Do you see something called GS-Booster on you machine, or GS-Booster.exe running in the in Task Manager.
No problem, you can remove GS-Booster with FreeFixer. Just select the GS-Booster.exe process and the scheduled task, then click Fix, reboot and the problem should be gone.
Thanks for reading! Any idea how you got this on your machine?
Hi there. Today I wanted to talk about an adware named TornPlusTV or TornPlusTV_version1.11 and thought I should give you some removal instructions. TornPlusTV_version1.11 appears to be a variant of CrossRider that I’ve blogged about before.
If TornPlusTV is installed on your system, you will find new the TornPlusTV add-ons installed in Firefox and Internet Explorer, TornPlusTV_version1.11-bg.exe running in the Windows Task Manager and many new scheduled tasks installed. The Chrome browser seems to stay unaffected. I’ll show how to remove TornPlusTV_version1.11 in this blog post with the FreeFixer removal tool.
Here’s the TornPlusTV add-on in Internet Explorer:
And the TornPlusTV_version1.11 add-on in Firefox:
You might also spot the TornPlusTV_version1.11-bg.exe in the Task Manager:
When I mess around with some new software I always upload it to VirusTotal to verify if the anti-malware progams there find something. Of the 55 scanners, 15 detected the file. The TornPlusTV_version1.11 files are detected as DLOADER.Trojan by DrWeb, W32/A-ee826839!Eldorado by F-Prot, Gen:Application.Heur.Ky9@ky9OVaii by F-Secure and Crossrider (fs) by VIPRE.
The files are digitally signed by Arod Group (BrightCircle Investments Limited): The certificated is quite new, it’s valid from the 17th of November 2014.
I’m sure you’d like to remove TornPlusTV_version1.11, and that’s pretty easy with FreeFixer. Select the TornPlusTV_version1.11 items, as shown in the screenshots below, click Fix, and reboot your machine and the problem should be gone.
The TornTVPlus process:
And the DLL loaded into Internet Explorer:
The scheduled tasks for TornPlusTV:
And last, the add-ons in Internet Explorer and Firefox:
Hope this helped you solved the TornPlusTV_version1.11 problem.
Do you also have TornPlusTV_version1.11 on your machine? Any idea how it installed? Please share your story the comments below. Thank you!
Thanks for reading!
Update 2014-11-26: Now the files are signed by Aussie Labs (BrightCircle Investments Limited):
Update 2014-12-04: Now the files are signed by “BadFinger Project (BrightCircle Investments Limited)”.
Update 2014-12-19: Files now signed by Armageddon Labs (BrightCircle Investments Limited).
Update 2015-01-15: The files are now digitally signed by Berta Dress Apps (Bright Circle Investments Ltd).
Update 2015-01-20: Now they are signed by Selecao Technologies (Bright Circle Investments Ltd).
Just wanted to put up a short blog post before calling it a day. The post is about an adware called CloudGuard or CloudScout. If the CloudGuard adware is running on your system, you will see CloudGuard.exe in the Windows Task Manager, a new service called CloudScout starting the CloudGuard.exe process and name servers changed to 31.168.224.100 and 5.135.12.56. The software appears as CloudScout Parental Control in the Add/Remove programs dialog.
I’ll show how to remove CloudGuard in this blog post with the FreeFixer removal tool.
I’ve upload CloudGuard.exe to VirusTotal, but it was not detected by any of the scanners there. They probably will in the future.
CloudGuard is distributed by a strategy called bundling. Bundling means that a piece of software is included in other software’s installers. When I first found CloudGuard, it was bundled with a software download called FastPlayerPro. Here’s a screenshot from the cloudguard.me web site which shows the software is adware:
Generally, you can avoid bundled software such as CloudScout / CloudGuard by being careful when installing software and declining the bundled offers in the installer.
I’m sure you’d like to remove CloudScout, and that’s straightforward with FreeFixer. Select the CloudGuard files and settings, as shown in the screen dumps below, click Fix, and reboot your computer and the problem should be gone.
Check the CloudScout/CloudGuard.exe service for removal:
and the CloudGuard.exe process:
And restore your name server:
Hope that helped you with the removal.
Any idea how you got CloudGuard on your machine? Please share in the comments below. Thanks!
Hope you found this useful. Thanks for reading.
Update 2014-11-19: Now the DNS is changed to 31.168.224.106 and 5.135.12.52.
Hello guys and gals. Did you just notice something called Browser Guard on your computer? If Browser Guard is installed on your computer, you will spot new add-ons installed in Mozilla Firefox and Internet Explorer called “Browser Guard 1.0” and “Browser Guard BHO” as shown in the screenshots below. Chrome seems to be unaffected by the adware 🙂 I’ll show how to remove Browser Guard in this blog post with the FreeFixer removal tool.
Here’s the add-on in Firefox:
And here’s the Browser Guard add-on in Internet Explorer. The publisher says “Gratifying Apps“.
BrowserGuard is bundled in other software’s installers. When I first found Browser Guard, it was bundled with an annoying piece of software called FastPlayerPro. It bundles a ton of unwanted programs. Generally, you can avoid bundled software such as Browser Guard by being careful when installing software and declining the bundled offers in the installer.
When I run into some new bundled software I always upload it to VirusTotal to check if the anti-viruses there find something. Of the 54 scanners, only 6 detected the file. Agnitum detects Browser Guard as PUA.SmartApps!, Antiy-AVL calls it GrayWare[AdWare:not-a-virus]/Win32.Agent and ESET-NOD32 detects it as a variant of Win32/AdWare.SmartApps.H.
Since you probably want to remove Browser Guard, these are the files you should check for removal if you want to remove it with FreeFixer. You may have to reboot your computer to complete the removal.
Hope that helped you with the removal.
Do you also have Browser Guard on your system? Any idea how it was installed? Please share in the comments below. Thank you!
Hope you found this useful. Thanks for reading.
Are having problems that tikotin.com appears as the start page in Google Chrome when you start it from the desktop icon?
Here’s how tikotin.com showed up in my Chrome browser:
You can easily remove tikotin.com from Chrome with FreeFixer. Just select the following item in the scan result:
If you are having the same problem, but in Internet Explorer or Mozilla Firefox, FreeFixer can fix that problem as well.
Thanks for reading. Any idea how you got tikotin.com on your machine?
Hello hello. Found another startpage modifier named Vosteran right now. If you got Vosteran on your computer, you will see start pages in Chrome, Firefox and Internet Explorer changed to Vosteran.com, lots of Vosteran.exe processes running in the Windows Task Manager which appears to be a custom build of the Chrome browser! You’ll also see add-ons and new search providers installed in Internet Explorer and Mozilla Firefox. I’ll show how to remove Vosteran in this blog post with the FreeFixer removal tool.
Here’s the vosteran.com start page in Firefox:
and the new add-ons called Vosteran 2.3.0 and Vosteran Search 1.0.2:
If you check the Task Manager, you’ll see a bunch of vosteran.exe processes running:
When I uploaded vosteran.exe to VirusTotal none of the anti-virus programs there detected the file.
Vosteran is bundled with other software. Bundled means that it is included in another software’s installer. When I first found Vosteran, it was bundled with a piece of software named unofficial Skype download which was digitally signed by Astro Delivery.
Generally, you can avoid bundled software such as Vosteran by being careful when installing software and declining the bundled offers in the installer.
Since you probably want to remove Vosteran, these are the files you should check for removal if you want to remove it with FreeFixer. You may have to restart your system to complete the removal.
Hope this helped you remove the Vosteran start page modifier and vosteran.exe. If some of the Vosteran.com stuff remains in you browser, you can try the reset feature in your browsers to reset your browser to state that is almost the same as when you installed it for the first time.
Any idea how you got Vosteran on your system? Please share by posting a comment. Thank you very much!
Hope you found this useful and thanks you for reading.
Found another Firefox add-on that was bundled with an unofficial Skype download signed by Astro Delivery. Here’s how the add-on appears in Firefox:
And here is how to remove HelpSiteExpert with FreeFixer:
Thanks for reading!
Just another short post before going back to coding. Today I wanted to talk about a bundled program called WindowsMangerProtect / WindowsProtect and thought I should give you some removal instructions. If you got WindowsMangerProtect / WindowsProtect installed on your machine, you will find ProtectWindowsManager.exe running in the Windows Task Manager and an entry in the Uninstall Programs list named WindowsMangerProtect20.0.0.1270 by WindowsProtect LIMITED. You will also see a new Windows Service installed on your machine.
I’ll show how to remove WindowsMangerProtect / WindowsProtect in this blog post with the FreeFixer removal tool.
WindowsMangerProtect / WindowsProtect is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers. Often, you can avoid bundled software such as WindowsMangerProtect / WindowsProtect by being careful when installing software and declining the bundled offers in the installer.
As always when I stumble upon some new bundled software I uploaded it to VirusTotal to see if the anti-virus scanners there detect anything interesting. Only 5% of the scanners detected the file. Baidu-International detects WindowsMangerProtect / WindowsProtect as Adware.Win32.Elex.sig, Malwarebytes classifies it as PUP.Optional.WPM.A and McAfee-GW-Edition reports BehavesLike.Win32.DunDun.gh. It this the other anti-virus scanner will catch up in a few days.
So, how about the WindowsMangerProtect / WindowsProtect removal? All you need to do to remove WindowsMangerProtect / WindowsProtect is to check the WindowsMangerProtect / WindowsProtect file, that is ProtectWindowsManager.exe, in the scan result and click the Fix button. You might have to reboot your computer to complete the removal. Here’s a few screenshots that should help you along the way:
Hope this helped you solved the WindowsMangerProtect / WindowsProtect problem.
I stumbled upon WindowsMangerProtect / WindowsProtect while testing out some downloads that are known to bundled lots of unwanted software. Any idea how WindowsMangerProtect / WindowsProtect was installed on your system? Please share your story the comments below. Thank you!
Hope you found this useful and thanks you for reading.
Welcome! Found a program called 337 Games this morning. If you got 337 Games on your computer, you will notice a 337 Games icon on the desktop, a 337 Games icon on the task bar and 337Games.exe installed in the Roaming directory on your machine. If 337 Games showed up unexpectedly on your machine, it might have been bundled with another program.
Nothing happened when I double-clicked on the icon.
337 Games is distributed by a strategy called bundling. Bundling means that a piece of software is included in other software’s installers. Generally, you can avoid bundled software such as 337 Games by being careful when installing software and declining the bundled offers in the installer.
When I find some new bundled software I always upload it to VirusTotal to verify if the anti-viruses there find anything. Only one anti-virus scanners detected the file: Baidu-International detects 337 Games as Adware.Win32.Elex.sig.
If you came here looking for removal instructions for 337 Games, you can do so from the Windows Control Panel.
If that did not work, you can uninstall it with the FreeFixer removal tool. Just select the 337 Games file as the screenshots below shows. A restart of your computer might be required to complete the removal.
Hope that helped you with the removal.
Do you also have 337 Games on your machine? Any idea how it installed? Please share your story the comments below. Thanks!
Thanks for reading!
Getting pop-up ads from ami.coupplayoffgame.com? Do the pop-ups bypass Firefox’, Chrome’s and Internet Explorer’s pop-up blockers? Do the ami.coupplayoffgame.com popups appear on sites that normally don’t show any pop-ups? Most likely, you have some adware install and running on your machine. On the computer where I got these pop-ups I had Safer-Surf, SmarterOnes and Support 1.80 installed. I removed these with FreeFixer and the problem was solved.
Here’s how the ami.coupplayoffgame.com pop-up looked like:
Sorry for the silly use of watermarks in the screenshot, but if I don’t that the screenshot always show up at some copy-cat blogs 🙂
In my case, the adware responsible for the ami.coupplayoffgame.com pop-ups was SaferSurf, since the pop-up was labeled with the adware name. What name appeared in your pop-up?
So, how do you remove the ami.coupplayoffgame.com pop-ups? I would do it like this:
Did you find this blog post useful. Please let me know by posting a comment.
Thanks for reading!