Hi there! Just a quick Sunday post on a file named flashplayerpro_Setup.exe signed by Liquidbuild that I found while reviewing some files submitted to the FreeFixer database of files. The problem is that flashplayerpro_Setup.exe is not an official Flash Player download. If it was, it should be digitally signed by Adobe Systems Incorporated.
When I uploaded the Liquidbuild file to VirusTotal, it came up with a 28% detection rate. The file is detected as Adware/iBryte.bxow by Avira, Gen:Variant.Kazy.466717 by BitDefender, Gen:Variant.Kazy.466717 by F-Secure and Optimum Installer (fs) by VIPRE. It’s probably better to stay away from this file.
Hello guys and gals. I just found another bundled adware named videosMediaPlayersversion2.1 and videosMediaPlayersv2.2 and thought I should give you some removal instructions. videosMediaPlayersversion2.1 and videosMediaPlayersv2.2 seems to be a variant of CrossRider that I wrote about previously. If the videosMediaPlayersversion2.1 and videosMediaPlayerv2.2 adware is running on your machine, you will find new add-ons called videosMediaPlayers installed in Firefox and Internet Explorer. I’ll show how to remove videosMediaPlayersversion2.1 and videosMediaPlayersv2.2 in this blog post with the FreeFixer removal tool in case the removal from the Control Panel fails.
videosMediaPlayersversion2.1 and videosMediaPlayerv2.2 is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers. I found these two programs bundled with a download called FastPlayer.
Following the standard procedure when I test some new bundled software I uploaded it to VirusTotal to check if the anti-virus progams there find anything suspicious. 13% of the scanners detected the file. Kaspersky names videosMediaPlayersversion2.1 and videosMediaPlayervs2.2 as Trojan.NSIS.GoogUpdate.dp, Malwarebytes reports PUP.Optional.VideosMediaPlayer.A and VIPRE detects it as Crossrider (fs). The file was digitally signed by Railroad Party Apps.
According to the certificate, Railroad Party Apps is located in the city of Nicosia on Cyprus.
Removing videosMediaPlayersversion2.1 and videosMediaPlayerv2.2 is pretty easy with FreeFixer. Here’s a few screen dumps from the removal that should help you. All files are located under the “videosMediaPlayers..” folder. You may have to restart your machine to complete the removal.
Hope that helped you to figure out how to do the removal.
Did you also find videosMediaPlayersversion2.1 and videosMediaPlayerv2.2 on your system? Any idea how it installed? Please share your story the comments below. Thanks!
Hope you found this useful and thanks you for reading.
Hello there. Today I wanted to talk about an adware called PriceFountain and give you some removal instructions. This seems to be a variant of PennyBee that I’ve previously written about. If PriceFountain is running on your computer, you will see ads labeled brought by PriceFountain while browsing the web and pricefountain.exe and pricefountainw.exe running in the Windows Task Manager. You will also see PriceFountain in your browser’s add-on menu. I’ll show how to remove PriceFountain in this blog post with the FreeFixer removal tool.
PriceFountain is bundled with other software. Bundled means that it is included in another software’s installer.
As usual when I test some new bundled software I uploaded it to VirusTotal to test if the anti-virus scanners there detect anything interesting. 19 of the antivirus scanners detected the file. AegisLab reports PriceFountain as Troj.NSIS.GoogUpdate, Avira detects it as Adware/DealPly.1257472, F-Secure calls it Gen:Variant.Graftor.162003, Fortinet names it Riskware/DealPly and McAfee reports Artemis!AD168966F8B7.
You probably came here looking for removal instructions for PriceFountain and you can do so with the FreeFixer removal tool. Just select the PriceFountain files as shown in the screen-caps below. A restart of your machine might be required to complete the removal.
Hope that helped you to figure out how to do the removal.
I stumbled upon PriceFountain while testing out some downloads that are known to bundled lots of unwanted software. Any idea how PriceFountain was installed on your computer? Please share your story the comments below. Thank you very much!
Hello readers. Hope you are having a great Halloween. I just found another bundled adware called SitesKing and wanted give you some removal instructions. This seems to be a variant of Website Counselor that I’ve previously blogged about. If the SitesKing adware is running on your computer, you’ll find a new add-on called SiteKing 3.7 in Mozilla Firefox’ add-on menu. I’ll show how to remove SitesKing in this blog post with the FreeFixer removal tool.
SitesKing is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found SitesKing, it was bundled with the Softsonic Downloader. This is how SitesKing was disclosed in Softsonic Downloader’s installer when I found it. Yes, that is correct, Website Counselor was disclosed, but SitesKing was installed.
Generally, you can avoid bundled software such as SitesKing by being careful when installing software and declining the bundled offers in the installer.
Since you probably want to remove SitesKing, this is the files you should check for removal if you want to remove it with FreeFixer. You may have to reboot your computer to complete the removal. Did that help you solve the problem? Hope this helped you solved the SitesKing problem.
Did you also find SitesKing on your machine? Any idea how it installed? Please share in the comments below. Thanks!
Did you just get a pop-up survey from consumers-response.org while browsing in GoogleChrome, Mozilla Firefox or Internet Explorer? Did the survey from consumers-response.org pop up while browsing a web site that normally does not have any pop-ups? If so, you probably have some software installed on your machine that shows the pop-ups rather than that they are coming from the web site you currently visit. I’ll give you some advice on how remove the consumers-response.org surveys in this blog post.
If you’ve been reading the FreeFixer blog during the last week you already know that I’ve installed a bunch of adware on my labs machine, and that I’m monitoring the advertising that these adwares display to the user. I noticed the consumers-response.org pop-up on one of the lab machines where I had installed the BlockAndSurf and SmartOnes adware. So that’s a good starting point if you’d like to remove the consumers-response.org surveys.
However, I’d like to point out that the consumers-response.org surveys are probably launched by other variants of adware, in addition to the ones I mentioned above, which makes it difficult to point out exactly what needs to be remove to stop the consumers-response.org pop-ups. More on the consumers-response.org removal later on.
Generally, this type of surveys often tries to make it appear as if they are official surveys from the web site you were currently browsing, typically by showing the domain name of the site you were browsing. Sometimes they also claim that your feedback will improve the site that you were currently visiting and that you will get some type of reward when completing the survey. As you can see in the screenshot the above, the survey claims to be from freefixer.com, which of course is fake. I own the freefixer.com web site and I do not show surveys like this. If you can read Swedish you can also see that the consumers-response.org survey promises you will get an “exclusive gift from freefixer.com”, which is a lie.
If you are wondering if you are the only one getting the consumers-response.org surveys. The answer is NO. Just check out the traffic report from Alexa. This web site is getting a ton of traffic. There are probably tens of thousands of users that see some content from consumers-response.org every day. I wish I had that traffic rank on freefixer.com 😉
So the consumers-response.org removal? Personally I would start to check the Add/Remove programs dialog in the Windows Control Panel to see if anything suspicious appears there and remove it. Do you see stuff that you don’t remember installing? In particular, if you sort on the “Installed on” date, do you see something that was installed about the same time as you first spotted the consumers-response.org surveys?
I would also check the add-ons installed into Chrome, Firefox, Internet Explorer or whatever browser you are using. Do you see anything suspicious? Is there something listed that you don’t remember installing?
If that did not solve the problem, you can try FreeFixer, a tool that I’ve been working on for quite some time now. FreeFixer is a tool designed to help users manually identify and remove unwanted software, such as the adware that’s running on your machine. Basically it scans the processes running on your machine, browser add-ons, startups, scheduled tasks, recently modified files, and lots of other locations. FreeFixer is freeware and its removal feature is not crippled liked many other cleaners out there. If FreeFixer solved your problem, I’d appreciate it a lot if you let your friends know about the tool.
Tip: If you are having difficulties to figure out whether a file or setting in FreeFixer’s scan result is legitimate or if it should be removed, please check out the information shown on the More Info page. It will show a VirusTotal report which can be quite useful when trying to determine whether to keep or remove a file.
The More Info links opens up a VirusTotal report. Click for full size.
Hope you found this useful and that it helped you with the consumers-response.org removal.
What adware did you remove to stop the consumers-response.org pop-ups on your computer? Please share by posting a comment below. That will help other users in the same situation. Thank you very much!
Hello readers. Another day, another blog post. I just found another bundled adware named Box Rock this morning and wanted to give you some removal instructions. This seems to be a variant of CrossRider that I’ve previously written about. If the Box Rock adware is running on your computer, you will find floating ads labeled Powered by Box Rock, ads labeled Box Rock Ads in Google’s search results and a new add-on added in Internet Explorer and Mozilla Firefox called Box Rock. Chrome seems to have remained clean. I’ll show how to remove Box Rock in this blog post with the FreeFixer removal tool.
Here’s BoxRock in Mozilla Firefox’ add-on menu:
Box Rock is distributed by a strategy called bundling. Bundling means that a piece of software is included in other software’s installers. When I first found Box Rock, it was bundled with GoForFiles. Here’s one example how it appears in the GoForFiles installer.
Generally, you can avoid bundled software such as Box Rock by being careful when installing software and declining the bundled offers in the installer.
When I stumble upon some new bundled software I always upload it to VirusTotal to test if the anti-malware scanners there find something. 7 of the anti-virus scanners detected the file. The Box Rock files are detected as BrowseFox.F by AVG, Trojan.BPlug.144 by DrWeb and PUP.Optional.BoxRock.A by Malwarebytes.
If you would like to remove Box Rock you can do so with the freeware FreeFixer tool. Select the Box Rock files for removal in FreeFixer, click Fix, reboot your system and the problem will be gone. Here’s a few screenshots to point you in the right direction:
Hope that helped you to figure out how to do the removal.
Any idea how BoxRock was installed on your computer? Please share your story the comments below. Thanks a bunch!
Hello! Just a note on a publisher called Verti Technology Group, Inc.. The Verti Technology Group, Inc. download that I found yesterday – MediaPlayerClassic_RocketFuelInstaller.exe – was detected when I uploaded it to VirusTotal. Did you also find a download by Verti Technology Group, Inc.? Was it also detected when you uploaded it to VirusTotal?
You can see who the signer is when double-clicking on an executable file. Verti Technology Group, Inc. appears in the publisher field in the dialog that pops up. To view more information about the certificate you can right-click on the file, then choose Properties and then select the Digital Signatures tab. According to the certificate we can see that Verti Technology Group, Inc. is located in BelleVue, USA and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.
Adware.Downware.8721, Riskware/Verti, PUP.Optional.Rocketfuel, Artemis and Rocketfuel Installer (fs) are some detection names according to VirusTotal:
Did you also find a file digitally signed by Verti Technology Group, Inc.? What kind of download was it and where did you find it?
Hello there and welcome to the FreeFixer blog. Did something named Support TW 1.1 appear on your machine? If Support TW 1.1 is installed and running on your machine, you’ll see it listed in the Add/Remove programs dialog. I’ll show how to remove Support TW 1.1 in this blog post with the FreeFixer removal tool in case the Add/Remove programs uninstall fails.
Support TW 1.1 is bundled in other software’s installers. When I found Support TW 1.1 this morning, it was bundled with a download promoted at The Pirate Bay.
Since you probably want to remove Support TW 1.1, these are the items you should check for removal if you want to remove it with FreeFixer. A restart of your machine might be required to complete the removal.
Hope this helped you remove the Support TW 1.1.
Did you also get Support TW 1.1 from a Pirate Bay download? Please share in the comments below. Thanks!
And, if you also see something called TinyWallet, remove that one as well 😉
Found another variant of HQ-Video-Pro. This one is called HQ-Video-Pro-2.1cv27.10. If you got it on your machine, you will see ads labeled Powered by HQ-Video-Pro-2.1cv27.10 in your Google search results. The removal procedure is the same as an older version.
Here’s how HQ-Video-Pro-2.1cv27.10 appears in Firefox:
