Remove websearch.fixsearch.info – Uninstall Guide

Uncategorized

Did your search settings and home page in Chrome, Firefox and Internet Explorer just change to websearch.fixsearch.info? No worries, I’ll show how to remove websearch.fixsearch.info from your computer.

websearch.fixsearch.info

I found the unwanted websearch.fixsearch.info search engine while testing out some downloads. The downloaded files were digitally signed by Igor Kramoren and Alexey Kurilenko, publishers that have previously bundled unwanted software with their downloads.

How did you get fixsearch.info on your computer? Please share by posting a comment.

So, the websearch.fixsearch.info removal. One way to do the removal is to use the FreeFixer tool.

  1. Download and install FreeFixer.
  2. Click the Start scan button. It should complete in about 5 minutes.
  3. Check the websearch.fixsearch.info items in the scan result.
  4. Click the Fix button.
  5. Restart your web browsers.

You can also use the reset function in Firefox, Chrome and Internet Explorer. The reset feature restores many settings of the web browser to its default state. The problem is that it may do a little to much.

How to reset Mozilla Firefox settings:

  1. Click the menu button firefox menu button in the upper-right corner of the browser.
  2. Then click the Help button firefox help button at the bottom of the Firefox menu.
  3. From the Help menu, choose Troubleshooting Information.
  4. If you cannot access the Help menu, type about:support in the address bar to open up the Troubleshooting Information page.
  5. Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
    firefox reset button
  6. A dialog will pop up explaining what settings Firefox tries to preserve. Notice that everything else will be removed! To continue, click the Reset Firefox button in the confirmation window that opens.firefox reset button confirm.
  7. Firefox will close and reset itself. When the reset is done, a window will list the information that was imported. Click Finish and you’re done.

How to reset Google Chrome settings:

  1. Click the Chrome menu chrome menu button in the upper-right corner of Chrome.
  2. Select Settings.
  3. Click Show advanced settings and locate the “Reset browser settings” section. chrome reset browser settings button
  4. Click the Reset browser settings button.
  5. In the confirmation dialog that appears, review the changes the reset feature performs, then click Reset. chrome reset confirm

 How to reset Internet Explorer settings

  1. Start Internet Explorer.
  2. On the Tools menu, ie tools button that appears in the upper-right corner of the browser, click Internet options. If you can’t see the Tools menu, press Alt on your keyboard.
  3. In the Internet Options window, click the Advanced tab. ie advanced tab
  4. Click Reset… If you’re using Internet Explorer 6, click Restore Default.
  5. In the Reset Internet Explorer Settings dialog box, click Resetie confirm reset
  6. Select the Delete personal settings check box if you want to reset home pages, search providers and accelerators. Delete temporary Internet files, history, cookies, web form information, ActiveX Filtering data, Tracking Protection data, Do Not Track data and passwords.
  7. When Internet Explorer has finished applying the default settings, click the Close button.
    ie reset progress
  8. Reboot your machine.

Hope that helped you remove websearch.fixsearch.info.

Thank you for reading.

Plugin Update SL – Warning! Stay away from this file

adware, digital signature, freefixer, malware, ,

I’m in a hurry here, trying to wrap up the v1.12 release of FreeFixer, but I though I must write a few lines of about a file, digitally signed by Plugin Update SL, that was promoted as a Java update. Here’s how the ad appeared:

plugin update s.l ad - java update

When clicking on the ad, a download for something called Player_Setup.exe appeared. That file, is not a Java Update.

Plugin Update SL Certificate

The file is digitally signed by Plugin Update SL, which is a company that appears to be located on Tenerife, and if you run the file, it will start an installation of something called NewPlayer. During the installation, it offers lots of bundled unwanted software, such as Findopolis, FreeSoftToday, IStartSurf, etc, etc.

The VirusTotal scan also clearly shows why you should stay away from the Plugin Update SL malware file:

Plugin Update SL - Virus Total report

Some of the scanners report it as DomaIQ and SoftPulse.

Did you also find a file signed by Plugin Update SL? Was it also promoted as a Java update?

If you installed any of the bundled software, you can remove those with FreeFixer.

Hope this helped you avoid the Plugin Update SL software. Thanks for reading.

Orbiter, ORBTR, SPPD.sys and SearchProtect by ClientConnect LTD.

Uncategorized, , ,

I was playing around with a download this morning to see if it bundled some software. When running the installer “Search Protect by Conduit” was offered. The installer also displayed a few links – as shown in the screenshot below – to learn more about the SearchProtect software and to the EULA and the privacy policy, but for some unknown reason, no browser popped up when clicking the links.

Conduit Search Protect

Search Protect is designed to change search settings in Firefox, Chrome and Internet Explorer to trovi.com and pop up a notification window when these settings are changed.

Since I more or less on a daily basis look on what’s being bundled with various downloads, I’m used to see Search Protect, but this was a new variant that I had not seen before. It also installed something called Orbiter in “c:\Program Files (x86)\ORBTR” or “c:\Program Files\ORBTR”. The files were named Orbiter.dll and Orbt.ext. A new driver name SPPD.sys also appeared on the hard drive located in “c:\Windows\System32\drivers“. All these files were digitally signed by ClientConnect LTD.

I was curious to see if the anti-virus programs over at VirusTotal detected the orbiter.dll file, and some of them did. As shown in the screenshot, 10 of the 55 anti-virus scanners detected the orbiter.dll file, under various detection names, such as PUP.Optional.Conduit.A and Adware.Orbiter.

orbiter.dll virustotal report

If you’d like to remove SearchProtect and Orbiter, you can do so from the Add/Remove programs dialog, by right-clicking on the Search Protect icon and selecting Uninstall. This also uninstalled the Orbiter software.

orbiter and search protect uninstall

Did you also get SearchProtect and Orbiter on your machine? Any idea how it was installed? Did the uninstaller work successfully?

Videos MediaPlay-Air – Removal instructions

Uncategorized

It saturday, but since I just found this new adware variant called “Videos MediaPlay-Air” I though I should write a quick post about it. The ads are labeled “Ad by Videos MediaPlay-Air” or “Click to Continue -> by Videos MediaPlay-Air” as shown below.

Ad by Video MediaPlay-Air Click to continue by videos MediaPlay-Air

The Videos MediaPlay-Air adware is detected by some of the anti-virus programs. CrossRider and AppRider are some of the detection names:

Videos MediaPlay-Air virustotal

Notice how the adware modified the webpage with the “PROGRAMS” link 🙂

Removing Videos MediaPlay-Air is easy. Just select the Videos MediaPlay-Air for removal in FreeFixer, click Fix, reboot your machine and the ads will be gone.

Videos MediaPlay-Air in internet explorer Videos MediaPlay-Air

Any idea how you got this on your machine?

Remove PicRec – “Ads by PicRec” Removal Instructions

Uncategorized

Hello, found a new adware just before heading off to the local indian restaurant for lunch. Back in front of the computer now to write the blog post. The adware is called PicRec and displays ads labeled “Ads by PicRec“. Here’s some examples of the ads:

Ads by PicRec Ads by PicRec - Media Player Ads by PicRec in Firefox

If you have PicRec installed on your machine, you will also see three files, privoxy.exe, picrecs.exe and picrdrw.sys on your computer. The files are digitally signed by One Call Ltd.

Currently none of the anti-virus programs detect the picrecs.exe file according to VirusTotal. I’m sure the anti-virus vendors will add PicRec to their detection database sooner than later.

picrecs.exe virustotal

Since you probably came here searching for removal instructions, let’s get on with it. PicRec can easily be removed by FreeFixer. Just select picrecs.exepicrdrw.sys and privoxy.exe for removal as shown in the screenshots.

Picrecs.exe privoxy.exe process picrdrw.sys driver PicRecs.exe service

How did you get PicRec on your computer? I found it bundled with another software download where the “I agree” checkbox for PicRec was already checked. Here’s how it was disclosed:

PicRec installer

The PicRec’s web site is picrec.com where you can find the Terms and Conditions and privacy policy:

picrec.com web site

 

Thanks for reading. Hope this helped you remove PicRec.

Remove Rewin_Cinematic 1.1 – Uninstall Guide

Uncategorized,

Found a new variant of the CrossRider adware called Rewin_Cinematic 1.1, so I thought I should write a removal guide. If you have the Rewin_Cinematic 1.1 adware on your machine, you will see ads labeled “Ads by Rewin_Cinematic 1.1“. These ads are inserted into web pages when you browse:

Ads by Rewin_Cinematic 1.1 banner

Ads by Rewin_Cinematic 1.1

Obviously Rewin_Cinematic is adware. The adware files are digitally signed by Monkey Code Lab.

Rewin_Cinematic is installed as add-ons in your web browsers. Here’s how it appears in Mozilla Firefox:

Rewin_Cinematic 1.1 in Firefox

Removing Rewin_Cinematic is pretty easy. All you have to do is check the Rewin_Cinematic files in FreeFixer for removal as shown in the screenshots below.

Rewin_Cinematic 1.1 tasks Rewin_Cinematic internet explorer Rewin_Cinematic firefox extension

That’s it! Hope that helped you remove Rewin_Cinematic.

Do you also have the Rewin_Cinematic adware installed on your machine? Any idea how it was installed? Please share by posting a comment.

 

What is Maxiget Software Manager (Softsonic)? – Removal Instructions

freefixer

Did you find something called Maxiget Software Manger on you machine and wonder where it came from? The Maxiget Software Manger is a desktop application showing a web page named “Softsonic” that promotes software downloads and shows, what to appears to be Google Adsense Ads:

Maxiget Software Updater (Softsonic) main gui

If you have Maxiget Software Manger installed on your computer you may also see a process called MaxigetUpdater.exe running in the Windows Task Manager.

So, how did Maxiget Software Manger install on you computer? It could have been installed as a bundled offer, that was displayed when installing some other software on your machine. I found Maxiget while installing software, and here’s how Maxiget was disclosed:

maxiget software manager bundled

As usual when I find some bundled software, I upload it to VirusTotal to see what the anti-virus programs says about the file. AVG was the only anti-virus scanner that detected Maxiget, under the Generic.E22 detection name:

maxigetupdater.exe virustotal reportIf you would like to remove the Maxiget Software Manger, you can do so by selecting the MaxigetUpdater.exe file in FreeFixer:

maxigetupdater.exe service maxiget updater task

Or by using the Uninstall programs dialog:

maxiget software manager uninstall

Hope this helped you figure out what Maxiget is.

Did you also get Maxiget as a bundled software offer?

What is One More Game (OMG) And How To Uninstall It

freefixer

Just a quick post about a piece of software called One More Game before going back to programming on the FreeFixer tool. I’m working on a feature that scans Google Chrome Extensions.

Anyway, what’s One More Game? OMG is a piece of software that sits in the system tray and pops up notification about “new and exclusive offers and gaming tips“.

One More Game Ad for Big Farm One More Game Window

One More Game in the System Tray

You will also see a process called omg.exe running in the Windows Task Manager.

Did One More Game pop up unexpectedly on your machine? If so, One More Game might have been bundled in another download’s installer. That’s where I found it. Here’s how One More Game was disclosed in the installer of “FLV Player”:

one more game installer

So, what does the anti-virus programs say about the omg.exe file. Not much actually, none of the anti-virus detects OMG, except Symantec that reports omg.exe as WS.Reputation.1:

omg.exe virustotal

If you’d like to remove One More Game (OMG) you can do some from the “Uninstall Programs” dialog in the Windows Control Panel. There should be an entry named “One More Game” which you can right-click and select Uninstall.

Any idea how One More Game installed on your computer? Please share by posting a comment.

TubeHD Adware – Removal Instructions

adware, freefixer

I was reviewing some of the files submitted to the FreeFixer database tonight and found something new called TubeHD. This looked like a new variant of the CrossRider adware and the VirusTotal scan result clearly shows that is the case:

TubeHD is detected as Adware.CrossRider

Typically, adware such as TubeHD is distributed through bundling. That is, when downloading and installing some application, an additional offer is shown that suggests you should also install TubeHD.

Did you get Tube HD though bundling? If you remember the download link or the name of the software that bundled TubeHD, please let me know by posting a comment below. I’d like to try the installer to see how well TubeHD is disclosed.

Removing TubeHD with FreeFixer is pretty straightforward, assuming it’s just a regular variant of the Crossrider adware. Just select the TubeHD files for removal in the scan result, and then click Fix. The files should all be located in C:\Program Files (x86)\TubeHD-V1.8\ or C:\Program Files\TubeHD-V1.8\. The version number can vary depending on which version of TubeHD you have on your machine.

Thanks for reading!

Oleh Aleksyuk – Stay away from files signed this publisher!

digital signature

Hello readers, just wanted to warn you about a publisher called Oleh Aleksyuk. I downloaded a file that claimed to be an e-book, but instead the file had an .exe extension and was digitally signed by someone named Oleh Aleksyuk. When launching the file, a bunch of bundled programs was offered in the installer. EZDownloader, SW-Booster and Adblocker were some of the programs that appeared after running the file.

Oleh Aleksyuk

The digital certificate appears to be rather new. It’s valid from the 24th of June, 2014. According to the certificate, Oleh Aleksyuk is located in Russia.

Oleh Aleksyuk certificate. Valid from 24 june 2014.

Currently the detection rate for the Oleh Alexsyuk file is very low. When I uploaded the file to VirusTotal, only MalwareBytes detected the file. The detection name is PUP.Optional.MultiPlug. It will be interesting to see if the other anti-virus programs will detect it in the future.

Oleh Aleksyok virustotal report

Did you also find a file digitally signed by Oleh Aleksyuk? Do you remember where you downloaded it? Please share by posting a comment.