“Flash Video Downloader is required to download online video”

misleading advertising

Are you getting a message saying

“Flash Video Downloader is required to download online video”

while browsing the web?Flash Video Downloader is required to download online video

Well, this is another misleading advert, hosted at hdpluginnow.com. If you download the “Flash Video Downloader” you will get a file called FlashPlayer__6741_i1387048386_il2537.exe digitally signed Shetef Solutions & Consulting. Now all of a sudden it’s not a downloader, but a “Flash Player” 🙂 That file is detected by many of the anti-virus programs, so don’t run it.

Did you also see this error message? Did it also appear on hdpluginnow.com?

Shetef Solutions & Consulting (1998) Ltd. – 25% Detection Rate

digital signature, ,

Good evening! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. Right now I found a new file called FlashPlayer__6741_i1387048386_il2537.exe, digitally signed by Shetef Solutions & Consulting (1998) Ltd..

Shetef Solutions Consulting 1998 Ltd Publisher

You can also look at the Shetef Solutions & Consulting (1998) Ltd. certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Shetef Solutions & Consulting (1998) Ltd. is located in Rannana, Israel. The certificate appears to relatively new. Its validity began on the 13th of October.

Shetef Solutions certificate, Rannana, Israel

The issue here is that if FlashPlayer__6741_i1387048386_il2537.exe really was an installer file for Flash Player, it should have been digitally signed by Adobe System Incorporated and not by some unknown company. This looks suspicious.

The VirusTotal report shows that the Shetef Solutions & Consulting (1998) Ltd. file should be avoided, since FlashPlayer__6741_i1387048386_il2537.exe is detected as Adware.Downware.8876 by DrWeb, Gen:Variant.Graftor.161610 by F-Secure and PUP.Optional.Amonetize by Malwarebytes.

Shetef Solutions & Consulting (1998) Ltd. virustotal report

Since the download was detected I decided to give it a try to see what it installed. During my test I could see Wajam, Salus – Net Protector and My Start Search install on my lab machine.

Did you also find a file digitally signed by Shetef Solutions & Consulting (1998) Ltd.? What kind of download was it and where did you find it?

Thanks for reading.

How To Remove enh.guzzlepraxiscommune.com Pop-Up Ads

adware, freefixer, pop-ups

Getting pop-ups from enh.guzzlepraxiscommune.com? If those pop-ups also sneak through the built-in pop-up blockers in Chrome, Firefox and Internet Explorer, you most likely have some adware installed on your machine. I’ll give some advice on how to remove the enh.guzzlepraxiscommune.com pop-up in this blog post.enh.guzzlepraxiscommune.com pop-up

The enh.guzzlepraxiscommune.com removal is pretty straightforward, I uninstalled the adware that was installed on my machine with help from the FreeFixer removal tool. The adware were BlockAndSurf, Browser Warden and Tiny Wallet. In my case, BlockAndSurf was responsible for the pop-ups. Please keep in mind, that the enh.guzzlepraxiscommune.com pop-ups can be launched by other variants of adware. I think Safer-Surf and CheckMeUp, SpeedCheck and Salus can also be responsible for the pop-ups.

Tip: If you are having problems to determine whether a file or setting in FreeFixer’s scan result is good or bad, please have a look at the information shown on the More Info page, which appears when clicking on the More Info link as shown in the screenshot below. It will show a VirusTotal scan which can be useful when trying to determine whether to keep or remove the file.

FreeFixer More Info opening up the info page for Skype_setup.exe
The More Info links in FreeFixer opens up a VirusTotal report. Click for full size.

Hope that stopped the enh.guzzlepraxiscommune.com pop-ups on your machine.

What adware did you uninstall on your machine to get rid of the enh.guzzlepraxiscommune.com ads? Thank you very much for sharing and helping other users in the same situation.

Thank you for reading and welcome back! I’m going to follow up this one with more info later today or tomorrow.

Update 2014-10-30: Below is the full URL for the pop-up when I spotted it in Chrome. It mentions the datropy.com domain (wkj.datropy.com), it also sends the name of the adware to the server, in this case SaferSurf. The URL also contains www.google.se, which was the web site I was visiting when the pop-up appeared. The URL also contains WhiteLabelBidRequestHandlerServlet, indicating that something in the back-end is written in Java.

http://enh.guzzlepraxiscommune.com/sd/dw32.html?u=http%3A%2F%2Fwkj.datropy.com%2FWhiteLabelBidRequestHandlerServlet%3Foid%3D1%26width%3D1%26height%3D100%26pubid%3D9050%26tagid%3D5771%26noaop%3D1%26revmod%3DCRD%26cb%3Dcybabw%26encoded%3D1%26cirf%3Dhttps%3A%2F%2Fwww.google.se%2F%26pstn%3D90505771&p=SaferSurf&a=&c=9050-5771&b=chrome&bv=37&t1=1414676170615&tt=1414676170615&r=www.google.se&ua=0&n=convertmedia&sn=&mpa=0&mp=0

Based on the traffic I’m getting to this blog post it appears that there’s a large number of users having problems with the enh.guzzlepraxiscommune.com pop-ups. The Alexa traffic rank today shows that the enh.guzzlepraxiscommune.com site has reached a global rank of 26153 in just a few days.guzzlepraxiscommune.com traffic rank

Remove “Powered by HQ-Video-Pro-2.1cV26.10” Ads in Google Search results

adware, freefixer

Hello readers. Welcome to the blog. Did something called HQ-Video-Pro-2.1cV26.10 appear on your computer? HQ-Video-Pro-2.1cV26.10 seems to be a variant of CrossRider that I’ve talked about previously. If the HQ-Video-Pro-2.1cV26.10 Adware is installed on your computer, you will find ads labeled powered by HQ-Video-Pro-2.1cV26.10 in Google’s search results. I’ll show how to remove HQ-Video-Pro-2.1cV26.10 in this blog post with the FreeFixer removal tool.

powered by hq-video-pro-2.1

Here’s HQ-Video-Pro-2.1cV26.10 in Firefox’ add-on menu:

hq-video-pro-2.1v26 in mozilla firefox

HQ-Video-Pro-2.1cV26.10 is bundled with other software. Bundled means that it is included in another software’s installer.

You can remove HQ-Video-Pro-2.1cV26.10 with the FreeFixer removal tool. Just select the HQ-Video-Pro-2.1cV26.10 files as shown in the screen dumps below. You may have to restart your computer to complete the removal.

How to remove the hq-video-pro-2.1v26.10 tasks Removal of HQ-video-pro-2.1cv26 from Firefox How to remove hq video pro 2.1 in Internet Explorer

Hope this helped you solved the HQ-Video-Pro-2.1cV26.10 problem.

I stumbled upon HQ-Video-Pro-2.1cV26.10 while testing out some downloads that are known to bundled lots of unwanted software. Any idea how HQ-Video-Pro-2.1cV26.10 was installed on your machine? Please share by posting a comment. Thank you!

Thank you for reading.

“Disable developer mode extensions” Pop-Up in Chrome caused by malware.

adware, freefixer

Are you getting a pop-up from Google Chrome saying:

“Disable developer mode extensions. Extensions running in developer mode can harm your computer. If you’re not a developer, you should disable these extensions running in developer mode to stay safe.”

Disable developer mode extensions chrome

 

As the pop-up says, if you are a developer and working on an extension in developer mode, it’s fine.

If you are not a developer, this pop-up is an indication that you have some unwanted software on your machine that you need to remove. In my case, Chrome alerted me due to an extension called PriceLess which often is classified as adware. I think you should disable the extensions, and then get your hands dirty  tracking down the unwanted software running on your machine. If you are lucky, it’s just the Chrome extension, but most likely you will see other changes and new files on your machine that you will need to remove. If you are comfortable with using a tool used to manually track down unwanted software, you can try the FreeFixer removal tool. It’s freeware.

Hope this blog post pointed you in the right direction.

What unwanted software did you find on your machine?

Thanks for reading.

 

Errors found on this webpage! Please update your browser. Download Updates Now

adware, misleading advertising

Getting a message saying

“Errors found on this webpage! Please update your browser. Download Updates Now”

on the Google search page when starting your browser?

Errors found on this webpage! Please update your browser. Download Updates NowIf you get this error message, don’t click it. Since the alert is inserted into the Google start page, it may appear the message is comes from the Google, but Google has nothing to do with it. In my case, the alert message was inserted by some adware that was installed on my machine.

I got this error message when using Mozilla Firefox, but I assume you will also see the same type of message when browsing with Google Chrome or Internet Explorer. The error message will probably also appear on other search engines such as Bing and Yahoo.

To remove these misleading messages you need to scan your computer for unwanted software. If you are comfortable using manual removal tools you can use FreeFixer to assist you when tracking down and removing the unwanted software that injects these messages. What adware did you find on your machine?

Thanks for reading.

 

 

What is Super Optimizer and How To Remove It

Uncategorized

Hello, just a quick post on a program called Super Optimizer. If Super Optimizer appeared unexpectedly on your machine, it may have been bundled with some other program that you installed recently. Here’s how Super Optimizer was disclosed in two installers when I found it:super optimizer Super Optimizer installer

 

Here’s how Super Optimizer’s user interface looks like:Super Optimizer User Interface

If you’d like to remove Super Optimizer, you can do so from the Windows Control Panel.

Super Optimizer uninstall

Thanks for reading.

“WARNING! Current version of Adobe Flash Player is outdated! Your computer is vulnerable to malware. Update your Adobe Flash Player now.”

misleading advertising, pop-ups

WARNING! Current version of Adobe Flash Player is outdated! Your computer is vulnerable to malware. Update your Adobe Flash Player now.

Are you getting warning messages saying:

“WARNING! Current version of Adobe Flash Player is outdated! Your computer is vulnerable to malware. Update your Adobe Flash Player now.”

If that is the case, you might have some potentially unwanted software on your machine, typically adware. I got lots of these “Adobe Flash Player is Outdated” messages while I was testing a download on my lab machine, a download that I new bundled lots of software. I was using Mozilla Firefox, but I think these warning can appear if you are browsing with Google Chrome or Microsoft Internet Explorer as well.

And obviously, these “Flash Player is outdated” messages are just fake. When clicking on the OK button, you will get a download that is detected by many of the anti-virus programs. If you want to download or update the Flash Player. Go to the official Adobe site. Trust nothing else for Flash downloads.

http://get.adobe.com/flashplayer/

The “Current version of Adobe Flash Player is outdated” warning messages appears to be hosted on a web site called update-for-pc-1024.com. Did you also see the warning message on this site?

update-for-pc-1024.com screenshot

So, if you’d like to get rid of these warning messages, and you have some adware on your machine like me, you need to gets your hands dirty. I had lots of them. Salus, MyBestOffers, WordProser, PriceHorse, etc, etc. Some of them could be uninstalled from the Windows Control Panel, but there remained some processes running. To deal with those, I’d recommend a scan with the freeware tool FreeFixer that I’m developing.

Thank you for reading. Hope this helped you with the removal.

 

OOO “Finans Servis” – 9% Detection Rate: InstallCore/CryptInno

digital signature,

Just wanted to give you the heads up on files digitally signed by OOO “Finans Servis”.

OOO Finans Servis publisher

The OOO “Finans Servis” certificate shows that the publisher is located in Moscow in Russia.

OOO Finans certificate

The problem here is that the OOO Finans Servis was promoted as an update for Adobe’s Flash Player. If adobe_flash_setup.exe really was a setup file for Adobe Flash Player, it should be digitally signed by Adobe Systems Incorporated and not by some unknown company located in Moscow.

9% of the anti-malware scanners detected the file. PUP.Optional.InstallCore and BehavesLike.Win32.CryptInno.bc were two of the detection names. I think we will see the other anti-virus programs add this one to the detection list soon.

OOO Finans Servis virustotal

Since you probably came here after finding a file that was digitally signed by OOO Finans Servis, please share what kind of download it was and if it was detected by the anti-malwares at VirusTotal.

Thanks for reading.

Remove oceancorn.biz Survey Pop-Up Ads

pop-ups, survey

Are you getting redirected to or pop-ups from a survey site named oceancorn.biz? If these pop-ups are sneaking though your browser’s built-in pop-up blocker, you probably have some adware installed on your machine. I got the pop-ups in Firefox, but they can appear in Chrome and Internet Explorer too. Here’s how the pop-up looked like. The full domain name was jfpzz.exclusiverewards.oceancorn.biz:

oceancorn.biz survey pop-up

I would recommend reviewing your computer with FreeFixer to track down the software that pops up these surveys. I had SmartOnes, Supporer 1.80, SaferSurf, ProtectedBrowsing and MaxiGet Software Manager installed. After removing those, the pop-ups from oceancorn.biz stopped.

Thanks for reading.