Just a short post on this. If you’ve found the BrickBooster trojan / adware on your machine, you should remove it. Either using FreeFixer or from the Add/Remove programs dialog.
The BrickBooster.exe process:
Here’s how to remove BrickBooster from the Windows Control Panel:
Thanks for reading.
Hello readers. Welcome to the blog. Today I wanted to talk about an adware/trojan called BrickStrengthener and thought I should give you some removal instructions. If the BrickStrengthener adware is running on your machine, you will see BrickStrengthener.exe running in the Task Manager and a new scheduled task called “BrickStrengthener” added on the computer. I’ll show how to remove BrickStrengthener in this blog post with the FreeFixer removal tool.
BrickStrengthener.exe is located in C:\ProgramData\Trusted Publisher\BrickStrengthener\.
BrickStrengthener is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers.
As always when I stumble upon some new bundled software I uploaded it to VirusTotal to check if the anti-virus software there detect anything suspicious. 30% of the scanners detected the file. The BrickStrengthener files are detected as TR/Crypt.ZPACK.73153 by Avira, Trojan.GenericKD.1867152 by F-Secure, Artemis!DEBA33DB1675 by McAfee and BehavesLike.Win32.FakeAlert.bc by McAfee-GW-Edition.
Since you probably want to remove BrickStrengthener, these are the items you should check for removal if you want to remove it with FreeFixer. A reboot of your machine may be required to complete the removal. Problem solved.
Hope this helped you remove the BrickStrengthener adware.
I stumbled upon BrickStrengthener while testing out some downloads that are known to bundled lots of unwanted software. Any idea how BrickStrengthener was installed on your system? Please share by posting a comment. Thank you very much!
Hope you found this useful. Thanks for reading.
Hello guys and gals. Just a quick post on the RCore trojan. If RCore is installed on your machine, you will see rcore.exe in in the Windows Task Manager and a new service called rcores pointing to rcore.exe. I’ll show how to remove RCore in this blog post with the FreeFixer removal tool.
RCore is distributed by a method called bundling. Bundling means that a piece of software is included in other software’s installers.
When I find some new bundled software I always upload it to VirusTotal to see if the anti-malware scanners there detect anything fishy. The detection rate is 14/52. The RCore files are detected as Trojan.Win32.Generic.pak!cobra by AVware, a variant of Win32/Agent.WGA by ESET-NOD32 and Artemis!0339F1025037 by McAfee.
You can remove RCore with the FreeFixer removal tool. Here’s a few screenshots from the removal that should help you: A restart of your computer may be required to complete the removal.
Hope that helped you with the removal.
Do you also have RCore on your computer? Any idea how it installed? Please let me and the readers know by posting a comments. Thanks!
Thanks for reading. Welcome back!
Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by Boris Burkin. Typically you’d see the Boris Burkin publisher name appear when double-clicking on the file:
You will also see Boris Burkin appear if you check the file’s digital signature.
If you are considering to run the Boris Burkin signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program:
The anti-virus program calls the file Trojan.AntiFW, InstalleRex, Adware.Downware, Win32.InfoLeak, Downloader.AdLoad, etc.
Did you also find a file digitally signed by Boris Burkin? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.
Recently I’ve been browsing around on some torrent sites to see what software downloads that are hiding behind the ads on these sites. One of the names that often shows up in the digital signature field is Sergey Petrov:
You will also see Sergey Petrov listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file:
The Sergey Petrov signed files often use names of known TV-series or movies to trick users into running the file.
The scan result from VirusTotal below clearly shows why you should immediately delete the Sergey Petrov file. It is detected under names such as InstalleRex and Trojan.WebPick. 17 of the 52 anti-virus programs detect the file:
Hope this saved you from some unnecessary malware cleaning. In case you’ve already run one of the Sergey Petrov signed files, you can examine your system with FreeFixer to make sure your computer is clean.
I’m currently looking at what is advertised on some of the torrent sites. Today I found another adware called Search-NewTab that installed into Internet Explorer and Mozilla Firefox:
The software seems to use some semi-random naming. I’ve seen in appear as “Seeaerch-oNeewTAb”, “Seearch-NewTTab”, “Sieaarch-NewTab” and “Search-NewTaBi”. What name did Search-Newtab use on your machine?
Currently, Search-NewTab is detected by many of the anti-virus program under names such as MultiPlug and MultiPlag. Most of the antivirus programs classify it as adware, but some report Search-NewTTab as a trojan, as you can see in the screenshot from VirusTotal below:
So how about the removal? You can easily remove Search-NewTab by checking its files in FreeFixer:
There’s also a Search-NewTab entry in the Add/Remove programs dialog in the Windows Control Panel, but I have not tested it. So no guarantees there.
Hope this helped you with the Search-Newtab removal.
How did you get Search-Newtab on your machine Please share by posting a comment.
Back in July I was first notified about the eGdpSvc.exe file. At that time, only one of the 45 engines at VirusTotal detected the file and I didn’t know how it was distributed or how it ended up and the users’ machines.
Today, I noticed that eGdpSvc.exe is still distributed so I thought I’d make a quick uninstall guide that shows how to delete eGdpSvc.exe with the help of FreeFixer. This video also shows that the “more info” links in FreeFixer can be quite useful to determine if a file is legitimate or malware.
When looking at the “more info” page of eGdpSvc.exe in the video you’ll see that eGdpSvc.exe is currently detected by 14 of the anti-virus scanners at VirusTotal.
Do you click on the more info links while trying to determine if a files is legitimate or malware?