Category Archives: adware

Remove CrimeWatch Adware

Hello there and welcome to the FreeFixer blog. I just found another bundled adware titled CrimeWatch and wanted to give you some removal instructions. If the CrimeWatch adware is installed and running on your machine, you will see CrimeWatchService.exe, digitally signed by “Mathematical Applications“, running in the Windows Task Manager. You will also see a new service installed, called CrimeWatch and perhaps also a yellow pop-up allowing you to toggle CrimeWatch on and off. I’ll show how to remove CrimeWatch in this blog post with the FreeFixer removal tool.Crime Watch toggle

CrimeWatch is bundled with a number of downloads. Bundling means that software is included in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.

CrimeWatch installer

As always when I find some new bundled software I uploaded it to VirusTotal to check if the anti-malware software there find anything interesting. 15 of the 56 anti-malware scanners detected the file. The CrimeWatch files are detected as PUA.PullUpdate! by Agnitum, ApplicUnwnt by Comodo, Adware.Yontoo.55 by DrWeb, PUP.Optional.Crimewatch.A by Malwarebytes, Trj/Genetic.gen by Panda and HEUR/QVM30.1.Malware.Gen by Qihoo-360.

CrimeWatch virustotal

Since you probably want to remove CrimeWatch, these are the files you should check for removal if you want to remove it with FreeFixer. A restart of your machine may be required to complete the removal.CrimeWatchService.exe process crimewatch.exe crimewatch.dll files CrimeWatch service

Hope that helped you with the removal.

Did you also find CrimeWatch on your machine? Any idea how it installed? Please let me and the readers know by posting a comments. Thank you!

Hope you found this useful and thanks you for reading.

Remove WebSize Adware

Hello readers. I was reviewing some of the files added to the FreeFixer database, and found something called WebSize? WebSize is yet another variant of BrowseFox. The WebSize removal is pretty easy. Just select the files that are digitally signed by WebSize in FreeFixer and the problem will be gone.

So what does VirusTotal say about the file? 19 of the anti-malware scanners detected the file. The WebSize files are detected as PUA.BrowseFox! by Agnitum, Adware/BrowseFox.A.1227 by Avira, Tool.NetFilter.313 by DrWeb and AdWare.Win64.Yotoon by VBA32.

WebSize virustotal

Hope that helped you to figure out how to do the removal.

Do you also have WebSize on your computer? Any idea how it was installed? Please share by posting a comment. Thank you!

Hope you found this useful and thanks you for reading.

Remove Ace Race Ads – Adware Removal Instructions

Just wanted to put up a short blog post before going back to coding. Did something named Ace Race appear on your machine? This appears to be yet another variant of BrowseFox that I’ve previously blogged about. If the Ace Race adware is running on your computer, you will see a new add-on called Ace Race installed into Mozilla Firefox and Internet Explorer. I’ll show how to remove Ace Race in this blog post with the FreeFixer removal tool.

ace race firefox

Ace Race is bundled with a number of downloads. Bundling means that software is included in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.

ace race installer

Generally, you can avoid bundled software such as Ace Race by being careful when installing software and declining the bundled offers in the installer.

As usual when I run into some new bundled software I uploaded it to VirusTotal to see if the anti-malware scanners there detect anything fishy. 11 of the anti-malware scanners detected the file. The Ace Race files are detected as BrowseFox.F by AVG, W32/S-7bed2e86!Eldorado by F-Prot, Trojan ( 0040f9921 ) by K7GW, PUP.Optional.AceRace.A by Malwarebytes and AdWare.Kranet by VBA32.

acerace virustotal

If you would like to remove Ace Race you can do so with the freeware FreeFixer tool. Select the Ace Race files for removal in FreeFixer, click Fix, reboot your computer and the problem will be gone. Here’s a few screenshots to point you in the right direction:

ace race remove firefox ace race internet explorer

Hope that helped you to figure out how to do the removal.

Did you also find Ace Race on your machine? Any idea how it installed? Please share in the comments below. Thank you!

Thanks for reading. Welcome back!

Remove Dynamo Combo Ads

Hello guys and gals. Today I wanted to talk about an adware called Dynamo Combo and give you some removal instructions. Dynamo Combo appears to be a variant of BrowseFox that I blogged about previously. If Dynamo Combo is installed and running on your machine, you will see a new add-on, called Dynamo Combo, installed into Firefox and Internet Explorer. I’ll show how to remove Dynamo Combo in this blog post with the FreeFixer removal tool.

So, how did Dynamo Combo install on your machine? It was probably bundled with some download that you installed recently. Bundling means that software is included in other software’s installers.

Generally, you can avoid bundled software such as Dynamo Combo by being careful when installing software and declining the bundled offers in the installer.

So, how about the Dynamo Combo removal? You can remove Dynamo Combo with the FreeFixer removal tool. Here’s a few screenshots from the removal that should help you: A reboot of your computer might be required to complete the removal.

Dynamo Combo Dynamo Combo internet explorer

Hope that helped you with the removal.

Did you also find Dynamo Combo on your system? Any idea how it was installed? Please share your story the comments below. Thanks!

Thank you for reading.

Remove Video Dimmer Adware

Hello readers. Hope you are doing ok. Just a quick post on the Video Dimmer adware. It appears that Video Dimmer has been around for some time, but now I noticed it bundled with several downloads.If Video Dimmer is installed on your machine, you’ll find a new service installed and videodimmerservice.exe running in the Windows Task Manager.

I’ll show how to remove Video Dimmer in this blog post with the FreeFixer removal tool.

So, how did Video Dimmer install on your machine? It was probably bundled with some download that you installed recently. Bundling means that software is included in other software’s installers. Here’s how it appeared in the installer:

video dimmer installer

When I find some new bundled software I always upload it to VirusTotal to check if the anti-malware programs there find something. Of the 56 anti-virus scanners, 10 detected the file. AVG detects Video Dimmer as Downloader.CBD, Avira detects it as Adware/PullUpdate.AP, Comodo names it ApplicUnwnt, Malwarebytes names it PUP.Optional.VideoDimmer.A and Qihoo-360 reports HEUR/QVM03.0.Malware.Gen.

All you need to do to remove Video Dimmer is to check the Video Dimmer files in the scan result and click the Fix button. A reboot of your computer may be required to complete the removal. Just select the Video Dimmer files as shown in the screenshots below.

videodimmerservice.exe service video dimmer process

Hope this helped you solved the Video Dimmer problem.

I stumbled upon Video Dimmer while testing out some downloads that are known to bundled lots of unwanted software. Any idea how Video Dimmer was installed on your computer? Please share your story the comments below. Thank you very much!

Thanks for reading!

Cyti Web Adware Removal Instructions

Hello guys and gals. Just a short post on an adware called Cyti Web. This appears to be a variant of BrowseFox that I’ve previously blogged about many times. If Cyti Web is running on your system, you will find new add-on installed into Firefox and Internet Explorer. I’ll show how to remove Cyti Web in this blog post with the FreeFixer removal tool.

Cyti Web 1.0.1 firefox

CytiWeb is bundled with other software. Bundled means that it is included in another software’s installer. When I first found CytiWeb, it was bundled with a software download called FlvPlayer. The following screen-cap shows how Cyti Web was disclosed in FlvPlayer’s installer when I found it.

Cyti web installer

Generally, you can avoid bundled software such as Cyti Web by being careful when installing software and declining the bundled offers in the installer.

As usual when I find some new bundled software I uploaded it to VirusTotal to verify if the anti-virus scanners there detect anything interesting. 32 of the scanners detected the file. The Cyti Web files are detected as BrowseFox.F by AVG, ADWARE/BrowseFox.Gen2 by Avira, Trojan.BPlug.144 by DrWeb, Artemis by McAfee-GW-Edition, Yontoo.C by Symantec and AdWare.Kranet by VBA32.

You can remove Cyti Web with the FreeFixer removal tool. Here’s a few screenshots that should help you along the way: A restart of your machine might be required to complete the removal. Problem solved.

Cyti web remove internet explorer Cyti web remove firefox

Hope this helped you remove the Cyti Web adware.

Any idea how you got Cyti Web on your computer? Please share by posting a comment. Thanks!

Hope you found this useful. Thanks for reading.

Remove Ads by Unisales – Adware Removal Instructions

Hello readers. Another day, another blog post. Today I wanted to talk about a Adware called UniSales and thought I should give you some removal instructions. UniSales appears to be a variant of BuyNSave that I wrote about previously. If UniSales is installed on your computer, you will see ads labeled Ads by unisales added into Google’s search results, new add-ons called “Unisales” installed into Firefox and Internet Explorer, pop-up windows labeled “Ads by unisales” and overlay ads, also tagged “Ads by unisales”.

unisales firefox ads by unisales google ads by unisales overlay ad Ads by unisales pop-up ad

I’ll show how to remove UniSales in this blog post with the FreeFixer removal tool.

UniSales is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers. Here’s how it appeared in the installer:

Unisales installer

Generally, you can avoid bundled software such as UniSales by being careful when installing software and declining the bundled offers in the installer.

When I stumble upon some new bundled software I always upload it to VirusTotal to verify if the anti-virus programs there detect something interesting. 29% of the anti-virus scanners detected the file. ESET-NOD32 names UniSales as a variant of Win32/AdWare.MultiPlug.BN, F-Secure calls it Gen:Variant.Adware.Graftor.153998, McAfee detects it as Artemis!7E61FEF6948F and McAfee-GW-Edition names it BehavesLike.Win32.Adware.hm.

unisales virustotal

I’m sure you’d like to remove UniSales, and that’s pretty straightforward with FreeFixer. Select the UniSales files, as shown in the screenshots below, click Fix, and restart your machine and the problem should be gone.

unisales remove internet explorer unisales remove firefox

Hope this helped you remove the UniSales Adware.

I stumbled upon UniSales while testing out some downloads that are known to bundled lots of unwanted software. Any idea how you got UniSales on your computer? Please let me and the readers know by posting a comments. Thanks a bunch!

Thank you for reading.

How To Remove GamesDesktop

Hello readers. Hope you are doing ok. Today I wanted to talk about something called GamesDesktop and thought I should give you some removal instructions. If GamesDesktop is installed and running on your machine, you will find some new files running in the Windows Task Manager. I’ll show how to remove GamesDesktop in this blog post with the FreeFixer removal tool.

GamesDesktop process

So, how did GamesDesktop install on your machine? It was probably bundled with some download that you installed recently. Bundling means that software is included in other software’s installers. When I first found GamesDesktop, it was bundled with a download called FastPlayerPro. Here’s one example how it appears in the FastPlayerPro installer.

games desktop installer

Generally, you can avoid bundled software such as GamesDesktop by being careful when installing software and declining the bundled offers in the installer.

When I run into some new bundled software I always upload it to VirusTotal to test if the anti-malware software there detect something suspicious. The detection rate is 27/56. Antiy-AVL reports GamesDesktop as Trojan/Win32.TSGeneric, Avast detects it as Win32:Adware-ASG [PUP], AVware reports Tuto4PC (fs), F-Prot calls it W32/S-c61ac5f0!Eldorado, F-Secure calls it Adware.Eorezo.BZ and Symantec calls it WS.Reputation.1.

GamesDesktop virus total

So, how about the removal? All you need to do to remove GamesDesktop is to check the GamesDesktop files in the scan result and click the Fix button. You might have to reboot your computer to complete the removal. Here’s a few screenshots that should help you along the way:

GamesDesktop startup removal GamesDesktop process removal

Hope that helped you with the removal.

Do you also have GamesDesktop on your computer? Any idea how it was installed? Please share by posting a comment. Thanks!

Thanks for reading. Welcome back!

Remove ane.couphit.com Pop-Up Ads

Sound familiar? You see pop-up ads from ane.couphit.com while browsing websites that usually don’t advertise in pop-up windows. The pop-ups manage to circumvent the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Perhaps the ane.couphit.com pop-ups show up when clicking search results from Google? Or does the popups appear even when you’re not browsing?

Here is how the ane.couphit.com ad looked like on my machine:

ane.couphit.com pop-up

If this description sounds like your experience, you almost certainly have some adware installed on your machine that pops up the ane.couphit.com ads. There’s no use contacting the owners of the site you currently were browsing. The advertisements are not coming from them. I’ll try help you with the ane.couphit.com removal in this blog post.

I found the ane.couphit.com pop-up on one of the lab machines where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show ads, or if some new files have been saved to the hard-drive.

ane.couphit.com was registered on 2014-09-18. ane.couphit.com resolves to 208.43.241.244.

So, how do you remove the ane.couphit.com pop-up ads? On the machine where I got the ane.couphit.com ads I had TinyWallet, BrowserWarden and BlockAndSurf installed. I removed them with FreeFixer and that stopped the ane.couphit.com pop-ups and all the other ads I was getting in Firefox.

BlockAndSurf was the adware that caused the pop-ups in my case.

It seems as ane.couphit.com is getting quite a lot of traffic, based on Alexa’s traffic rank:

couphit.com traffic

The issue with this type of pop-up is that it can be initiated by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the ane.couphit.com ads removal:

The first thing I would do to remove the ane.couphit.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows OS you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspect listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started getting the ane.couphit.com pop-ups.

Then you can examine you browser add-ons. Adware often show up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there something that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to identify and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool designed to manually track down and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having issues determining if a file is legit or malware in the FreeFixer scan report, click on the More Info link for the file. That will open up a web page which contains additional details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial showing FreeFixer in action removing the ane.couphit.com pop-up ads:

Are you a Mac or Linux user and get the ane.couphit.com pop-ups? What did you do to stop the pop-up in your browser? Please share in the comments below. Thank you!

Did you find any adware on your machine? Did that stop the ane.couphit.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Remove ain.couptwo.com Pop-Up Ads

Does this sound like your story? You see pop-up ads from ain.couptwo.com while browsing websites that typically don’t advertise in pop-up windows. The pop ups manage to escape the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Maybe the ain.couptwo.com pop-ups show up when clicking search results from Google? Or does the pop-ups appear even when you’re not browsing?

Here’s how the ain.couptwo.com pop-up looked like when I got it on my system:

ain.couptwo.com pop-up

Does this sound like your system, you probably have some adware installed on your computer that pops up the ain.couptwo.com ads. So there’s no idea contacting the owner of the site you were browsing. The advertisements are not coming from them. I’ll do my best to help you with the ain.couptwo.com removal in this blog post.

Those that have been reading this blog already know this, but for new visitors: Not long ago I dedicated some of my lab machines and wilfully installed a few adware programs on them. Since then I have been tracking the behaviour on these systems to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads and installs additional unwanted software on the computers. I first noticed the ain.couptwo.com pop-up on one of these lab machines.

ain.couptwo.com resolves to 208.43.241.247. ain.couptwo.com was created on 2014-09-18.

So, how do you remove the ain.couptwo.com pop-up ads? On the machine where I got the ain.couptwo.com ads I had TinyWallet, BrowserWarden and BlockAndSurf installed. I removed them with FreeFixer and that stopped the ain.couptwo.com pop-ups and all the other ads I was getting in Firefox.

BlockAndSurf was the adware that caused the pop-ups in my case.

The problem with this type of pop up is that it can be popped up by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the ain.couptwo.com ads removal:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. You can also review the add-ons you installed in your browsers. Same thing here, do you see anything that you don’t remember installing?
  3. If that didn’t solve the problem, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your system at lots of locations where unwanted software is known to hook into your computer. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Here you can see FreeFixer in action removing the adware that caused the ain.couptwo.com pop-up ads:

Are you a Mac or Linux user and get the ain.couptwo.com popups? What did you do to stop the pop-up in your browser? Please share in the comments below. Thank you very much!

Did you find any adware on your machine? Did that stop the ain.couptwo.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Update 2014-12-18: I’ve been documenting this type of pop-ups. I’m calling them “Coup Pop-Ups“, since they often use “Coup” in the domain name. For example, couptwo.com and coupthree.com. But what about one, four, five, six, etc? I think the following domains are registered by the same company, and that we might see them in pop-ups in the future:

  • CoupFive.com
  • CoupSix.com