How To Remove Bubble Dock

Uncategorized

Stumbled on something called Bubble Dock today. You might notice it since it opens up pop-ups in the lower right corner on the Windows desktop. Here are two examples:

Bubble Dock pop up Bubble Dock ad in the lower right corner of the desktop

I found Bubble Dock bundled with a free download. Here’s how it was disclosed in the installer:

Bubble Dock installer

Some of the anti-virus programs over at VirusTotal detects the Bubble Dock files:

BubbleDock axSurfMatch.dll

If you’d like to uninstall Bubble Dock, you can do so from the Add/Remove programs dialog or with FreeFixer. Check the Firefox extension, LBubble Dock.exe, Bubble Dock.exe  and axSurfMatch.dll for removal as shown in the screenshots:

BubbleDock firefox Bubble Dock.exe process Bubble Dock LBubbleDock.exe Bubble Dock axSurfMatch.dll in the Nosibay folderDo you also have Bubble Dock on your machine? Any idea how it got there?

 

How To Remove V-Bates

freefixer

Another quick post before getting to bed. I just found something called V-Bates, bundled with a free download. Here’s how V-Bates was disclosed in the installer:

v-bates install 404 page not found

The Terms and Condition link opened up a 404 Page Not Found, which can make it difficult for users to take an informed decision whether to install V-Bates or not.

Only a few of the anti-virus programs detects the  V-Bates files:

v-bates is called wajamu and wajam

Baidu and VIPRE refers to it as Wajam and Wajamu.

If you’d like to remove V-Bates you can simply do so by uninstalling it from the Add/Remove programs dialog.

v-bates uninstall

If that fails for some reason you can also remove V-Bates with FreeFixer by checking notifier.exe, guardsvc.exe, extensionupdaterservice.exe, PrefHelper.exe, extension32.dll and extension64.dll for removal:

v-bates notifier.exe v-bates guardsvc.exe v-bates Extension64.dll v-bates PrefHelper.exe v-bates Firefox v-bates ExtensionUpdaterService.exe

Do you have V-Bates on your machine? Any idea how it was installed?

 

Context2pro, conadvanced.exe, contextprod.exe and contextfr.exe – Removal Instructions

freefixer,

Just a quick post. Found something called Cyclon or Context2Pro bundled in a free download. This is how it appeared in the installer.

Context2pro Cyclon Installer

Clicking the EULA link opened up a 404 Not Found page. Once installed I noticed pop-ups from markettizer.net.

markettizer.net pop up

The anti-virus programs have a relatively good detection rate for Context2Pro:

Context2Pro Contextprod.exe VirusTotal scan result

To remove Context2Pro, check conadvanced.exe, contextprod.exe and contextfr.exe for removal in FreeFixer. During my testing there was no entry in the Add/Remove programs dialog for Context2pro.

context2pro startups - contextfr.exe, conadvanced.exe and contextprod.exe Context2Pro processes contextadvanced.exe

How did you get Context2Pro on your computer?

What is PC Faster?

Uncategorized

PC Faster is a program from Baidu with various scanning and cleaning features:

PC Faster main screen

If PC Faster appeared unexpectedly on your machine, it may have been bundled with another download. Here’s how it was disclosed when I found it, while bundled with a download manager.

PC Faster 404 page not found

During my testing, the Terms and Condition link opened up a 404 Page Not Found browser tab.

Are you using PC Faster? Do you like it and does it speed up your computer as much as it claims?

 

How To Remove Sharp Savings Ads

adware, freefixer

Gettings ads labeled “Ads by Sharp Savings” or text links with a mouse-over saying “Click to Continue > by Sharp Savings”.

Sharp Savings - Ads by Sharp Savings Sharp Savings text link - Click to Continue > by Sharp Savings

 

Sharp Savings is bundled with free downloads. Here’s how it was disclosed when I found it:

Sharp Savings installer

You can remove Sharp Savings from the Windows Control Panel. During the uninstall you need to solve a CAPTCHA.

Sharp Savings uninstall Sharp Savings uninstall captcha

If the removal fails for some reason, you can remove Sharp Savings with FreeFixer, by selecting the Sharp Savings files (bservice.exe, wd.exe, updater.exe, framworkBHO.dll, etc) as shown in the screenshots. You will also need to manually restore your browser’s proxy settings.

Sharp Savings wd.exe bservice.exe Sharp Savings update.exe Sharp Savings startups Sharp Savings mozilla Sharp Savings Internet Explorer

 

Overall Media, Inc. – Bundling and VirusTotal detections.

digital signature

A few days ago I found a download that was digitally signed by a company called Overall Media, Inc. What caught my attentions was that the download was called SkypeSetup.exe and used the Skype icon for the installer file. This might look like an official Skype download, but it is not.

Overall Media, Inc. publisher using the logo

Overall Media, Inc. certificate

When running the Overall Media, Inc. SkypeSetup.exe file I could see that it bundled Search Protect and the Qone8.com web site.

Overall Media, Inc. Skype Download

Overall Media, Inc. installer bundling Search Protect Overall Media, Inc. SkypeSetup.exe bundling Qone8.com

When running the Overall Media, Inc. file through the scanners at VirusTotal, 4 of the anti-virus programs detected the file:

Overall Media, Inc. VirusTotal detections

Did you also find an Overall Media, Inc. download? Where did you find it and what kind of download was it?

Digital Plugin S.L Publisher – VirusTotal Detections

digital signature, , , , ,

Sorry for not posting anything during the days. I’ve been having a few days off visiting friends and family. Before my time off I found another publisher called DIGITAL PLUGIN S.L that bundles some potentially unwanted programs. The file I found was called Player.exe and I could see DIGITAL PLUGIN S.L appear when double-clicking on the file.

Digital Plugin S.L Publisher

 

Update 2015-06-29: Found another download with the publisher name “Digital Plugin SL“.

Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that DIGITAL PLUGIN S.L is located in Tenerife.

Digital Plugin S.L Certificate

Digital Plugin S.L Tenerife

 

And the certificate was issued by GlobalSign.

The reason for posting about DIGITAL PLUGIN S.L is that the file is detected by many of the anti-virus programs. Currently player.exe is detected by 13 of the 52 anti-virus scanners:

Digital Plugin S.L Virus Total detections

Hope you found this post useful.

Did you also find a download signed by DIGITAL PLUGIN S.L? What kind of download was it?

Update 2015-09-12: Today I noticed another download called google_chrome.exe, signed by Digital Plugin SL.

Digital Plugin SL cert again

 

This is another certificate, issued by VeriSign. VirusTotal reports a 19/57 detection ratio.

V.X. Technocom – Bundling, VirusTotal Detections and Digital Signature Information

digital signature

If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. A few days ago I found another publisher named V.X. Technocom that bundles software.

The file was called Game_of_Thrones_S04E02_HDTV_x264-2HD[ettv].exe.

If you have a V.X. Technocom download on your computer you may have noticed that Closed Joint-Stock Company “V.X. Technocom appears as the publisher in the UAC dialog when double-clicking on the file.

V.X. Technocom Publisher

You can also see the V.X. Technocom certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, V.X. Technocom is located in Moscow, Russia.

v.x.-technocom-digital-signature

v.x.-technocom-moscow-russia

These are the current VirusTotal detections for the file. Adware/Savy.ahdd and GetPrivate are the detection names by AntiVir and VIPRE:

v.x.-technocom-closed-joint-stock-company-getprivate-adware-savy.ahdd

Since the download was detected I decided to give it a try to see what it installed. During my test I could see AduckySweet-Page, ShopperFriend and Block-N-Surf, as shown in the screenshots below:

v.x.-technocom is bundling SweetPage v.x.-technocom is bundling Block-N-Surf v.x-technocom ShopperFriendaducky

After accepting the offers a bunch of new files and settings appeared. Here are some of the files:

  • WindowsUpdater.exe
  • winsystem.exe
  • svcsystem.exe
  • PluginService.exe
  • privoxy.exe

A bunch of new ads also started to pop up, labeled monkeytize and RightCoupon.

Monkeytize Ads

You can remove these unwanted ads, files and settings with help from the FreeFixer tool.

Where did you find the V.X. Technocom download? What kind of download was it?

How To Remove Bellaphant Adware

Uncategorized

Found another adware variant called Bellaphant today. It was bundled with a download called MediaFinder. Here’s how Bellaphant is disclosed in the MediaFinder installer:Bellaphant is bundled with Media Finder

According to the disclosure, Bellaphant

provides special offers and coupons, website ratings and reviews, multi-site searching, comparison shopping and related search results. Additional features may be auto-enabled after installing.

13 of the 51 anti-virus programs are clearly aware of  the Bellaphant adware, as you can see in the scan result from VirusTotal:

Bellaphant VirusTotal scan result

If you have Bellaphant on your machine you can see it in Mozilla Firefox’ and Internet Explorer’s Add-Ons menu:

bellaphant appears as a firefox addon bellaphant also appears as an Internet Explorer add-on

If you’d like to remove Bellaphant with FreeFixer, you can just check the Mozilla Firefox Extension and the Internet Exlorer browser helper object called bellaphantbho.dll:

bellaphant in FreeFixer Select Bellaphantbho.dll to remove Bellaphant from Internet Explorer

I found Bellaphant bundled with MediaFinder. How did you get Bellaphant on your machine?

Adobe Flash Player Packages – What is it?

Uncategorized

Did you find something called Adobe Flash Player Packages in the programs list and wonder what it is? Chances are that this was added when downloading and installing an unofficial Adobe Flash Player. Here’s how Adobe Flash Player Packages appears in the programs list:

Adobe Flash Player Packages

To avoid this in the future, please keep in mind to always download software from its official site. For example, get the Adobe Flash Player from http://get.adobe.com/se/flashplayer/

How did you get Adobe Flash Player Packages on your machine?