SaveClicker, it was bundled with a free download manager. Here’s the info it displays in the installer.

saveclicker install info

“Just install the add-on on your browser, surf the web and get specials offers (special coupons, discounts and sales)”

Obviously SaveClicker is adware. Here’s how the SaveClicker ad looks like:

Powered by SaveClicker

SaveClicker can easily be uninstalled  by selected in the SaveClicker files in FreeFixer, or by using the entry in the Programs and Features dialog:

SaveClicker saveclicker in internet explorer saveclicker uninstall

How did you get SaveClicker on your computer? Please share by posting a comment.

How To Remove the AtuZi Adware

adware, freefixer

CNet’s Download.com site recently started bundling a new adware called AutZi. Basically it will show ads and change some browser settings:AtuZi CNet Installer

AutZi adds itself into Internet Explorer and Mozilla Firefox as shown in the screenshots below:

AtuZi-1.0.1 Firefox add-on requesting install AtuZi In FirefoxAtuZi add-on Internet Explorer

Removing AutZi is pretty straightforward. You can just select the AtuZibho.dll file and the AtuZi Firefox extension in FreeFixer:AtuZibho.dllAutZi Firefox Extension

Here’s a step-by-step removal video that shows how to uninstall AtuZi with FreeFixer:

There’s also an entry in the Program and Features dialog which allows you to uninstall AtuZi:AtuZi Uninstall

Please let me know if this helped you remove AtuZi by posting a comment.

SW-Booster.exe, SW-Sustainer 1.80, saVee aNete 5.14

adware, freefixer, malware

Played around with another download this morning. This time a bunch of new files and settings appeared. The first notable change was a new process and scheduled task called SW-Booster.exe appearing:sw-booster.exe

SW-Booster.exe is detected under names such as “a variant of Win32/TrojanDownloader.Agent.AFD” and “PUP.Optional.MultiPlug.A

Two new Firefox extensions also appeared, Y**tubeAdBlocker and saVee aNete 5.14:savee-anete-5.14

I’ve verified that FreeFixer removed these completely. There are also entries in the Programs and Features dialog.SW-Booster-SW-Sustainer 1.80

Please let me know if this helped you remove the SW-Booster malware by posting a comment.

Update 2014-11-21: Seems to be a variant around called SoftwareBooster.exe:

SoftwareBooster.exe task manager

 

How To Remove SaveNet

adware, freefixer,

Played around with an adware called SaveNet this evening. The screenshot below explains what types of ads SaveNet will show:

SaveNet Install

Basically you’ll see SaveNet coupons while you browse the web.

If you have SaveNet on your machine, you may also see a file called SN.Booster.exe in the Task Manager. SN.Booster.exe will also run as a service:SN.booster.exe

You’ll also see a Browser Helper Object and a Mozilla Firefox extension when scanning your computer with FreeFixer. The nasty thing about SaveNet is that it will use some sort of semi-random names displayed in Mozilla, Internet Explorer and the Programs and Features dialog. I’ve seen names such as:

  • saVe neut
  • ssave net
  • saveE! neot
  • save. net
  • Save net
  • SNT
  • savve noeT
  • Y**t*beAdblocker
  • saVVE Net
  • saVe neut
  • ssave net
  • saveE! neot
  • savve noeT
  • SN.Booster
  • SN.Sustainer 1.80

What names did you see? Please share by posting a comment.

SaveNet Browser Helper ObjectsSaveNet Firefox Extensions

Luckily it’s pretty easy to remove SaveNet with FreeFixer. Just select the SaveNet files and click Fix and the problem will be gone. You might need to restart your machine to complete the removal.

So, what does the anti-virus programs say about SaveNet? Here’s the detections for SN.Booster.exe:

  • Avast Win32:Agent-ASOC [Adw] 20140419
  • ESET-NOD32 Win32/TrojanDownloader.Agent.AFD 20140419
  • Qihoo-360 Win32/Trojan.Downloader.ec6 20140419
  • TotalDefense Win32/Tnega.VeAcWa 20140419
  • Kingsoft Win32.Troj.Generic.a.(kcloud) 20140419
  • F-Prot W32/Trojan2.OBQW 20140419
  • Commtouch W32/Trojan.ZIUW-3330 20140419
  • Fortinet W32/Agent.AFD!tr.dldr 20140418
  • Bkav W32.SauseiLTAR.Trojan 20140418
  • Comodo TrojWare.Win32.TrojanDownloader.Agent.AFD 20140419
  • Jiangmin TrojanDownloader.Adload.vxu 20140419
  • CAT-QuickHeal TrojanDownloader.Adload.dsd.cw4 20140418
  • VBA32 TrojanDownloader.Adload 20140418
  • AhnLab-V3 Trojan/Win32.Agent 20140419
  • TheHacker Trojan/Downloader.Agent.afd 20140419
  • ViRobot Trojan.Win32.S.Agent.729600.B 20140419
  • VIPRE Trojan.Win32.Generic!BT 20140419
  • NANO-Antivirus Trojan.Win32.Agent.cojdgu 20140419
  • Baidu-International Trojan.Win32.Agent.50 20140418
  • Symantec Trojan.Gen.2 20140419
  • ByteHero Trojan.Exception.gen.101 20140419
  • DrWeb Trojan.DownLoad3.30962 20140419
  • Agnitum Trojan.DL.Adload!sfG54tBszYg 20140418
  • Ad-Aware Trojan.Agent.WDCR.C 20140419
  • BitDefender Trojan.Agent.WDCR.C 20140419
  • F-Secure Trojan.Agent.WDCR.C 20140419
  • GData Trojan.Agent.WDCR.C 20140419
  • MicroWorld-eScan Trojan.Agent.WDCR.C 20140419
  • nProtect Trojan.Agent.WDCR.C 20140418
  • Kaspersky Trojan-Downloader.Win32.Adload.dyhq 20140419
  • Emsisoft Trojan-Downloader.Win32.Adload (A) 20140419
  • Ikarus Trojan-Downloader.Adload 20140419
  • K7AntiVirus Trojan-Downloader ( 0048ec4f1 ) 20140418
  • K7GW Trojan-Downloader ( 0048ec4f1 ) 20140418
  • TrendMicro TROJ_DLOADER.ADFK 20140419
  • TrendMicro-HouseCall TROJ_DLOADER.ADFK 20140419
  • Sophos Troj/Agent-AFFX 20140419
  • Panda Trj/WLT.A 20140419
  • AntiVir TR/Downloader.A.988 20140419
  • Norman Suspicious_Gen4.FKQEC 20140419
  • McAfee RDN/Downloader.a!oi 20140419
  • McAfee-GW-Edition RDN/Downloader.a!oi 20140419
  • Malwarebytes PUP.Optional.MultiPlug.A 20140419
  • AVG Downloader.Generic13.BRBQ 20140419

There are entries to uninstall SaveNet in the Programs and Features dialog. In my case, they appear as SN-Booster, SN-Sustainer, SNT and Y**tubeAdBlocker. What names did SaveNet use on your computer?

SN.Booster SN.Sustainer

Did this help you remove SaveNet? Please let me know by posting a comment.

How To Remove istart.webssearches.com

adware, freefixer

Is your browser starting with istart.webssearches.com as the start page?istart.webssearches.com

No problem, just check the istart.webssearches.com items in FreeFixer and it will be removed from Firefox and Internet Explorer:istart.webssearches.com in freefixer

istart.webssearches.com in freefixer

There is also an entry for webssearches.com in the Programs and Features dialog in the Windows Control Panel. I have not tried it. If you do, please let me know if that removed webssearches.com completely.istart.webssearches.com remove

Please let me know if you found this useful when removing istart.webssearches.com by posting a comment. Any idea how you got istart.webssearches.com on your machine?