Hello readers. Another day, another blog post. Today I wanted to talk about an adware named Strong Signal and give you some removal instructions. Strong Signal appears to be a variant of BrowseFox that I’ve written about before. Here’s how it appears in Firefox:
Strong Signal is bundled in other software’s installers. The following screenshot shows how Strong Signal was disclosed when I found it.
Generally, you can avoid bundled software such as Strong Signal by being careful when installing software and declining the bundled offers in the installer.
None of the anti-virus programs at VirusTotal detected the file, except Bkav which reported it as W32.HfsAdware.2D5E.
So, how about the removal? You can remove Strong Signal with the FreeFixer removal tool. Just select the Strong Signal files as the screen captures below shows. A reboot of your computer may be required to complete the removal.
Hope that helped you with the removal.
Do you also have Strong Signal on your computer? Any idea how it installed? Please share in the comments below. Thanks!
Thanks for reading. Welcome back!
Just wanted to put up a short post before going to bed. I just found a new adware named UniDeals and wanted to give you some removal instructions. UniDeals appears to be a variant of UniSales that I’ve blogged about before. If UniDeals is installed on your computer, you’ll notice new add-ons installed into Firefox and Internet Explorer, called UniSales and YouTubeAdBlocker and a new extension installed into Chrome, with a name that appears to change with each install. I’ll show how to remove UniDeals in this blog post with the FreeFixer removal tool.
I didn’t see any UniDeals ads on the machine, but if it uses the same labelling as UniSales, the ads will say “Ads by UniDeals“.
UniDeals is bundled with a number of downloads. Bundling means that software is included in other software’s installers. This is how UniDeals was disclosed in the installer when I found it.
Generally, you can avoid bundled software such as UniDeals by being careful when installing software and declining the bundled offers in the installer.
As usual when I stumble upon some new bundled software I uploaded it to VirusTotal to verify if the anti-virus scanners there find anything suspicious. Only 2 of the anti-malware scanners detected the UniDeals file. Avira reports UniDeals as ADWARE/MultiPlug.Gen4 and ESET-NOD32 calls it a variant of Win64/Adware.MultiPlug.F.
Hopefully the others will catch up in the next days.
All you need to do to remove UniDeals is to check the UniDeals files in the scan result and click the Fix button. A reboot of your machine may be required to complete the removal. Here’s a few screenshots that should help you along the way:
Hope this helped you remove the UniDeals adware.
Do you also have UniDeals on your machine? Any idea how it was installed? Please share by posting a comment. Thank you very much!
Hope you found this useful and thanks you for reading.
Welcome! Just a quick post on the Binkiland adware. This appears to be a variant of Vosteran and Taplika that I’ve previously written about. If you got Binkiland installed and running on your computer, you will see lots of Binkiland.exe processes running in the Windows Task Manager, the search provider and start page changed to binkiland.com in Internet Explorer and a custom-built Chrome browser installed on the computer, named Binkiland. I’ll show how to remove Binkiland in this blog post with the FreeFixer removal tool.
Binkiland is bundled with other software. Bundled means that it is included in another software’s installer.
When I run into some new bundled software I usually upload it to VirusTotal to check if the anti-viruses there detect something interesting. 25% of the scanners detected the file. The Binkiland files are detected as Trojan.Generic.12750616 by Ad-Aware, Hacktool.Win32.ADInstaller.d by Baidu-International, Artemis!D946977D16BD by McAfee and Win32/Virus.RiskTool.a62 by Qihoo-360.
All you need to do to remove Binkiland is to check the Binkiland files in the scan result and click the Fix button. You may have to reboot your computer to complete the removal. Here’s a few screenshots that should help you along the way:
Hope this helped you remove the Binkiland adware.
Did you also find Binkiland on your computer? Any idea how it was installed? Please share your story the comments below. Thank you!
Thanks for reading!
Just found another bundled program called “Positive Finds“. If you are wondering where it came from, it was probably bundled with some free download. In my case it was bundled with a program that extracts RAR files. Currently, no anti-virus program detected it when I uploaded it to VirusTotal.
The software is clearly adware as explained in the EULA:
You can remove Positive Finds from the Windows Control Panel:
If that does not work, just select the files in FreeFixer:
Thanks for reading!
Hello readers. Hope you are doing ok. I just found another bundled adware called Gate Snapper and thought I should give you some removal instructions. This seems to be a variant of BrowseFox that I’ve previously blogged about. If you got Gate Snapper installed and running on your computer, you will see new add-ons/extensions installed into Mozilla Firefox and Internet Explorer. You may also see ads labeled “By gate snapper“. You can also see “apigatesnapperco-a.akamaihd.net” and “api.gatesnapper.com” appear in the status bar of your web browser or in the network log.
Google Chrome was not affected by the adware.
I’ll show how to remove Gate Snapper in this blog post with the FreeFixer removal tool.
Gate Snapper is bundled with other software. Bundled means that it is included in another software’s installer.
As always when I run into some new bundled software I uploaded it to VirusTotal to see if the anti-virus scanners there detect anything suspicious. 12 of the scanners detected the file. The Gate Snapper files are detected as BrowseFox.F by AVG, Application.Win32.BrowseFox.JM by Comodo, a variant of Win32/BrowseFox.O by ESET-NOD32, AdWare/LinkSwift.acd by Jiangmin, PUP.Optional.GateSnapper.A by Malwarebytes and AdWare.Kranet by VBA32.
You probably came here looking for removal instructions for GateSnapper and you can do so with the FreeFixer removal tool. Here’s a few screenshots from the removal that should help you: A restart of your computer may be required to complete the removal.
Hope that helped you with the removal.
Did you also find Gate Snapper on your system? Any idea how it was installed? Please share in the comments below. Thanks a bunch!
Hope you found this useful. Thanks for reading.
Last post for today. Got problems with ads from MPlayerPlusvideo4? No problem, just uninstall it from the Windows Control Panel:
Or if that does not work, you can remove MPlayerPlusvideo4 with FreeFixer.
Thanks for reading. Good night!
Welcome! Another quick post on a publisher called Small Island Development. I noticed that many FreeFixer users are submitting files digitally signed by this publisher, so I though I should write a few lines about them.
There seems to be many variants of the Small Islands files, and many of them seems to have a randomly generated filename. The file I’m currently looking on is detected by 10 of the scanners scanners at VirusTotal. The majority of the scanners classify the file as adware. AVG reports NXtcFoMlakD.dll as Smallis.5E4, Baidu-International names it Adware.MSIL.PullUpdate.BK, Comodo names it ApplicUnwnt, Panda reports Adware/TVWizard and Symantec calls it Yontoo.C.
Did you also find a Small Island Development file? What kind of download was it?
Thanks for reading.
Welcome! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, while reviewing files submitted to the FreeFixer database, used by a publisher called Acute Angle Solutions Ltd..
You may see Acute Angle Solutions Ltd. appear as the publisher when checking the digital signature under the file’s properties.
It seems as the filename for this file is randomly generated: yzmHYl.dll.
Anyway, the reason I’m writing this blog post is that the Acute Angle Solutions Ltd. file is detected by many of the anti-malware scanners at VirusTotal. Antiy-AVL names yzmHYl.dll as Trojan/Win32.TSGeneric, AVG reports Acute.A40, Avira calls it Adware/PullUpdate.AQ, GData calls it Win32.Adware.AcuteAngle.B, Sophos classifies it as Pull Update and VIPRE detects it as Injekt (fs).
Did you also find a Acute Angle Solutions Ltd. download? What kind of download was it?
Thank you for reading.
Hi there! Was looking for some downloads to play around with and found one, signed by Dove Delivery (Fried Cookie Ltd.). The file is named FlvPlayerSetup.exe.
You can look at the Dove Delivery (Fried Cookie Ltd.) certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Dove Delivery (Fried Cookie Ltd.) is located in Tel Aviv in Israel.
So, why did I put up this blog post? Well, the thing is that the Dove Delivery (Fried Cookie Ltd.) file is detected by some of the anti-virus scanners, according to VirusTotal. Avira reports FlvPlayerSetup.exe as ADWARE/InstallCore.Gen, DrWeb reports Trojan.Packed.29923, ESET-NOD32 detects it as a variant of Win32/InstallCore.UQ and VIPRE reports InstallCore (fs).
Did you also find a Dove Delivery (Fried Cookie Ltd.) file? What kind of download was it? If you remember the download link, please post it in the comments below.
Hope this blog post helped you avoid some unwanted software on your machine.
Thank you for reading.
Hi there! I was reviewing some of the files added to the FreeFixer database this morning. Found a publisher called CLICKCAPTION that you probably want to know about. The file I found is called ccsvc.exe and digitally signed by CLICKCAPTION.
AVG reports ccsvc.exe as Clickcaption.5CF, DrWeb classifies it as Adware.Popad.11, Jiangmin detects it as AdWare/Vitruvian.f, Kaspersky reports not-a-virus:AdWare.Win32.Vitruvian.b, Malwarebytes classifies it as PUP.Optional.ClickCaption.A and VIPRE reports InfoAtoms (fs).
Did you also find a CLICKCAPTION file? What kind of download was it? If you remember the download link, please post it in the comments below.
Thank you for reading.