Just a quick post on the Websearch.searchfix.info hijack. You can remove Websearch.searchfix.info from Internet Explorer and Mozilla Firefox by selecting the following items in FreeFixer:
If that did not completely remove Websearch.searchfix.info you use can the Reset Feature in your browsers.
Thanks for reading.
Did you find something called Rich Media Player and wonder where it came from? It might have been installed on your machine in a software bundle. Here’s how the Rich Media Player was disclosed in an installer for another program:
Here’s how the Rich Media Player icon and user interface looks like:
According to the EULA, Rich Media Player may show
“offers and/or advertisements.”
None of the the 54 anti-virus programs at VirusTotal is detecting the rmhelper.exe file:
Hope that helped you figure out how Rich Media Player was installed on your machine.
Thanks for reading.
Did you find a program called “Music Search App” on your computer and wonder what it is? Music Search App is a toolbar and “search settings protector” for Firefox and Internet Explorer.
How did you get it on your machine? Perhaps through bundling. Here’s a screenshot which shows jZip bundling Music App.
Some anti-virus programs are detecting Music Search App. Here’s the scan result for DatamngrCoordinator.exe:
SearchSuite appears to be the common detection name.
Will you keep or remove Music Search App? Please share by posting a comment below.
Thanks for reading.
Hello readers. Another day, another blog post. As usual I was looking around on the Internet to see what is being bundled with some software downloads. This time I found something called Sense. This appears to be a variant of CrossRider that I’ve previously written about.
If the Sense adware is installed on your computer, you will find banners labeled “Ads by Sense“, “Ad by Sense1“, green links added to web pages, saying “Click to Continue -> by Sense“, new add-ons added into Internet Explorer and Firefox and new processes running in the Task Manager. You’ll also see some files on your hard-drive that are digitally signed by Krance Development. I’ll show how to remove Sense in this blog post with the FreeFixer removal tool.
Sense is bundled with other software. Bundled means that it is included in another software’s installer. When I first found Sense, it was bundled with a piece of software called Free Download Manager.
As usual when I find some new bundled software I uploaded it to VirusTotal to test if the anti-viruses there find anything suspicious. CrossRider seems to be the common detection name.
The file is digitally signed by a company called Krance Development.
Removing Sense is straightforward with FreeFixer. Just select the Sense files for removal and then click the Fix button and the problem will be solved.
Hope that helped you with the removal.
Any idea how Sense was installed on your system? Please let me and the readers know by posting a comments. Thanks!
Thank you for reading.
Update 5 November 2014: The Sense adware is still being distributed. Now the files are signed by Porter Studio Plus as you can see in the screenshot from the Digital Signatures tab for the Sense-bg.exe file. According to the information in the certificate, Porter Studio Plus is located in Nicosia, Cyprus.
Update 7 Nov 2014: Now the files are signed by Sara Kodama Project. They seem to change the certificate quite often.
Update 2014-11-19: Now the files are signed by Tita-nium Great Minds. They are located in Nicosia, Cyprus.
Hello there. As usual I was looking around on the Internet to see what is being bundled with some software downloads. This time I found something called PriceHorse. If you have PriceHorse on your system, you will see a new process called pricehorse.exe, signed by PayByAds ltd., running in the Windows Task Manager and 2 new scheduled tasks. You can also see ads labeled “Ads by Price-Horse”. I’ll show how to remove PriceHorse in this blog post with the FreeFixer removal tool.
Here’s a screenshot from the www.price-horse.com web site which shows how the PriceHorse ads look like:
PriceHorse is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found PriceHorse, it was bundled with a download named Free Download Manager. Here’s how it appeared in the Free Download Manager installer where I found it:
The EULA refers to the software as Price-Horse instead of PriceHorse. The EULA also mention a company called First Offerz Ltd.
Generally, you can avoid bundled software such as PriceHorse by being careful when installing software and declining the bundled offers in the installer.
As usual when I stumble upon some new bundled software I uploaded it to VirusTotal to check if the antiviruses there detect something fishy. The PriceHorse.exe file is detected as PayByAds and Montiera.
Removing PriceHorse is pretty easy with FreeFixer. Just select the PriceHorse files for removal and then click the Fix button and the problem will be solved.
Hope this helped you solved the PriceHorse ad problem.
Do you also have PriceHorse on your computer? Any idea how it installed? Please share in the comments below. Thanks!
Thanks for reading. Welcome back!
Hello there and welcome to the FreeFixer blog. Today I wanted to talk about an adware named JollyWallet and thought I should give you some removal instructions. JollyWallet appears to be a variant of CrossRider that I’ve written about before. If the JollyWallet adware is installed and running on your machine, you will see JollyWallet ads added in the top area of your web browsers and a new add-on installed into Mozilla FireFox and Internet Explorer. I’ll show how to remove JollyWallet in this blog post with the FreeFixer removal tool.
The JollyWallet adware has been around for some time. I think I first spotted it in the spring of 2014, then it disappeared from the radar for some time, but now it appears to be distributed again.
So, how did JollyWallet install on your machine? It was probably bundled with some download that you installed recently. Bundling means that software is included in other software’s installers. When I found JollyWallet, it was bundled with a download claiming to be an episode of the Game of Thrones TV-series. The screenshot below shows how the download informed the user that JollyWallet was bundled.
When I run into some new bundled software I usually upload it to VirusTotal to check if the anti-viruses there detect anything. The JollyWallet file was detected by 10 of the anti-virus scanners.
Removing JollyWallet is pretty with FreeFixer. Just check the JollyWallet files as the screenshots below shows. A restart of your machine may be required to complete the removal. Problem taken care of 😉
Hope this helped you remove the JollyWallet adware.
Any idea how JollyWallet was installed on your machine? Please share in the comments below. Thank you!
Thanks for reading!
Here’s another deception web page, used to trick you into installing some unwanted software:
“You are currently using Windows 8 and your player might be outdated”
The web page mentions dominio.com, but I don’t know if they have anything to do with it.
Did you also see this type of deceptive web page? Please post the URL in the comments below.
Just wanted to let you know about a publisher called Symbolicom Holdings Limited before going back to writing some code for FreeFixer. When I uploaded the Symbolicom Holdings Limited file, named adobe_flash_player.exe, to VirusTotal it came up with a 7% detection rate.
Some of the detection names are Trojan.MulDrop5, a variant of Win32/InstallCore and HEUR/Malware.QVM06.Gen.
Although the file name contains “adobe” and “flash” it’s not an official Adobe Flash download. The official Adobe Flash Player should be digitally signed by Adobe Inc.
Did you also find a Symbolicom Holdings Limited download? What kind of download was it?
Getting ads labeled “Powered by Information” in your Google search results? Then you have some adware installed and running on your machine. You can track down this adware with the FreeFixer removal tool.
Thanks for reading!
Did you just spot something called Videos+Media+Players on your machine or in your browsers?
No problem, you can remove it with the freeware tool FreeFixer. Just select the Videos+Media+Players files for removal in FreeFixer and click the Fix button. Problem solved.
Did you also find Videos+Media+Players on your machine? Any idea how it was installed?
Update 2014-11-17: Found a new variant called “VideoMedia+Player_v2.3“. Do you think there will be variants called VideoMedia+Player_v2.4 and VideoMedia+Player_v2.5 coming soon? If you have this variant you may see ads labeled “Powered by VideoMedia+Player_v2.3”:
Update 2014-11-19: Now the files are digitally signed by Xenon Play Center.
