SearchSnacks Removal Instructions

October 9, 2014adware, freefixerVitruvianRoger Karlsson

Hello there. Today I wanted to talk about an adware called SearchSnacks and give you some removal instructions. If the Search Snacks Adware is installed and running on your system, you will see new add-ons in your web browsers and sssvc.exe running in the Windows Task Manager. You will also see ads labeled “brought by Search Snacks” and “Powered by SearchSnacks”. I’ll show how to remove Search Snacks in this blog post with the FreeFixer removal tool.

SearchSnacks is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found SearchSnacks, it was bundled with a software called FastPlayerPro. Here’s one example how it appears in the FastPlayerPro installer.

This screenshot also clearly explains that Search Snacks is adware.

When I mess around with some new bundled software I normally upload it to VirusTotal to test if the anti-malwares there find anything. 20% of the scanners detected the file. Some of the detection names for SearchSnacks are Adware.Vitruvian.B, a variant of Win32/AdWare.Vitruvian.D and InfoAtoms (fs).

If you would like to remove SearchSnacks you can do so with the freeware FreeFixer tool. Select the SearchSnacks files for removal in FreeFixer, click Fix, restart your machine and the problem will be gone. Here’s a few screenshots to point you in the right direction:

Hope this helped you solved the SearchSnacks problem.

Any idea how SearchSnacks was installed on your machine? Please let me and the readers know by posting a comments. Thank you!

Thanks for reading. Welcome back!

How To Remove BrowsersApp_Pro_v1.1

October 9, 2014adware, freefixerCrossRider, Cyprus, Nicosia, Numlock Apps, Railroad Party AppsRoger Karlsson

Hello there and welcome to the FreeFixer blog. Just a quick post on the BrowsersApp_Pro_v1.1 adware. This appears to be a variant of CrossRider that I’ve previously written about. If the BrowsersApp_Pro_v1.1 adware is installed on your computer, you will find ads labeled Ad by BrowsersApp_Pro_v1.1 while browsing the web, new add-ons added in your web browsers and new files, digitally signed by Numlock Apps, on the hard-drive. I’ll show how to remove BrowsersApp_Pro_v1.1 in this blog post with the FreeFixer removal tool.

BrowsersApp_Pro_v1.1 is bundled with other software. Bundled means that it is included in another software’s installer.

Generally, you can avoid bundled software such as BrowsersApp_Pro_v1.1 by being careful when installing software and declining the bundled offers in the installer.

When I play around with some new bundled software I always upload it to VirusTotal to check if the anti-malware scanners there find anything suspicious. 6 of the 54 scanners detected the file. The BrowsersApp_Pro_v1.1 files are detected as PUP/Win32.CrossRider by AhnLab-V3, PUP.Optional.BrowserApp.A by Malwarebytes and Crossrider (fs) by VIPRE.

Since you probably want to remove BrowsersApp_Pro_v1.1, these are the files you should check for removal if you want to remove it with FreeFixer. A restart of your computer might be required to complete the removal.

Hope this helped you remove the BrowsersApp_Pro_v1.1 adware.

Did you also find BrowsersApp_Pro_v1.1 on your computer? Any idea how it was installed? Please let me and the readers know by posting a comments. Thank you!

Thanks for reading. Welcome back!

Update 2014-11-05: The BrowsersApp_Pro_v1.1 adware is still distributed through bundling. The files are now signed by Railroad Party Apps as you can see in the screenshot below. The Railroad Party Apps company appears to be located in Nicosia, Cyprus.

Remove Web Finder Pro

October 6, 2014UncategorizedRoger Karlsson

Welcome! Did you just find something called Web Finder Pro on your computer? If Web Finder Pro is running on your system, you will spot see a new add-on, called Web Finder Pro 0.1, added in Mozilla Firefox. I’ll show how to remove Web Finder Pro in this blog post with the FreeFixer removal tool.

Web Finder Pro is bundled with other software. Bundled means that it is included in another software’s installer. However, I could not see any disclosure in the installer that Web Finder Pro 0.1 would be installed. Perhaps I did not review the licenses displayed during installation enough to find it.

Generally, you can avoid bundled software such as Web Finder Pro by being careful when installing software and declining the bundled offers in the installer.

If you would like to remove Web Finder Pro you can do so with the freeware FreeFixer tool. Select the Web Finder Pro files for removal in FreeFixer, click Fix, restart your computer and the problem will be gone. Here’s a screenshot to point you in the right direction:

Hope that helped you with the removal.

I stumbled upon Web Finder Pro while testing out some downloads that are known to bundled lots of unwanted software. Any idea how you got Web Finder Pro on your computer? Please let me and the readers know by posting a comments. Thanks!

Thank you for reading.

How To Remove The Framed Display Adware

October 6, 2014adware, freefixerAltbrowse, artemis, BrowseFoxRoger Karlsson

Just wanted to write a short post before going calling it a day. Stumbled upon the Framed Display adware. Framed Display appears to be a variant of AltBrowse/BrowseFox. If the Framed Display adware is running on your machine, you will see various type of advertisements according to the Frame Display EULA. However, for some reason I don’t see any ads. Do you? If you got this on your machine, you will also notice it in the browser’s add-on menu. For example, here’s Frame Display in Firefox:

Framed Display is bundled with a number of downloads. Bundling means that software is included in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.

When I find some new bundled software I usually upload it to VirusTotal to check if the antimalware scanners there detect something interesting. 20% of the anti-virus scanners detected the file. The Framed Display files are detected as BrowseFox.F by AVG, PUP.Optional.FramedDisplay.A by Malwarebytes and Artemis!032AA150BDFB by McAfee. framed display virustotal

So, how about the Framed Display removal? You can remove Framed Display with the FreeFixer removal tool. Just select the Framed Display files as the screenshots below shows. A restart of your machine might be required to complete the removal.

Hope that helped you to figure out how to do the removal.

I found Framed Display while testing out some downloads that are known to bundled lots of unwanted software. Any idea how you got Framed Display on your computer? Please share your story the comments below. Thank you very much!

Hope you found this useful. Thanks for reading.

InstallationSafe – 15% Detection Rate – Detected as AdGazelle

October 6, 2014adware, digital signatureAdGazelleRoger Karlsson

Was looking for some downloads to play around with and found one, digitally signed by InstallationSafe, that claimed “Your Java version may be outdated” trying to get me to installs something else than the official Java download.

The InstallationSafe download is distributed from fugupdates101 dot com. Some of the anti-virus programs are detecting the InstallationSafe file. The detection rate is 15 %. AdGazelle is one of the detection names.

Did you also find a download that was digitally signed by InstallationSafe? What kind of download was it and was it detected by the anti-virus programs at VirusTotal? Please share by posting a comment.

Thank you for reading.

Advertiso GmbH – 15% Detection Rate at VirusTotal

October 6, 2014digital signatureInstallCoreRoger Karlsson

Found another software publisher that bundles lots of potentially unwanted software. The publisher is called Advertiso GmbH and the file was called adobe-flash-player_setup.exe.

When I uploaded the file to VirusTotal, it came up with a 15% detection rate.

InstallCore seems to be the common detection name for the Advertiso GmbH file.

When I ran the Advertiso GmbH file it offered a bunch of bundled softwares, such as Web Finder Pro (Site Finder Pro), AdvanceElite, AstroMenda, PennyBee, etc. An in addition, it failed to install Adobe’s Flash Player, with the error “Installation encountered errors“:

Hope this helped figure out what the Advertiso GmbH installer will do to your system.

If you want to download the Flash Player, please do so from Adobe’s official web site:

http://get.adobe.com/flashplayer/

Did you also find a file from Advertiso GmbH? What kind of download was it? Was it also detected by the anti-virus programs at VirusTotal? Please share in the comments below?

Update 2015-09-10: Found another download signed by Advertiso called chrome_download.exe. The detection rate for that file is 20%:

PennyBee.exe and PennyBeeW.exe – Adware Removal Instructions

October 6, 2014Uncategorizedartemis, fake flash software, LinkuryRoger Karlsson

Just wanted to write a short blog post before going back to programming. Today I wanted to talk about an adware called PennyBee and thought I should give you some removal instructions. PennyBee appears to be a variant of the Linkury adware. If PennyBee is running on your system, you will spot PennyBee.exe and PennyBeeW.exe running in the Windows Task Manager and a new service installed, triggered to run PennyBee.exe. I’ll show how to remove PennyBee in this blog post with the FreeFixer removal tool.

PennyBee is bundled with other software. Bundled means that it is included in another software’s installer. When I first found PennyBee, it was bundled with a software download named an unofficial Flash Player download. This is how PennyBee was disclosed in the unofficial Flash Player download’s installer when I found it.

Generally, you can avoid bundled software such as PennyBee by being careful when installing software and declining the bundled offers in the installer.

When I find some new bundled software I normally upload it to VirusTotal to test if the anti-virus progams there find something. Of the 54 anti-virus scanners, 26 detected the file. Some of the detection names for PennyBee are a variant of MSIL/Toolbar.Linkury.H, Artemis and Adware.Linkury (fs).

Since you probably want to remove PennyBee, these are the files you should check for removal if you want to remove it with FreeFixer. You might have restart your machine to complete the removal. Problem fixed.

Hope that helped you with the removal.

Any idea how PennyBee was installed on your machine? Please share by posting a comment. Thank you!

Thanks for reading!

Remove Cantataweb – Adware Removal Instructions

October 6, 2014adware, freefixerAltbrowse, BrowseFox, New IT LimitedRoger Karlsson

Welcome! Found another adware called Cantataweb right now. This appears to be yet another variant of BrowseFox/AltBrowse that I’ve previously written about. According to the other anti-malware bloggers, Cantataweb has been around since August 2014.

If you got Cantataweb installed on your computer, you will see new add-ons added in Mozilla Firefox and Internet Explorer and a folder called Cantataweb added under the Programs Files folder. I’ll show how to remove Cantataweb in this blog post with the FreeFixer removal tool.

Cantataweb is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found Cantataweb, it was bundled with a software download claiming to be an episode of the Game of Thrones TV show. The download was digitally signed by New IT Limited.

Generally, you can avoid bundled software such as Cantataweb by being careful when installing software and declining the bundled offers in the installer.

As usual when I stumble upon some new bundled software I uploaded it to VirusTotal to test if the anti-malwares there find anything suspicious. 40 of the scanners detected the file which is a pretty good detection rate. The Cantataweb files are detected as Win32:BrowseFox-AW [PUP] by Avast, Application.Win32.Altbrowse.AK by Comodo, a variant of Win32/BrowseFox.F by ESET-NOD32 and PUP.Optional.Cantataweb.A by Malwarebytes.

You probably came here looking for removal instructions for Cantataweb and you can do so with the FreeFixer removal tool. Just select the Cantataweb files/settings as the screenshots below shows. A reboot of your computer may be required to complete the removal. Problem solved.

Hope this helped you remove the Cantataweb adware.

Do you also have Cantataweb on your system? Any idea how it was installed? Please let me and the readers know by posting a comments. Thank you!

Hope you found this useful and thanks you for reading.

How to remove ProtectedBrowsing adware

October 4, 2014adware, freefixerGeneric.D4CRoger Karlsson

Just wanted to write a short post before going back to coding on FreeFixer. Found another adware called ProtectedBrowsing right now.

If ProtectedBrowsing is installed on your machine, you will find ads labeled Ad by ProtectedBrowsing and green links inserted into web pages saying Click to Continue by ProtectedBrowsing.

You will also see a notification message from the system tray saying Proxy Protection Enabled and an icon in the system tray. New processes will appear in the Windows Task Manager: bservice.exe, bservice64.exe, wd.exe, pwdg.exe and proc.exe. ProtectedBrowsing also adds a new entry “54.204.28.26 baefoldjnepdncjikpmjiamfbjgicfol” in the HOSTS file. I’ll show how to remove ProtectedBrowsing in this blog post with the FreeFixer removal tool.

ProtectedBrowsing also installs add-ons in your browsers. Here’s two screenshots showing the adware in Chrome and Firefox:

ProtectedBrowsing is bundled with a number of downloads. Bundling means that software is included in other software’s installers.

Generally, you can avoid bundled software such as ProtectedBrowsing by being careful when installing software and declining the bundled offers in the installer.

When I test some new bundled software I always upload it to VirusTotal to test if the anti-virus scanners there find something fishy. I uploaded FrameworkBHO.dll which is digitally signed by Gratifying Apps. The detection rate is very low. Only 1 of the scanners detected the file. AVG names ProtectedBrowsing as Generic.D4C.

Removing ProtectedBrowsing is pretty easy with FreeFixer. Here’s a few screenshots from the removal that should help you: A restart of your system may be required to complete the removal. Problem fixed.

To remove the ProtectedBrowsing Chrome extension, open up the Settings menu in Chrome and click on Extensions in the left pane.

Hope this helped you remove the ProtectedBrowsing adware.

Do you also have ProtectedBrowsing on your machine? Any idea how it installed? Please share your story the comments below. Thanks!

Thanks for reading!

Remove Ads by CheckMeUp

October 3, 2014adware, freefixerAddLyrics, OutBrowse, RevizerRoger Karlsson

Hello there and welcome to the FreeFixer blog. Just a short post on an adware called CheckMeUp. If the CheckMeUp adware is installed on your machine, you’ll find ads labeled “Ads by CheckMeUp”, a new add-on named CheckMeUp added into Internet Explorer and Firefox and a process called CheckMeUp.exe running in the Windows Task Manager. I’ll show how to remove CheckMeUp in this blog post with the FreeFixer removal tool.

Here’s how CheckMeUp shows up in Firefox and Internet Explorer:

CheckMeUp is distributed by a tactic called bundling. Bundling means that a piece of software – in this case CheckMeUp – is included in other software’s installers. When I first found CheckMeUp, it was bundled with a download called FLV Player by OutBrowse.

Generally, you can avoid bundled software such as CheckMeUp by being careful when installing software and declining the bundled offers in the installer.

When I find some new bundled software I usually upload it to VirusTotal to see if the anti-malware tools there detect something. 3 of the 55 anti-virus scanners detected the file. The CheckMeUp.exe file is detected as AddLyrics by Sophos and Revizer (fs) by VIPRE.

Since you probably want to remove CheckMeUp, these are the items you should check for removal if you want to remove it with FreeFixer. You might have to restart your machine to complete the removal. Problem taken care of.

Hope that helped you to figure out how to do the removal.

Any idea how CheckMeUp was installed on your computer? Please let me and the readers know by posting a comments. Thank you!

Thanks for reading. Welcome back!

Update 2014-12-06: CheckMeUp is now using files named webinstrNewH.sys, 184_x64.dll and 184.dll.