Something that always bugged me is some of the content promoted by search engine ads. I’m talking about the ads that appear at the top of the search results. Here’s an example where I search for “download firefox” on the Bing search engine:
The first four items above the fold are ads. Let’s click on the first ad (fir.updatechecker.club).
The fir.updatechecker.club web site shows a faked Windows GUI pretending to be the Firefox Installer (built inside the browser’s viewport) and they want me to pay 50 SEK to install the free Mozilla Firefox browser by sending an SMS! The fact that 50 SEK is charged when sending the SMS appears with a small font in grey in the lower left corner. When refusing to pay 50 SEK I get an setup file, which is detected by many of the security scanners:
The installer appears to be build using InstallCore and shows a sponsored offer to install Avast AntiVirus, which I declined. (Though it would be interesting to see if Avast would go ahead and remove the bundler. As you can see in the scan result above, Avast is detecting the installer file, giving it the detection name “FileRepMalware [PUP]”).
The installer file also installs a piece of software called UpdateChecker:
If you hover the mouse over the links on the Google, Yahoo and Bing search results, does sendapplicationget.com appear in the status area of the browser as shown in the screenshots below? Then you have some adware installed on your machine. I’ll show how to remove the sendapplicationget.com links in this blog post.
I got the sendapplicationget.com in Firefox, but they can appear if you are browsing with Chrome and Internet Explorer too.
I’ve seen s2.sendapplicationget.com, s3.sendapplicationget.com and s4.sendapplicationget.com show up, but I guess you might spot the following too:
I think that the sendapplicationget.com links can appear due to other adwares as well.
If you like you can use FreeFixer to track down the unwanted software on your machine. If you are having difficulties when determining if a file is safe or malware in FreeFixer’s scan result, please try the More Info links that appears for each file. That will open up a web page with some additional information that can be useful, such as a scan report from VirusTotal:
What adware did you remove to stop the sendapplicationget.com links?
It seems as the sendapplicationget.com web site received quite a lot of clicks starting from August. Just check out the traffic rank: