Category Archives: adware

Remove BrickStrengthener – BrickStrengthener.exe Uninstall Guide

Hello readers. Welcome to the blog. Today I wanted to talk about an adware/trojan called BrickStrengthener and thought I should give you some removal instructions. If the BrickStrengthener adware is running on your machine, you will see BrickStrengthener.exe running in the Task Manager and a new scheduled task called “BrickStrengthener” added on the computer. I’ll show how to remove BrickStrengthener in this blog post with the FreeFixer removal tool.

BrickStrengthener.exe task manager

BrickStrengthener.exe is located in C:\ProgramData\Trusted Publisher\BrickStrengthener\.

BrickStrengthener is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers.

As always when I stumble upon some new bundled software I uploaded it to VirusTotal to check if the anti-virus software there detect anything suspicious. 30% of the scanners detected the file. The BrickStrengthener files are detected as TR/Crypt.ZPACK.73153 by Avira, Trojan.GenericKD.1867152 by F-Secure, Artemis!DEBA33DB1675 by McAfee and BehavesLike.Win32.FakeAlert.bc by McAfee-GW-Edition.

Since you probably want to remove BrickStrengthener, these are the items you should check for removal if you want to remove it with FreeFixer. A reboot of your machine may be required to complete the removal. Problem solved.

BrickStrengthener.exe task BrickStrengthener.exe removeHope this helped you remove the BrickStrengthener adware.

I stumbled upon BrickStrengthener while testing out some downloads that are known to bundled lots of unwanted software. Any idea how BrickStrengthener was installed on your system? Please share by posting a comment. Thank you very much!

Hope you found this useful. Thanks for reading.

How To Stop sweepappliance.biz Pop-Up Surveys – Adware Removal Guide

Did you just get a pop-up survey from sweepappliance.biz and ask yourself where it came from? Did the sweepappliance.biz survey appear to have been launched from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows?

sweepappliance.biz

If you see this survey, you probably have some adware installed on your machine that pop up the sweepappliance.biz ads. I’ll try help you with the sweepappliance.biz removal in this blog post.

wxdzz.promorewards.sweepappliance.biz resolves to the 96.126.122.65 IP and sweepappliance.biz resolves to 184.73.247.179.

For those that are new to the blog: A little while back I dedicated a few of my lab systems and deliberately installed a few adware programs on them. I have been monitoring the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself, or if it downloads and installs additional unwanted software on the machines. I first spotted the sweepappliance.biz pop-up survey on one of these lab computers.

So, how do you remove the sweepappliance.biz pop-up pop-up ads? On the machine where I got the sweepappliance.biz ads I had SmartOnes and CheckMeUp installed. I removed them with FreeFixer and that stopped the sweepappliance.biz pop-ups and all the other ads I was getting in Firefox.

Judging from Alexa’s traffic rank, sweepappliance.biz is getting some traffic:

sweepappliance.biz traffic rank

The issue with this type of pop-up is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the sweepappliance.biz ads removal:

The first thing I would do to remove the sweepappliance.biz pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspect listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started observing the sweepappliance.biz pop-ups.

I think you will be able to track down and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. It’s a tool designed to manually identify and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to purchase the program just when you are about to remove the unwanted files.

And if you’re having troubles figuring out if a file is clean or adware in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains more information about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Are you a Mac or Linux user and get the sweepappliance.biz popups? What did you do to stop the pop-up in your browser? Please share in the comments below. Thanks!

What adware did you remove from your machine?

Did this blog post help you to remove the sweepappliance.biz pop-up ads?  Please let me know or how I can improve this blog post.

Thank you!

Remove BuyNSave and BrickProvider Adware

Just wanted to write a short blog post before going back to coding. I just found another bundled adware called BuyNSave / BrickProvider and give you some removal instructions. If you got BuyNSave / BrickProvider on your computer, you will see BrickProvider.exe running in the Task Manager, an add-on named BuyNSave added into Internet Explorer and Mozilla Firefox and a new scheduled task called BrickProvider. Chrome dodged the adware. I’ll show how to remove BuyNSave / BrickProvider in this blog post with the FreeFixer removal tool.

Here’s BrickProvider.exe in the Task Manager:

BrickProvider.exe task manager

BuyNSave add-on in Firefox:

BuyNsave firefox

And BuyNSave in Internet Explorer:

BuyNSave internet Explorer

BuyNSave / BrickProvider is bundled in other software’s installers. Here’s how it was disclosed in the installer where I found it:

BuyNSave bundled

 

YouTubeAdBlocke was also included in the installer.

As always when I find some new bundled software I uploaded it to VirusTotal to test if the anti-malwares there find something. The detection rate is 11/55. Malwarebytes classifies BuyNSave / BrickProvider as PUP.Optional.MultiPlug, McAfee-GW-Edition calls it BehavesLike.Win32.PWSYunsip.bm and Qihoo-360 calls it HEUR/QVM30.1.Malware.Gen.

BuyNsave virustotal

If you’d like to remove BuyNSave / BrickProvider you can do so with the FreeFixer removal tool. Just check the BuyNSave / BrickProvider files as the screenshots below shows. You may have to reboot your computer to complete the removal.

BuyNSave internet explorer remove BrickProvider.exe remove task BrickProvider.exe remove BuyNsave remove firefox

Hope that helped you with the removal.

I stumbled upon BuyNSave / BrickProvider while testing out some downloads that are known to bundled lots of unwanted software. Any idea how BuyNSave / BrickProvider was installed on your system? Please share by posting a comment. Thank you!

Hope you found this useful and thanks you for reading.

Update 2014-11-21: Found some variants that don’t use the BrickProvider name. Instead they are called:

BrickProlongerSoftwareProlongerSoftwareProlonger.exe shows up in the Task Manager. The file is located in c:\programdata\trusted publisher\softwareprolonger.

 

 

Remove TornPlusTV Adware – TornPlusTV_version1.11 Removal Guide

Hi there. Today I wanted to talk about an adware named  TornPlusTV or TornPlusTV_version1.11 and thought I should give you some removal instructions. TornPlusTV_version1.11 appears to be a variant of CrossRider that I’ve blogged about before.

If TornPlusTV is installed on your system, you will find new the TornPlusTV add-ons installed in Firefox and Internet Explorer, TornPlusTV_version1.11-bg.exe running in the Windows Task Manager and many new scheduled tasks installed. The Chrome browser seems to stay unaffected. I’ll show how to remove TornPlusTV_version1.11 in this blog post with the FreeFixer removal tool.

Here’s the TornPlusTV add-on in Internet Explorer:TornPlusTV Internet Explorer

And the TornPlusTV_version1.11 add-on in Firefox:TornPlusTV_version1.11 firefox

You might also spot the TornPlusTV_version1.11-bg.exe in the Task Manager:TornPlusTV_version1.11-bg.exe Task Manager

When I mess around with some new software I always upload it to VirusTotal to verify if the anti-malware progams there find something. Of the 55 scanners, 15 detected the file. The TornPlusTV_version1.11 files are detected as DLOADER.Trojan by DrWeb, W32/A-ee826839!Eldorado by F-Prot, Gen:Application.Heur.Ky9@ky9OVaii by F-Secure and Crossrider (fs) by VIPRE.TornPlusTV virustotal

The files are digitally signed by Arod Group (BrightCircle Investments Limited): The certificated is quite new, it’s valid from the 17th of November 2014.Arod Group - BrightCircle Investments Limited

I’m sure you’d like to remove TornPlusTV_version1.11, and that’s pretty easy with FreeFixer. Select the TornPlusTV_version1.11 items, as shown in the screenshots below, click Fix, and reboot your machine and the problem should be gone.

The TornTVPlus process:TornTVPlus process remove

And the DLL loaded into Internet Explorer:TornPlusTV version 1.11 remove

The scheduled tasks for TornPlusTV:TornPlusTV tasks remove

And last, the add-ons in Internet Explorer and Firefox:TornPlusTV Internet Explorer remove TornPlusTV firefox remove

Hope this helped you solved the TornPlusTV_version1.11 problem.

Do you also have TornPlusTV_version1.11 on your machine? Any idea how it installed? Please share your story the comments below. Thank you!

Thanks for reading!

Update 2014-11-26: Now the files are signed by Aussie Labs (BrightCircle Investments Limited):

Aussie Labs

 

Update 2014-12-04: Now the files are signed by “BadFinger Project (BrightCircle Investments Limited)”.

Update 2014-12-19: Files now signed by Armageddon Labs (BrightCircle Investments Limited).

Update 2015-01-15: The files are now digitally signed by Berta Dress Apps (Bright Circle Investments Ltd).

Update 2015-01-20: Now they are signed by Selecao Technologies (Bright Circle Investments Ltd).

Remove ash.coupbat.com Pop-Ups Ads

Does this sound like your story? You see pop-up ads from ash.coupbat.com while browsing sites that generally don’t advertise in pop-up windows. The pop-ups manage to circumvent the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Perhaps the ash.coupbat.com pop-ups appear when clicking search results from Google? Or does the pop-ups appear even when you’re not browsing?

Here’s how the ash.coupbat.com pop-up looked like when I got it on my computer:

ash.coupbat.com ad

 

(Sorry for the ridiculous use of watermarking. If I don’t add them my screenshots always show up at some copy-cat blogs.)

If this description sounds like what you are seeing, you almost certainly have some adware installed on your machine that pop up the ash.coupbat.com ads. So don’t send angry emails to the site you were browsing, the ads are presumably not coming from them, but from the adware on your machine. I’ll try help you to remove the ash.coupbat.com in this blog post.

If you have been spending some time on this blog already know this, but if you are new: Recently I dedicated a few of my lab machines and purposely installed a few adware programs on them. I’ve been monitoring the actions on these systems to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself, or if it installs additional unwanted software on the systems. I first noticed the ash.coupbat.com pop-up on one of these lab machines.

So, how do you remove the ash.coupbat.com pop-up ads? On the machine where I got the ash.coupbat.com ads I had TinyWallet, BrowserWarden and BlockAndSurf installed. I removed them with FreeFixer and that stopped the ash.coupbat.com pop-ups and all the other ads I was getting in Firefox.

BlockAndSurf was the adware that caused the pop-ups in my case. I could see this since it was kind enough to label the pop-up ad with “Ads by BlockAndSurf“:

Ads by BlockAndSurf pop-up

What label did your pop-up ad have? Please share in the comments area.

The issue with this type of pop-up is that it can be launched by many variants of adware. I think that adware such as NewPlayer, CheckMeUp, Salus and SaferSurf can also be responsible for the ash.coupbat.com popups. And there are probably other variants too. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the ash.coupbat.com ads removal:

The first thing I would do to remove the ash.coupbat.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something strange-looking in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started observing the ash.coupbat.com pop-ups.

The next thing to check would be your browser’s add-ons. Adware often appear under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there something that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to identify and remove the adware with the two steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. It’s a tool designed to manually identify and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked like many other removal tools out there. It won’t ask pay a fee just when you are about to remove the unwanted files.

And if you’re having difficulties determining if a file is clean or unsafe in the FreeFixer scan report, click on the More Info link for the file. That will open up your web browser with a page which contains more details about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Are you a Mac or Linux user and get the ash.coupbat.com pop-ups? What did you do to stop the pop-up in your browser? Please share in the comments below. Thanks!

Did this blog post help you to remove the ash.coupbat.com pop-ups ads? Please let me know or how I can improve this blog post.

Thank you!

CloudScout and CloudGuard.exe Removal Instructions

Just wanted to put up a short blog post before calling it a day. The post is about an adware called CloudGuard or CloudScout. If the CloudGuard adware is running on your system, you will see CloudGuard.exe in the Windows Task Manager, a new service called CloudScout starting the CloudGuard.exe process and name servers changed to 31.168.224.100 and 5.135.12.56. The software appears as CloudScout Parental Control in the Add/Remove programs dialog.

I’ll show how to remove CloudGuard in this blog post with the FreeFixer removal tool.

cloudguard.exe task manager

 

I’ve upload CloudGuard.exe to VirusTotal, but it was not detected by any of the scanners there. They probably will in the future.

CloudGuard is distributed by a strategy called bundling. Bundling means that a piece of software is included in other software’s installers. When I first found CloudGuard, it was bundled with a software download called FastPlayerPro. Here’s a screenshot from the cloudguard.me web site which shows the software is adware:

cloudguard adware

Generally, you can avoid bundled software such as CloudScout / CloudGuard by being careful when installing software and declining the bundled offers in the installer.

I’m sure you’d like to remove CloudScout, and that’s straightforward with FreeFixer. Select the CloudGuard files and settings, as shown in the screen dumps below, click Fix, and reboot your computer and the problem should be gone.

Check the CloudScout/CloudGuard.exe service for removal:cloudscout service remove

and the CloudGuard.exe process:cloudguard.exe remove

And restore your name server:

31.168.224.100 5.135.12.56 name servers

Hope that helped you with the removal.

Any idea how you got CloudGuard on your machine? Please share in the comments below. Thanks!

Hope you found this useful. Thanks for reading.

Update 2014-11-19: Now the DNS is changed to 31.168.224.106 and 5.135.12.52.

31.168.224.106 5.135.12.52 DNS

Remove Browser Guard – Uninstall Guide

Hello guys and gals. Did you just notice something called Browser Guard on your computer? If Browser Guard is installed on your computer, you will spot new add-ons installed in Mozilla Firefox and Internet Explorer called “Browser Guard 1.0” and “Browser Guard BHO” as shown in the screenshots below. Chrome seems to be unaffected by the adware 🙂 I’ll show how to remove Browser Guard in this blog post with the FreeFixer removal tool.

Here’s the add-on in Firefox:

Browser Guard 1.0 in Firefox

And here’s the Browser Guard add-on in Internet Explorer. The publisher says “Gratifying Apps“.

Browser Guard BHO by Gratifying Apps in Internet Explorer

BrowserGuard is bundled in other software’s installers. When I first found Browser Guard, it was bundled with an annoying piece of software called FastPlayerPro. It bundles a ton of unwanted programs. Generally, you can avoid bundled software such as Browser Guard by being careful when installing software and declining the bundled offers in the installer.

When I run into some new bundled software I always upload it to VirusTotal to check if the anti-viruses there find something. Of the 54 scanners, only 6 detected the file. Agnitum detects Browser Guard as PUA.SmartApps!, Antiy-AVL calls it GrayWare[AdWare:not-a-virus]/Win32.Agent and ESET-NOD32 detects it as a variant of Win32/AdWare.SmartApps.H.

browser guard virustotal

Since you probably want to remove Browser Guard, these are the files you should check for removal if you want to remove it with FreeFixer. You may have to reboot your computer to complete the removal.

BrowserGuard Internet Explorer remove browser guard remove

Hope that helped you with the removal.

Do you also have Browser Guard on your system? Any idea how it was installed? Please share in the comments below. Thank you!

Hope you found this useful. Thanks for reading.

Remove tikotin.com from Chrome

Are having problems that tikotin.com appears as the start page in Google Chrome when you start it from the desktop icon?

Here’s how tikotin.com showed up in my Chrome browser:

tikotin.com start page chromeYou can easily remove tikotin.com from Chrome with FreeFixer. Just select the following item in the scan result:

Remove tikotin.com from Chrome

If you are having the same problem, but in Internet Explorer or Mozilla Firefox, FreeFixer can fix that problem as well.

Thanks for reading. Any idea how you got tikotin.com on your machine?

 

WindowsMangerProtect / WindowsProtect – Removal Instructions

Just another short post before going back to coding. Today I wanted to talk about a bundled program called WindowsMangerProtect / WindowsProtect and thought I should give you some removal instructions. If you got WindowsMangerProtect / WindowsProtect installed on your machine, you will find ProtectWindowsManager.exe running in the Windows Task Manager and an entry in the Uninstall Programs list named WindowsMangerProtect20.0.0.1270 by WindowsProtect LIMITED. You will also see a new Windows Service installed on your machine.

I’ll show how to remove WindowsMangerProtect / WindowsProtect in this blog post with the FreeFixer removal tool.

ProtectWindowsManager.exe task manager

WindowsMangerProtect / WindowsProtect is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers. Often, you can avoid bundled software such as WindowsMangerProtect / WindowsProtect by being careful when installing software and declining the bundled offers in the installer.

As always when I stumble upon some new bundled software I uploaded it to VirusTotal to see if the anti-virus scanners there detect anything interesting. Only 5% of the scanners detected the file. Baidu-International detects WindowsMangerProtect / WindowsProtect as Adware.Win32.Elex.sig, Malwarebytes classifies it as PUP.Optional.WPM.A and McAfee-GW-Edition reports BehavesLike.Win32.DunDun.gh. It this the other anti-virus scanner will catch up in a few days.

WindowsProtectManager virustotal

So, how about the WindowsMangerProtect / WindowsProtect removal? All you need to do to remove WindowsMangerProtect / WindowsProtect is to check the WindowsMangerProtect / WindowsProtect file, that is ProtectWindowsManager.exe, in the scan result and click the Fix button. You might have to reboot your computer to complete the removal. Here’s a few screenshots that should help you along the way:

ProtectWindowsManager.exe remove WindowsMangerProtect service remove

Hope this helped you solved the WindowsMangerProtect / WindowsProtect problem.

I stumbled upon WindowsMangerProtect / WindowsProtect while testing out some downloads that are known to bundled lots of unwanted software. Any idea how WindowsMangerProtect / WindowsProtect was installed on your system? Please share your story the comments below. Thank you!

Hope you found this useful and thanks you for reading.