Category Archives: Uncategorized

Coupigo Adware Removal Instructions

Uncategorized,

Seems like there’s a lot of new adware variants popping up right now. Found a new one called Coupigo this morning. Coupigo adds itself into Firefox and Internet Explorer. Here’s how it appears in Firefox:

Coupigo Adware in Mozilla Firefox Add-ons Manager

FreeFixer can remove Coupigo with a few clicks. Just select the Coupigo files in the scan result and then hit the Fix button. Problem solved.

Coupigo Adware in Internet Explorer Coupigo Adware listed as a Firefox Extension

The anti-virus programs are clearly aware of the Coupigo adware. Just check out the detection result from VirusTotal. Graftor and MultiPlug seems to be the most common detection names. I’d say 33/53 is pretty good:

Coupigo detections at virus total - Graftor - MultiPlug

How did you get the Coupigo adware on your machine?

GreatSaver Adware Removal Instructions

Uncategorized

Seems like there’s no end to the adware variants out there. Found something called GreatSaver right now. It will install itself as an add-on in the web browser. Here’s GreatSaver in the Firefox add-ons list:

greatsaver 2.7 adware firefox addon

So, how can you remove GreatSaver? Easy peasy with FreeFixer, just select the GreatSaver files for removal. That’s all it takes 🙂

greatsaver adware internet explorer greatsaver adware firefox extension

How did GreatSaver find its way onto your machine? Please let me know by posting a comment.

 

WiseManager’s CfjdkPfhrU.exe is a Bitcoin Miner – Removal Instructions

freefixer, Uncategorized,

I found yet another Bitcoin miner this morning. You might have spotted it because of a new file called WiseManager.exe running at startup or the high CPU usage by CfjdkPfhrU.exe as shown in the screenshot of the Task Manager below:

CfjdkPfhrU.exe CPU Setup Task Manager

The Wise Manager files are located in C:\Users\%USER%\AppData\Roaming\WiseManager\ and C:\Users\%USER%\AppData\Roaming\WiseManager\CGMInerDLLs.

wisemanager cgminerdlls folder

Currently no anti-virus detects the two main files, WiseManager.exe and CfjdkPfhrU.exe when I uploaded them to VirusTotal, but I assume the scanners will start picking them up sooner than later. WiseManager.exe is digitally signed by Moresta Holdings LimitedCfjdkPfhrU.exe is unsigned.

By the way, CfjdkPfhrU.exe sounds like it been given a random file name. Does your computer show another file hogging the CPU?

Removing WiseManger.exe and CfjdkPfhrU.exe is easy with FreeFixer. Just check WiseManager.exe and CfjdkPfhrU.exe for removal and click the Fix button and the problem is solved.

wisemanager.exe startup in the roaming folder wisemanager.exe and cfjdkPfhrU.exe processes

Now you can remove the C:\Users\%USER%\AppData\Roaming\WiseManager\ folder manually in Explorer.

I found the Wise Manager Bitcoin miner while testing a free download. WiseManager was bundled inside the download. How did you get Wise Manager and CfjdkPfhrU.exe on your computer?

PEV.DAT has stopped working – DDS Error – Any workaround?

Uncategorized

One of the tools that I’m using quite often is DDS. It is a used to generate a log file containing the running processes, services, search settings, browser plugins, etc. Basically the same information as the items that appears in the FreeFixer log. From time to time I’m getting an error saying “PEV.DAT has stopped working” when running DDS and I’m wonder if anyone out there know of a work-around, or if there’s a more recent DDS download that solves this bug?

PEV.DAT has stopped working - DDS error message

Clovermedia SL Digital Signature – WARNING!

Uncategorized

Just got home after having an espresso with my friend Jon Kågström and started to check out a bunch of suspicious downloads. One of the downloads was signed by the Clovermedia SL publisher. If you came here wondering if the file is safe or not, I think you should avoid running the Clovermedia file.

Clovermedia SL Publisher

You can also check who signed a file by looking under the file’s properties. The following screenshots shows how the Clovermedia SL certificate appears under the Digital Signature tab.

Clovermedia Digital Signature

There is also additional info available, such as that Clovermedia SL is located on Tenerife.

Clovermedia certificate information

Anyway, the problem with the Clovermedia file is that it bundles lots of potentially unwanted programs, such as MediaPlayer Plus, Freeven, etc. Many of the anti-virus programs are well aware of this, and flags the Clovermedia file with names such as  DomaIQ.

Clovermedia virus total scan

Hope this helped you avoid some adware.

Did you also find a Clovermedia file. Where did you download it?

 

WebGet Adware – Removal Instructions

Uncategorized, , , ,

Yesterday I was reviewing some of the files recently added to the FreeFixer library. Currently there are around 125 000 files added to the database. One of the files that caught my attention was WebGetBho.dll, digitally signed by WebGet, which looked like a new variant of the Altbrowse/BrowseFox adware. The scan result from VirusTotal clearly shows that this is the case:

webget webgetbho.dll

I have not found out how WebGet is distributed. If you have some hints on where I can find the software that bundles WebGet, please let me know since I’d like to test it and see how the WebGet ads looks like. In case you have WebGet on your machine and it displays one of its ads, please take a screenshot and post it comments field below so me and the other readers can have a look at it.

I assume that WebGet works like the other Altbrowse/BrowseFox variants: WebGet adds itself into Internet Explorer and Mozilla Firefox, and show some sort of ads. The ads may be labelled “WebGet”.

To remove WebGet, simply check the WebGet files for removal in the FreeFixer scan result. The WebGet files are usually located in “C:\Program Files\webget\” or “C:\Program Files\webget (x86)\” if you are running 64-bit Windows. These are some of the files that may appear in the scan result:

  • webgetbho.dll
  • updatewebget.exe
  • webget.FFUpdate.dll
  • webget.FirstRun.exe
  • webget.CompatibilityChecker.dll
  • webget.IEUpdate.dll

Hope this helped you figure out what WebGet is and how to remove it.

What Is Site Finder And How To Uninstall It

Uncategorized

Did you find some software called Site Finder on you machine and wondering what is?

The following screenshot should explain what the Site Finder software does. The installer calls itself “App of the Day” and says the following:

“Site Finder is a browser add-on that suggests web sites related to the one that is currently open.”

Site Finder suggests related web sites.

You can remove Site Finder with help from FreeFixer or by the Add/Remove programs dialog.

How did you get SiteFinder on your machine? I found it in the “App of the Day” installer as shown above. I also found it in a Softonic download:

site finder bundled with softonic download

Hope this helped you figure out what SiteFinder is.

SerialTrunc Adware Removal Instructions

adware, Uncategorized

Yesterday I was testing FreeFixer for the v1.09 release and ran into an adware called SerialTrunc. The following screenshot should explain what the software does:

SerialTrunc may show offers, coupons, etc

Basically, it shows ads, coupons, etc.  Here are some of the detections done by the anti-virus programs:

  • Application.Win32.Altbrowse.AK
  • a variant of Win32/BrowseFox.F
  • AdWare.Win32.Agent
  • Adware/Agent.jaw
  • AdWare.Win32.Agent.ahbx
  • Riskware.Win32.Agent.cqvnby

Once installed, you will see an Internet Explorer and a Firefox add-on installed:

SerialTrunc and Feven extension in Firefox

You will also see files such as SerialTruncBho.dll and updateSerialTrunc.exe on your filesystem.

Removal is easy, just check the SerialTrunc files for removal in FreeFixer, or use the Add/Remove programs dialog:

SerialTrunc can be uninstalled from the add/remove programs dialog

Hope that helped you figure out what SerialTrunc is and how to remove it.

And by the way, how did you get SerialTrunc on your machine?

How To Remove HD Streamer

adware, freefixer, Uncategorized

I’m current working on some code for FreeFixer to repair hijacked Internet shortcuts. I’ve installed a few browsers such as Chrome, Mozilla, Safari and Opera on the lab machine, and then l installed a download that I knew messed around with the shortcuts to the browsers. Typically, the Internet shortcuts on the desktop is modified to launch an unwanted web page instead of the web page that the user wants.

While doing this I found a new adware variant called “HD Streamer“. At the moment, only Vipre is picking up ScriptHost.dll, which is the main file of HD Streamer.

HD Streamer Firefox Extension

HDStreamer has an entry in the Add/Remove programs dialog. I haven’t tested it but I suppose it works.HD Streamer in the Add/Remove programs dialog

I did however test that FreeFixer deleted both ScriptHost.dll and the Mozilla Firefox Extension without any problem.

HD Streamer's ScriptHost.dll listed in FreeFixer

Now, back to writing that code.