Remove alwaysnewsoft.feelfree4update.com Pop Up Ads

pop-ups,

Did you just get interrupted by a pop-up ad from alwaysnewsoft.feelfree4update.com? You are not alone. I also get the alwaysnewsoft.feelfree4update.com pop-ups while browsing. Do the pop-ups also get round the pop-up blocker in Chrome, Firefox, Internet Explorer or Safari. Then read on…

Here is a screenshot on the alwaysnewsoft.feelfree4update.com pop-up from my computer:

alwaysnewsoft.feelfree4update.com pop up

 

(I’m sorry for the many watermarks. If I don’t add them, the screenshot always show up at some copy-cat blogs.)

If this sounds like what you are seeing on your machine, you presumably have some adware installed on your computer that pops up the alwaysnewsoft.feelfree4update.com ads. Contacting the owner of the website would be a waste of time. They are not responsible for the ads. I’ll do my best to help you remove the alwaysnewsoft.feelfree4update.com pop-up in this blog post.

I found the alwaysnewsoft.feelfree4update.com pop-up on one of the lab machines where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on site that usually don’t show ads, or if some new files have been saved to the hard-drive.

alwaysnewsoft.feelfree4update.com resolves to the 192.96.205.167 address and feelfree4update.com to 162.255.119.251. alwaysnewsoft.feelfree4update.com was registered on 2015-11-12.

So, how do you remove the alwaysnewsoft.feelfree4update.com pop-up ads? On the machine where I got the alwaysnewsoft.feelfree4update.com ads I had PineTree, CPUMiner and GamesDesktop installed. I removed them with FreeFixer and that stopped the alwaysnewsoft.feelfree4update.com pop-ups and all the other ads I was getting in Mozilla Firefox.

If you are wonder if there are many others out there also getting the alwaysnewsoft.feelfree4update.com ads, the answer is probably yes. Check out the traffic rank from Alexa:

feelfree4update.com traffic

The problem with pop-ups like this one is that it can be launched by many variants of adware, not just the adware that’s installed on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what should done to solve the problem? To remove the alwaysnewsoft.feelfree4update.com pop-up ads you need to check your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the alwaysnewsoft.feelfree4update.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows OS you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something dubious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started getting the alwaysnewsoft.feelfree4update.com pop-ups.

Then I would check the browser add-ons. Adware often appear under the add-ons dialog in Firefox, Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to identify and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. It’s a tool built to manually track down and uninstall unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having problems figuring out if a file is clean or adware in FreeFixer’s scan report, click on the More Info link for the file. That will open up your browser with a page which contains more details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any adware on your machine? Did that stop the alwaysnewsoft.feelfree4update.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

[Warning] TIMESTAMP With Implicit DEFAULT Value Is Deprecated – How To Fix It

Uncategorized

Did you just upgrade your MySQL server and got a warning about an implicit TIMESTAMP default value when starting mysqld.exe?

>mysqld.exe
 2015-12-04 13:17:27 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).

If you would like to find the databases, tables and column names that cause the warning message, just run the following query on the information_schema database:

mysql> USE information_schema;
Database changed
mysql> SELECT TABLE_SCHEMA, TABLE_NAME, COLUMN_NAME FROM Columns WHERE DATA_TYPE='datetime' AND IS_NULLABLE='NO' and COLUMN_DEFAULT IS NULL;
+--------------+-------------+-------------+
| TABLE_SCHEMA | TABLE_NAME | COLUMN_NAME |
+--------------+-------------+-------------+
| biggamedb | updatequeue | added |
| ff_testdb | hosts | added |
| ff_testdb | hosts | lastspotted |
| ff_testdb | product | added |
+--------------+-------------+-------------+
4 rows in set (0.11 sec)

Hope that helped you fix the problem. Or did you go with the –explicit_defaults_for_timestamp flag?

consent.google.com – The “Privacy Reminder from Google”

Uncategorized

I was checking out  the network log from a Google search this evening and found a Google.com subdomain that I didn’t see before. It’s consent.google.com.

consent.google.com

Basically, the browser will load content from the consent.google.com subdomain when Google asks for your consent, or when showing the “Privacy Reminder from Google”. This reminder can appear when using Google’s services. The reminder typically appears in a overlay on the service you were using.

You can read more about the reminder here:

https://consent.google.com/privacyreminder/signedout

Remove thearbitragetrader.com Pop Up Ads

Uncategorized,

Did you just get a pop-up from thearbitragetrader.com and ask yourself where it came from? Did the thearbitragetrader.com ad appear to have been popped up from a web site that under normal circumstances don’t use advertising such as pop-up windows? Or did the thearbitragetrader.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?

Here is a screen-cap on the thearbitragetrader.com pop-up from my system:

thearbitragetrader.com pop up

(Sorry for the ridiculous use of watermarks. I have to do it to stop the copy-cats.)

Does this sound like your experience, you most likely have some adware installed on your machine that pops up the thearbitragetrader.com ads. So don’t write angry emails to the website you were browsing, the ads are almost certainly not coming from them, but from the adware on your computer. I’ll do my best to help you remove the thearbitragetrader.com pop-up in this blog post.

Those that have been reading this blog already know this, but here we go: A little while back I dedicated some of my lab computers and deliberately installed some adware programs on them. Since then I have been tracking the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it installs additional unwanted software on the machines. I first observed the thearbitragetrader.com pop-up on one of these lab computers.

www.thearbitragetrader.com resolves to the 198.232.124.192 IP address and thearbitragetrader.com to 54.72.139.26. thearbitragetrader.com was registered on 2014-10-14.

So, how do you remove the thearbitragetrader.com pop-up ads? On the machine where I got the thearbitragetrader.com ads I had Windows Menager, Live Malware Protection, SmartComp Safe Network and gosearch.me installed. I removed them with FreeFixer and that stopped the thearbitragetrader.com pop-ups and all the other ads I was getting in Mozilla Firefox.

If you are wonder if there are many others out there also getting the thearbitragetrader.com ads, the answer is probably yes. Check out the traffic rank from Alexa:

thearbitragetrader.com traffic

The issue with pop-ups such as this one is that it can be popped up by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what should done to solve the problem? To remove the thearbitragetrader.com pop-up ads you need to check your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

  1. Check what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see something that you don’t remember installing or that was recently installed?
  2. You can also examine the add-ons you installed in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Same thing here, do you see something that you don’t remember installing?
  3. If that didn’t help, I’d recommend a scan with FreeFixer to manually track down the adware. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial which shows FreeFixer in action removing adware that caused pop-up ads:

Did you find any adware on your machine? Did that stop the thearbitragetrader.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

93.89.204.67 – That “Free Piano” Spam

Uncategorized

I don’t know how many of these “Free Piano” spam I’ve been getting from 93.89.204.67:

93.89.204.67 Free Piano spam

The spam bot seems to have to problem with my anti-bot question. I guess the question is to easy answer.

Here’s some details for 93.89.204.67, thanks to DomainTools:

Poland Barwice Telewizja Kablowa Kolobrzeg Agencja Uslugowo – Reklamowa Sp. Z O.o.
ASN Poland AS201328 TKK-NET-ASN Telewizja Kablowa Kolobrzeg, Agencja Uslugowo – Reklamowa sp. z o.o. (registered Nov 24, 2014)
Resolve Host host-abn-93-89-204-67.tkk.pl

Are you also getting spammed by 93.89.204.67?

NEW SOFT Inkorporeishn, TOV – 11% Detection Rate – Amonetize

Uncategorized,

Welcome! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called NEW SOFT Inkorporeishn, TOV.

NEW SOFT Inkorporeishn, TOV publisher

You can see who the signer is when double-clicking on an executable file. NEW SOFT Inkorporeishn, TOV appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the NEW SOFT Inkorporeishn, TOV certificate.

NEW SOFT Inkorporeishn, TOV cert

So, why am I writing about the NEW SOFT Inkorporeishn, TOV file? Check out what the anti-malware software report about the file:

NEW SOFT Inkorporeishn TOV anti-virus report

SUPERAntiSpyware reports PUP.Amonetize/Variant, Malwarebytes classifies it as PUP.Optional.Amonetize, Qihoo-360 calls it HEUR/QVM10.1.Malware.Gen and DrWeb reports Download Uc Browser V Handler Zip__15022_i1756037767_il542797.exe as Trojan.Amonetize.11110 are a few of the detection names for Download Uc Browser V Handler Zip__15022_i1756037767_il542797.exe.

Did you also find a NEW SOFT Inkorporeishn, TOV download? What kind of download was it?

Thanks for reading.

SetupFlash (New Media Holdings Ltd.) – 18% Detection Rate

Uncategorized,

Hello readers! Just wanted to let you know about a publisher called SetupFlash (New Media Holdings Ltd.) before going back to writing some code for FreeFixer.

SetupFlash New Media Holdings Ltd publisher

This is how it looks when double-clicking on the file and SetupFlash (New Media Holdings Ltd.) appears as the publisher. To get more details on the publisher, you can view the certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that SetupFlash (New Media Holdings Ltd.) seems to be located in Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.

SetupFlash (New Media Holdings Ltd.) cert

What caught my attention was that the download was called chrome-download.exe. This might look like an official Google Chrome download, but it is not. If it was an official download, it should be signed by Google Inc.. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Chrome Google Inc publisher

If you are considering to run the SetupFlash (New Media Holdings Ltd.) signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program:

SetupFlash New Media Holdings Ltd. report

Ikarus classifies chrome-download.exe as PUA.InstallCore, VIPRE detects it as InstallCore (fs), Malwarebytes detects it as PUP.Optional.InstallCore and Sophos reports Install Core Click run software (PUA).

Did you also find a SetupFlash (New Media Holdings Ltd.) file?

Thank you for reading.

Free-mium GmbH – 9% Detection Rate – Adware.Covus / DownloadGuide

digital signature,

Hello! Just a note on a publisher called Free-mium GmbH. The Free-mium GmbH download – vlc-media-player.exe – was detected when I uploaded it to VirusTotal. Did you also find a download by Free-mium GmbH? Was it also detected when you uploaded it to VirusTotal?

Free-mium GmbH publisher

By looking at the certificate we can see that Free-mium GmbH appears to be located in Berlin, Germany.

Free-mium GmbH cert

The scan result from VirusTotal below clearly shows why you probably should avoid the Free-mium GmbH file. The file is not the official VLC player, but detected under names such as Adware.Covus.6, a variant of Win32/DownloadGuide.D potentially unwanted, PUA.DownloadGuide and PE:Adware.DownloadGuide!1.A1DB [F].

Free-mium GmbH anti-virus report

If you want to download the official VLC player, you can do so from videolan.org.

Did you also find a file digitally signed by Free-mium GmbH? What kind of download was it and where did you find it?

Thank you for reading.

LLC “KIPER – SOFT” – 19% Detection Rate – PUP.Optional.Amonetize

digital signature

Hello! Just a short post on a publisher called LLC “KIPER – SOFT”. I just found a download  that was digitally by this publisher, and it turns out that it is detected by some anti-virus programs.

LLC KIPER - SOFT publisher

If you have a LLC “KIPER – SOFT” file on your computer you may have noticed that LLC “KIPER – SOFT” pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by COMODO RSA Code Signing CA. The company is located in Ukraine.

LLC KIPER - SOFT certificate

The scan result from VirusTotal below clearly shows why you should avoid the LLC “KIPER – SOFT” file. It is detected under names such as Generic.959, W32/Amonetize.AO.gen!Eldorado, PUP.Optional.Amonetize and Trojan.Win32.Amonetize.dytukr.

LLC KIPER SOFT anti-virus report

Did you also find a file digitally signed by LLC “KIPER – SOFT”? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thank you for reading.

Remove rackcdn.com Pop Up Survey Ads

pop-ups

Does this sound like what you are seeing right now? You see pop-up ads from rackcdn.com while browsing websites that generally don’t advertise in pop-up windows. The pop ups manage to get round the built-in pop-up blockers in Firefox, Chrome, Internet Explorer or Safari. Maybe the rackcdn.com pop-ups appear when clicking search results from a Google search? Or does the pop-ups show up even when you’re not browsing?

Here’s how the rackcdn.com pop-up looked like when I got it on my machine:

rackcdn.com pop up survey

(Sorry for the large number of watermarks. If I don’t add them, the screenshot will be used without attribution at some other blogs)

If you also see this on your system, you most likely have some adware installed on your system that pops up the rackcdn.com ads. So there’s no idea contacting the owner of the website you currently were browsing. The ads are not coming from them. I’ll do my best to help you with the rackcdn.com removal in this blog post.

If you have been visiting this blog already know this, but if you are new: Recently I dedicated some of my lab computers and wilfully installed some adware programs on them. I’ve been tracking the actions on these systems to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it installs additional unwanted software on the machines. I first spotted the rackcdn.com pop-up on one of these lab computers.

So, how do you remove the rackcdn.com pop-up ads? On the machine where I got the rackcdn.com ads I had CPUMiner, PineTree and GamesDesktop installed. I removed them with FreeFixer and that stopped the rackcdn.com pop-ups and all the other ads I was getting in Mozilla Firefox.

The issue with pop-ups such as this one is that it can be launched by many variants of adware, not just the adware that’s installed on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the rackcdn.com ads removal:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. How about your add-ons that you have in your browser. Anything in the list that you don’t remember installing?
  3. If that does not help, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your system at lots of locations where unwanted software is known to hook into your machine. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Here you can see FreeFixer in action removing pop-up ads:

Did you find any adware on your machine? Did that stop the rackcdn.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!