Remove icf.unbentdilativecutpurse.com Pop-Up Ads

pop-ups, , , ,

Hello folks, just a quick post before dinner. Are you getting pop-up ads from icf.unbentdilativecutpurse.com? I’m sorry to say this, but you may have some adware installed on your machine. Here’s how the pop-up looked like when I was browsing with Mozilla Firefox. The pop-up can probably appear in Chrome and Internet Explorer too.

icf.unbentdilativecutpurse.com pop-up

Anyway, the icf.unbentdilativecutpurse.com removal is pretty straightforward, I scanned the computer with FreeFixer and uninstalled an adware called Salus and the icf.unbentdilativecutpurse.com pop-ups were gone. It’s possible that these pop-up ads can be launched by variants of Salus or by other types of unwanted software on your machine. Did you have to remove something else than Salus? Please share in the comments below.

Hope this helped you remove icf.unbentdilativecutpurse.com.

Thanks for reading.

Now, dinner..

Back again.. I checked the WHOIS database hoping to find some useful stuff about unbentdilativecutpurse.com, but the unbentdilativecutpurse.com domain is protected by WhoisGuard, Inc. company. The domain was created 2014-08-14, and the whois record was updated today.unbentdilativecutpurse.com whois

icf.unbentdilativecutpurse.com resolves to the following IP addresses:

  • 37.58.101.200
  • 37.58.101.203
  • 37.58.101.204
  • 37.58.101.205

Update 2014-10-23: I noticed the same pop-up while testing some other bundled software. One of them is responsible for the pop-up. My guess is Safer-Surf:

Update 2 2014-10-23: I just noticed that some of the pop-up ads were labeled “Ads by BlockAndSurf“. If your pop-up is labeled like this, removing BlockAndSurf will probably solve the problem.

icf.unbentdilativecutpurse.com pop-up ad labeled "Ads by BlockAndSurf"

Update 2014-10-24: Found the same pop-up, but this time labelled “Ads by SpeedCheck“. Uninstalling SpeedCheck may solve the problem.

Ads by SpeedCheck

Update 2014-10-25: Tested to load the BlockAndSurf adware on my lab machine again, and it’s still popping up the icf.unbentdilativecutpurse.com web site. Are you finding a way to stop the icf.unbentdilativecutpurse.com pop-ups? Please share in the comments below.

Update 2 2014-10-25: Found another icf.unbentdilativecutpurse.com pop-up. This time labeled “Ads by salus“. If you have the Salus Adware installed on your machine, uninstall it. That might solve the problem.

Ads by salus - icf.unbentdilativecutpurse.com pop-up

Update 2014-10-27: I’m no longer getting this pop-up, instead it is loaded from enh.guzzlepraxiscommune.com.

a.sendads.net Pop-Up Ads Removal Instructions

pop-ups

Did you suddenly start to get pop-up ads loaded from a.sendads.net? Even from web sites that normally does not have any ads? If so, you might have some adware installed on your machine. I though I should write a short post about it since pop-ups are usually the first sign of some unwanted software running on a users’ computers. Hopefully I can also help you with the removal.

a.sendads.net Pop-Up in Firefox

In my case, I got lots of pop-ups loading from a.sendads.net, which then redirected to some other site. If I remember it correctly, it showed some type of casino ad. The ads appeared while I was using Mozilla Firefox, but they can probably also appear if you are browsing the web with Google Chrome and Microsoft Internet Explorer. The built-in pop-up blockers did not stop the ads.

The sendads.net site seems to be serving quite a lot of ads. Just check out the traffic ranking from Alexa:

a.sendads.com traffic rank

Based on the graph, it appears that traffic has increased from August until now. sendads.net is now ranked at place 1999 in the States.

So, how about the a.sendads.net removal? I removed the a.sendads.net pop-ups by inspecting my machine with the FreeFixer removal tool and removed the adware that was installed on my machine. The adware were Salus and TinyWallet. I’m not sure which one of them that launched the pop-ups. However, please keep in mind that there are a bunch of variants of adware out there. Some of them are probably also popping up ads from sendads.net.

Did you have to remove some additional software to get rid of the pop-ups? Please share with the other readers of this blog by posting a comment.

Thanks for reading! Hope this helped you fix the a.sendads.net pop-up problem.

Remove supermarktquiz.com Survey Pop-Ups

pop-ups, survey

Recently I started to examine the various types of ads that are launched by adware or other types of unwanted software installed on users’ machines. Today I noticed a pop-up “survey” from supermarktquiz.com as you can see in the screenshot below. I think it is important to document these pop-ups and the domains that host them since it is usually the first sign of an adware infection that users see.

supermarktquiz.com pop-up survey

Typically, these pop-ups surveys tries give the impression that they are launched by the web site that the user was currently browsing, often by quoting the domain name. In my case, I was visiting the 4shared site, and suddenly a “4shared survey” popped up. But the pop-up ads were fact launched by the adware running on my machine.

So how can you remove the supermarktquiz.com pop-ups? I removed it by uninstalling the adware that was running on my machine. The adware were TinyWallet, ProtectedBrowsing and BlockAndSurf. I used the freeware tool FreeFixer to remove them.

I think that the  supermarktquiz.com survey pop-ups can be triggered by other variants of adware as well, so keep that in mind when tracking down the unwanted software. Did you have to uninstall something else than the 3 adwares mentioned above? Please post a comment to help other users in the same situation.

supermarktquiz.com resolves to the 209.236.113.247 IP address which appears to be a dedicated server. The supermarktquiz.com domain is attracting quite a lot of traffic, just check out the Alexa traffic rank:

supermarktquiz.com traffic rank

Thanks for reading.

Remove websearch.searc-hall.info from Firefox, Chrome and Internet Explorer

Uncategorized

Found an installer this morning that claimed it would change many of my browser settings to websearch.searc-hall.info, but instead it changed them to websearch.searchfix.info. Perhaps due to a programming error or perhaps on purpose. I don’t know.

websearch.searc-hall.info in firefox

You can remove the websearch.searc-hall.info hijack, or websearch.searchfix.info, with FreeFixer. You can also use the Reset Browser feature in Chrome, Firefox and Chrome to restore your browsers to the default state.

Thanks for reading.

Green Tech Software LLC – Detected as InstallBrain – 37% Detection Rate

digital signature,

Hello! If you are a regular visitor here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of potentially unwanted softwares. Today I found another certificate, used by a publisher called Green Tech Software LLC.

Green Tech Software LLC publisher in the User Account Control

This is how it looks when double-clicking on the file and Green Tech Software LLC appears as the publisher. You can also see the Green Tech Software LLC certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, Green Tech Software LLC is located in Beaverton, Oregon, USA.

Green Tech Software LLC certificate for the Softango downloader

The download I found was the “Softango Downloader“. It downloads some third party software, in my case a Zip program, and during the installation process, it will offer the user to install additional software.

The reason for posting about Green Tech Software LLC is that the file is detected by many of the anti-virus programs. F-Secure reports SoftangoDownloader_Zip.exe as Application.Bundler.InstallBrain, Malwarebytes detects it as PUP.Optional.Softango.A and VIPRE classifies it as InstallBrain (fs). The detection rate is 37%

Green Tech Software virus total report: InstallBrain, Eldorado, etc

I decided to run the Green Tech Software LLC signed file, and it offered four additional programs called Speed Test, PC Performer, UnknownFile and MyPC Backup in the installer.

Green Tech Software bundle list

Since you probably came here after finding a file that was signed by Green Tech Software LLC, please share what kind of download it was and if it was reported by the anti-malware software at VirusTotal.

Hope this blog post helped you avoid some potentially unwanted software on your machine.

Thank you for reading.

Click Yes – 6% Detection Rate at VirusTotal

digital signature

Hi there! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. This morning I found another publisher named Click Yes. The following screenshot shows the User Account Control dialog when running the Click Yes file:

Click Yes publisher in the uac dialog

By looking at the certificate we can see that Click Yes appears to be located in Dublin, Ireland. The certificate is quite new. It’s validity period started yesterday, on the 21st of October.

Click Yes certificate

The VirusTotal report shows that the Click Yes file should probably be avoided, since setup.exe is detected as APPL/Downloader.Gen by Avira, Trojan.Packed.29192 by DrWeb and Win32/OutBrowse.AY by ESET-NOD32. The detection rate is only 6% which is quite low.

Click Yes virus total report - 6% detection rate

Did you also find a Click Yes file? What kind of download was it? If you remember the download link, please post it in the comments below and I’ll upload it to VirusTotal to see if the detection rate is improved.

Hope this blog post helped you avoid some unwanted software on your machine.

Thanks for reading.

Remove wwu.bouffebasculetimeous.com Pop-Up Ads

pop-ups,

Getting lots of pop-up ads from wwu.bouffebasculetimeous.com? If you have been following my posts here on the blog for the last week you know that I’ve been documenting the domain names that appears in pop-ups launched by adware installed on user machines.

wwu.bouffebasculetimeous.com pop-up bouffebasculetimeous.com pop up ad in firefox

Adware, that is probably why you are getting these wwu.bouffebasculetimeous.com pop-ups. I removed the wwu.bouffebasculetimeous.com ads by using the freeware tool FreeFixer to uninstalling two adwares that was installed on my machine. The first was called TinyWallet and the other was named BlockAndSurf.

I think that other variants of adware can launch these pop-ups. Please keep that in mind while examining your computer for the unwanted software.

If you had to remove something else than BlockAndSurf or TinyWallet, please post a comment below to help other users in the same situation.

I also tried to get some more information about the bouffebasculetimeous.com domain using a WHOIS lookup, but the domain is protected by the WHOISGUARD company 🙁 wwu.bouffebasculetimeous.com resolves to the 37.58.101.202 and 37.58.101.203 IP address.

BOUFFEBASCULETIMEOUS.COM whois lookup

Did this help you solve the bouffebasculetimeous.com problem?

Thanks for reading

Open Source Developer – 13% Detection Rate at VirusTotal

digital signature

Hello! Just a quick post on a publisher called Open Source Developer that I found some time ago while running some tests for the upcoming FreeFixer release. This is how it looks when double-clicking on the file and Open Source Developer appears as the publisher. It is also possible to check a digital signature by looking at a file’s properties, if you’d like to do that.

Open Source Developer publisher

I decided to upload the file to VirusTotal. Of the 53 anti-malware scanners, 7 detected the file. That’s a 13% detection rate. InstallCore seem to be the common detection name.

open source developer virus total report

Did you also find a file digitally signed by Open Source Developer? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thank you for reading.

Zoobam – 20% Detection Rate – Detected as WebInstallBundle and DownloadAdmin

digital signature

Hi there! Just wanted to give you heads-up on a file I found right now. The file is named installer_jdownloader_Spanish.exe and digitally signed by Zoobam. This is how Zoobam appears when running the file:

zoobam publisher

Information about a digital signature and the certificate can also be found under the Digital Signature tab. According to the certificate we can see that Zoobam seems to be located in USA and that the certificate is issued by Go Daddy Secure Certificate Authority – G2.

zoobam certificate

Of the 54 anti-malware scanners at VirusTotal, 11 detected the file. The installer_jdownloader_Spanish.exe file is detected as Adware:W32/WebInstallBundle by F-Secure, PUP.Optional.DownloadAdmin by Malwarebytes and DownloadAdmin (fs) by VIPRE.

zoobam virustotal

Did you also find a Zoobam download? What kind of download was it?

Thank you for reading.

WordProser Ads Removal Instructions

adware, freefixer,

Hello readers. Welcome to the blog. Just a short post on a called Word Proser or WordProser. Word Proser appears to be a variant of Vitruvian that I’ve blogged about before. If you have WordProser installed and running on your computer, you will find ads labeled WordProser Ads or Ads by WordProser, new add-ons in Mozilla Firefox and Internet Explorer and a new service called wpsvc.exe. I’ll show how to remove WordProser in this blog post with the FreeFixer removal tool.

Ads by WordProser WordProser Ads

word Proser 1.10.0.1 firefox add-on

You may also see the “WordProser search results”:

WordProser search results

Word Proser is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found Word Proser, it was bundled with a piece of software called FastPlayer. The screengrab below shows how the FastPlayer installer informed the user that Word Proser was bundled.

WordProser bundled

Generally, you can avoid bundled software such as Word Proser by being careful when installing software and declining the bundled offers in the installer.

As always when I find some new bundled software I uploaded it to VirusTotal to see if the anti-malware progams there detect anything interesting. 3 of the scanners detected the file. The Word Proser files are detected as a variant of Win32/AdWare.Vitruvian.D by ESET-NOD32 and InfoAtoms (fs) by VIPRE.

wpsvc.exe virustotalSince you probably want to remove Word Proser, wpnfd_1_10_1.sys, wpsvc.exe and WordProserClient.dll are the files you should check for removal if you want to remove it with FreeFixer. You might have to reboot your computer to complete the removal. Problem taken care of.

wordproser wpnfd_1_10_1.sys driver wordproser WordProserClientIE.dll remove word proser wpsvc.exe service word proser process word proser firefox extHope that helped you with the removal.

Any idea how you got Word Proser on your computer? Please share your story the comments below. Thank you!

Hope you found this useful. Thanks for reading.