Category Archives: adware

Remove aim.couphomegame.com Pop-Up Ads

adware, pop-ups

If there’s pop-ups from aim.couphomegame.com appearing on your machine, that managed to sneak through the built-in pop-up blockers in your browser and that appears on web sites that normally does not have any pop-ups, you probably have some adware installed on your computer.

aim.couphomegame.com pop-up

As you can see above, I got the aim.couphomegame.com pop-up while browsing in Mozilla Firefox, but the pop-ups can appear if you are using other browsers, such as Google Chrome or Microsoft’s Internet Explorer.

If you’ve been visiting this blog the for the last month you probably know that I’ve been building a little lab with machines, where I’ve deliberately installed some software that shows advertisements. This type of software is often called adware and most people think is unwanted and wants to uninstall it right away. I totally agree with that. On the lab machine where I found the aim.couphomegame.com pop-ups ads, I had installed BlockAndSurf and TinyWallet. I removed these with FreeFixer and the problem was solved. If you got any of these on your machine, that’s a pretty good start: Removing those may solve the aim.couphomegame.com problem.

The problem is that the aim.couphomegame.com can be caused by other variants of adware too. So, unfortunately I cannot say exactly what should be removed. Here’s my suggested removal procedure:

  1. Review the programs you have installed on your machine in the “Remove programs” list in the Windows Control Panel. Do you see anything there that you don’t remember installing or that appeared about the same time as you first noticed then aim.couphomegame.com pop-ups? If you find any adware or other types of unwanted software, uninstall it.
  2. Open up the add-ons menu in your browser. Do you see something there that looks suspicious or that you don’t remember installing. If you find some unwanted software, remove it.
  3. If that still did not help, you can give FreeFixer a shot. It’s a freeware tool designed to help users track down and remove unwanted software on your Windows machine. FreeFixer’s removal feature is not crippled like many other removal tools out there and will not require you to pay just when you are about to remove the unwanted files or settings that you found. I’m the developer of this free tool and If it helped you solve the aim.couphomegame.com problem, please help me spread the word and let your friends now about it.

If you are having difficulties to determine if a files is safe or malware in FreeFixer’s scan result, please check out what’s behind the More Info links. You can find lots of useful info there that will help you, among other things a scan report from VirusTotal that can be very useful when tracking down the adware.

freefixer-more-info-skype_setup
Demonstrating the More Info links and the VirusTotal report. Click for full size.

Well, hope that helped you remove the aim.couphomegame.com ads. What adware did you uninstall to stop the pop-ups? Please share by posting a comment below.

By they way, if you like this blog or the FreeFixer program, please follow me on Twitter, YouTube, Facebook or Google+.

Thanks for reading!

wkj.datropy.com Web Forgery Says Mozilla

adware

If you’ve been following this blog for the last week, you know that I’ve been posting about pop-ups such as enh.guzzlepraxiscommune.com and aal.coupmatch.com. The good news is that Mozilla Firefox is now blocking wkj.datropy.com as a Web Forgery.

wkj.datropy.com web forgery says mozilla when loading the awl.coupmatch.com pop-up

If you get pop-ups like this one, you most likely have some adware on your machine. Check out the two links above for more info on how to track down and remove the adware.

Happy adware hunting! Please let me know which adware you had to remove to stop these pop-ups.

Update: Safari on my Mac is now reporting wkj.datropy.com as suspected phishing site.

wkj.datropy.com -warning suspected phishing site

Thanks for reading!

Remove aal.coupmatch.com Pop-Up Ads

adware, freefixer, pop-ups

Just wanted to let you know about the aal.coupmatch.com pop-ups. If you see these ads on your machine, you most likely have some adware on your machine that launch these pop-ups.

aal.coupmatch.com pop-up

I’m in a hurry, so please bare with this short post. Here’s my suggested removal for the aal.coupmatch.com pop-ups ads.

1.  Examine the programs installed on your machine in the Add/Remove programs dialog in the Windows Control Panel. Uninstall if you find some adware.

2. Go through the add-ons installed in your browser. If you find some adware, remove it.

3. If that did not help, you can use FreeFixer to manually track down the adware files that opened the aal.coupmatch.com pop-up. Tip: Use the More Info links to open up a VirusTotal report for a particular file in the scan result.

freefixer-more-info-blockandsurf
The More Info links. Click for full size

Did you find some adware on your machine? Please post the name of the adware in the comments below to help other users with the aal.coupmatch.com popup problem.

On my machine, the adware responsible for the aal.coupmatch.com pop-up was called Safer-Surf.

Thank you for reading!

Ads By new_player – Removal Instructions

adware, freefixer

Hello readers. This will be a short post on some ads labeled “Ads By new_player“. The four images in the ads are labeled “Buzzwok“.

Ads By new_player

I found these ads after installing a download that I new bundled lots of adware. After uninstalling everything that came bundled with the download, except an adware called Host Secure, the “Ads By new_player” still remained. So that’s the one responsible for the ads. You can find more info on how to remove HostSecure here.

Did that help you with the removal?

Remove HostSecure – HostSecurePlugin and HostSecure.exe Uninstall Guide

adware, freefixer,

Hello there and welcome to the FreeFixer blog. I just found another bundled adware called HostSecure or HostSecurePlugin and give you some removal instructions. If HostSecure is installed and running on your system, you will see HostSecure.exe running in the Windows Task Manager and an add-on called HostSecurePlugin added into Mozilla Firefox and Internet Explorer. I’ll show how to remove Host Secure in this blog post with the FreeFixer removal tool.

HostSecure.exe task manager

Here’s how the add-on shows up in Firefox:

HostSecurePlugin firefox 5.31.6

HostSecure is bundled in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.

HostSecure installer

Generally, you can avoid bundled software such as HostSecurePlugin by being careful when installing software and declining the bundled offers in the installer.

As always when I stumble upon some new bundled software I uploaded it to VirusTotal to see if the anti-malware software there detect something interesting. 7 of the 54 anti-malware scanners detected the file. The HostSecurePlugin files are detected as Win-PUP/SoftPulse by AhnLab-V3, WS.Reputation.1 by Symantec and DomaIQ (fs) by VIPRE. Here’s the scan result for HostSecure.exe:

HostSecurePlugin virustotal

The file is digitally signed by Plugin Update SL.

Removing HostSecure is pretty straightforward with FreeFixer. Just select the Host Secure Plugin files for removal and then click the Fix button and the problem will be solved.

HostSecurePlugin startup remove HostSecurePlugin firefox remove HostSecure startup remove Host Secure Internet Explorer remove

Hope that helped you with the removal.

Do you also have HostSecure on your computer? Any idea how it was installed? Please share your story the comments below. Thanks a bunch!

Thank you for reading.

How To Remove AppEnable Ads

adware, freefixer

Hello guys and gals. Did something called AppEnable appear on your system? AppEnable appears to be a variant of CrossRider that I blogged about previously. If AppEnable is installed and running on your computer, you will spot a toolbar with YouTube, Twitter, eBay and Flickr links. I’ll show how to remove AppEnable in this blog post with the FreeFixer removal tool.

AppEnable google search

Here’s how AppEnable appears in Firefox and Internet Explorer:

AppEnable 1.0.1 firefox AppEnable Internet Explorer

Here’s a screenshot from the the AppEnable EULA. It clearly shows that AppEnable is adware:

AppEnable eula

AppEnable is bundled in other software’s installers. When I first found AppEnable, it was bundled with a “Skype” download that was digitally signed by Astro Delivery.

AppEnable skype astro delivery

When I play around with some new bundled software I always upload it to VirusTotal to check if the anti-virus progams there find anything suspicious. Of the 51 scanners, 9 detected the file. AVG reports AppEnable as BrowseFox.F, F-Prot detects it as W32/A-0909c198!Eldorado and NANO-Antivirus classifies it as Trojan.Win32.BPlug.ddwtte.

AppEnable virustotal

Removing AppEnable is a piece of cake with FreeFixer. Just check the AppEnable files for removal and then click the Fix button and the problem will be solved.

AppEnable firefox remove AppEnable remove Internet Explorer

Hope this helped you solved the AppEnable problem.

Did you also find AppEnable on your machine? Any idea how it was installed? Please share by posting a comment. Thanks a bunch!

Thank you for reading and welcome back.

How To Remove TornTV

adware, freefixer,

Did you just find something called TornTV on your machine? So did I. TornTV is added into Internet Explorer and Mozilla Firefox. You can remove it from the Add/Remove programs dialog from the Windows Control Panel or by checking the TornTV files for removal in FreeFixer.

TornTV has been around for some time but I noticed that it is being signed by a different certificated now. One of the files, TornTV.exe is digitally signed by VASSANA KONGSOONGNERN, which appears to be an individual developer in Phuket, Thailand.

VASSANA KONGSOONGNERN

The Browser Helper Object, which is loaded into Internet Explorer, is signed by Kess Pess Games which according to the certificate is a company located in Nicosia, Cyprus.

pess kess games

Remove mwl.petuniasaucecockup.com Pop-Up Ads

adware, freefixer, pop-ups

Did a pop-up ad from mwl.petuniasaucecockup.com just appear while you were browsing, perhaps when clicking on a search result in one of the major search engines, such as Google, Bing or Yahoo? Did the built-in pop-up stoppers in Chrome, Firefox or Internet Explorer fail to block the mwl.petuniasaucecockup.com popup? If so, you most likely have some adware installed on your machine that pop up these ads. I’ll show how to remove the mwl.petuniasaucecockup.com pop-ups in this blog post.

mwl.petuniasaucecockup.com pop-up

If you have been reading this blog post during the autumn you know that I’ve been playing around with some of the most common adware variants by installing them on a few of my lab machines and monitoring their behaviours. That’s where I found the mwl.petuniasaucecockup.com pop-up. On the machine where I found the pop-up I had installed the BlockAndSurf adware, so if you also have it on your computer, uninstall it and the mwl.petuniasaucecockup.com problems should be gone. As usual I tested to remove mwl.petuniasaucecockup.com with FreeFixer which worked without any hiccups. I always do that to make sure FreeFixer successfully removes the adware.

The problem with the mwl.petuniasaucecockup.com pop-ups is they can be caused by other adware variants, which makes it impossible to say exactly what should be removed on your computer to stop the popups.

To remove the mwl.petuniasaucecockup.com pop-ups I’d start looking in the “Uninstall Programs” dialog which can be found in the Windows Control Panel. Do you see something that you don’t remember installing? Do you see something that was installed about the same time as the mwl.petuniasaucecockup.com ads started to pop up? Tip: Sort on the “Installed On” column. You might need to do a few Google searches on the program names you find.

If that did not help, I would look in the add-ons menu in the browser to see if something suspicious is found. Do you also see something that you don’t remember installing?

If that still did not help you can try FreeFixer, which is a tool that I’ve developed for some time now. It’s a freeware tool that will help you identify and remove unwanted software from your computer. Basically, it scans lots of locations on your machine, such browser add-ons, drivers, processes, search settings, etc. Then it removes safe items by using a whitelist, to reduce the number of items in the scan result. Sometimes it can be difficult to determine if an item FreeFixer has found is safe or malware, but the “More Info” links can most likely help you there. The More Info links in the scan result will, as the screenshot shows, open up a web page, which contains a VirusTotal report for the file you just clicked. That should probably help you sort the goodies from the baddies.

freefixer-more-info-blockandsurf

Hope this helped you remove the mwl.petuniasaucecockup.com pop-ups ads. What adware did you remove to stop the mwl.petuniasaucecockup.com ads? Please share in the comment.

Remove HQ-Video-Pro-2.1cV02.11 Ads

adware, freefixer, , , , ,

Hello readers. Hope you are doing ok. Did you just spot something called HQ-Video-Pro-2.1cV02.11 on your system? HQ-Video-Pro-2.1cV02.11 appears to be a variant of CrossRider that I’ve written about before. If the HQ-Video-Pro-2.1cV02.11 adware is installed on your machine, you will notice ads labeled Visual Search Results and Powered by HQ-Video-Pro-2.1cV02.11 in Google’s search results. I’ll show how to remove HQ-Video-Pro-2.1cV02.11 in this blog post with the FreeFixer removal tool.

powered by HQ-Video-Pro-2.1cV02.11

Here it is in Firefox’ add-on menu:

HQ-Video-Pro-2.1cV02.11 firefox add-on

HQ-Video-Pro-2.1cV02.11 is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers. When I first found HQ-Video-Pro-2.1cV02.11, it was bundled with a piece of software called FastPlayer.

Generally, you can avoid bundled software such as HQ-Video-Pro-2.1cV02.11 by being careful when installing software and declining the bundled offers in the installer.

When I find some new bundled software I always upload it to VirusTotal to verify if the anti-malware software there detect anything suspicious. The detection rate is 7/54. Some of the detection names for HQ-Video-Pro-2.1cV02.11 are Trojan.NSIS.GoogUpdate.dt, PUP.Optional.HQVideo.A and Crossrider (fs). The files are signed by “Radon Battery Technologies“.

hq-video-pro-virustotal

Removing HQ-Video-Pro-2.1cV02.11 is pretty easy with FreeFixer. The screen capture that should help you along the way: You might have to restart your machine to complete the removal. HQ-Video-Pro-2.1cV02.11 remove

Hope that helped you to figure out how to do the removal.

Any idea how HQ-Video-Pro-2.1cV02.11 was installed on your computer? Please let me and the readers know by posting a comments. Thanks!

Hope you found this useful and thanks you for reading.

Update 2014-11-04: Today another variant was released called HQ-Video-Pro-2.1cV03.11. I guess we will see more variants where just the version number is increased:

  • HQ-Video-Pro-2.1cV04.11 (Yeah, found 5th Nov 2014)
  • HQ-Video-Pro-2.1cV05.11 (Found on the 6th of November)
  • HQ-Video-Pro-2.1cV06.11
  • HQ-Video-Pro-2.1cV07.11 (Found 13th of November)
  • HQ-Video-Pro-2.1cV08.11
  • HQ-Video-Pro-2.1cV09.11
  • HQ-Video-Pro-2.1cV10.11 (Found 13th of November)
  • HQ-Video-Pro-2.1cV11.11
  • HQ-Video-Pro-2.1cV12.11
  • HQ-Video-Pro-2.1cV13.11
  • HQ-Video-Pro-2.1cV14.11 (Found 15th of Nov)
  • HQ-Video-Pro-2.1cV15.11 (Found 16th of Nov)
  • HQ-Video-Pro-2.1cV16.11 (Found 16th Nov)
  • HQ-Video-Pro-2.1cV17.11 (Found 17th Nov)
  • HQ-Video-Pro-2.1cV18.11 (Found 19th Nov)
  • HQ-Video-Pro-2.1cV19.11 (Found 20th Nov)
  • HQ-Video-Pro-2.1cV20.11
  • HQ-Video-Pro-2.1cV21.11
  • HQ-Video-Pro-2.1cV22.11
  • HQ-Video-Pro-2.1cV23.11 (Found 23 Nov)
  • HQ-Video-Pro-2.1cV24.11 (Found 24 Nov)
  • HQ-Video-Pro-2.1cV25.11
  • HQ-Video-Pro-2.1cV26.11
  • HQ-Video-Pro-2.1cV27.11
  • HQ-Video-Pro-2.1cV28.11 (Found 28 Nov)
  • HQ-Video-Pro-2.1cV29.11
  • HQ-Video-Pro-2.1cV30.11

Update 2014-11-13: Now the files are signed by Space Battleship Creative. They seems to be located in Nicosia, Cyprus.

Space Battleship Creative

 

Update 2014-11-19: Now the files are signed by Winston Project:

Winston Project

 

Update 2014-12-02: New naming convention:

  • HQ-Video-Pro-2.1cV01.12
  • HQ-Video-Pro-2.1cV02.12
  • HQ-Video-Pro-2.1cV03.12
  • HQ-Video-Pro-2.1cV04.12
  • HQ-Video-Pro-2.1cV05.12
  • HQ-Video-Pro-2.1cV06.12
  • HQ-Video-Pro-2.1cV07.12
  • HQ-Video-Pro-2.1cV08.12
  • HQ-Video-Pro-2.1cV09.12

    • (Found 9 Dec 2014)

  • HQ-Video-Pro-2.1cV10.12
  • HQ-Video-Pro-2.1cV11.12
  • HQ-Video-Pro-2.1cV12.12
  • HQ-Video-Pro-2.1cV13.12
  • HQ-Video-Pro-2.1cV14.12
  • HQ-Video-Pro-2.1cV15.12
  • HQ-Video-Pro-2.1cV16.12
  • HQ-Video-Pro-2.1cV17.12
  • HQ-Video-Pro-2.1cV18.12
  • HQ-Video-Pro-2.1cV19.12
  • HQ-Video-Pro-2.1cV20.12
  • HQ-Video-Pro-2.1cV21.12
  • HQ-Video-Pro-2.1cV22.12
  • HQ-Video-Pro-2.1cV23.12
  • HQ-Video-Pro-2.1cV24.12
  • HQ-Video-Pro-2.1cV25.12
  • HQ-Video-Pro-2.1cV26.12
  • HQ-Video-Pro-2.1cV27.12

Remove bxh.mulctsamsaracorbel.com Pop-Up Ads

adware, freefixer, pop-ups

Are you getting pop-ups from bxh.mulctsamsaracorbel.com while browsing in Chrome, Firefox or Internet Explorer? Do the pop-ups appear even though the built-in pop-up blocker in your browser is enabled? If that is the case, you probably have some sort of adware installed on your machine. This blog post will hopefully help you remove the bxh.mulctsamsaracorbel.com pop-ups ads.

bxh.mulctsamsaracorbel.com pop-up

If you have been following me here on the blog you know that I’ve installed some adware on purpose on my lab machines and that I’m currently monitoring what kind of advertisements that appears, the domain names of the pop-ups and other actions that the adware performs. The adware I have installed on this lab machines are TinyWallet, Browser Warden and BlockAndSurf. As you you can see in the screenshot below, the bxh.mulctsamsaracorbel.com pop-up is labeled BlockAndSurf, so there we have the adware that was responsible for the pop-up on my machine. So, in my case, the BlockAndSurf removal stopped the bxh.mulctsamsaracorbel.com pop-ups.

bxh.mulctsamsaracorbel.com ads by BlockAndSurf

There’s a problem though. BlockAndSurf is not the only adware that launch the bxh.mulctsamsaracorbel.com pop-ups. If your pop-up also is labeled with the adware name, go ahead and uninstall it, that should solve the problem.

However, the pop-ups are not always nicely labeled like that, so you might have to get your hands dirty to track down the adware that pop up the ads. The Add/Remove programs dialog in the Windows Control Panel and you browser’s add-on menu is a good start to search for suspicious software.

BlockAndSurf is variant of an adware family, often referred to as “AddLyrics” by the anti-virus programs. I think that the pop-ups are opened by some of the other variants too, not just BlockAndSurf. I’ve seen the following labels on the bxh.mulctsamsaracorbel.com pop-up type: Salus, CheckMeUp, Safer-Surf and NewPlayer.

I did a search in FreeFixer’s library of files to dig up a few more AddLyrics variants. It’s possible that one of these could be responsible for the bxh.mulctsamsaracorbel.com ads:

  • TubeSaver
  • SuperLyrics
  • LyricXeeker
  • MarkKit
  • PassShow
  • PassWidget
  • Plus-HD
  • Re-markit
  • ViewPassword
  • Re-Markable
  • Better Mark-it

If that does not help, you can try FreeFixer, a tool that I’m working on that assists users to track down and remove unwanted software. It’s a freeware tool. Tip, if you have difficulties determining if a file in FreeFixer’s scan result is legitimate or malware, click on the More Info links. That will bring up the file information page, which contains useful information about the file, such as a VirusTotal report for the file.

Screenshot showing how FreeFixer's "More Info" links opens up the file information page with a VirusTotal report.
FreeFixer’s More Info links. Click for full size.

Please let me know if you managed to track down what caused the bxh.mulctsamsaracorbel.com pop-ups in your case. What adware did you uninstall from your machine? Your comment will help other users in the same situation.

Thanks for reading, and welcome back to the blog.