Artur Kozak Publisher – Digital Signature Warning!

digital signature, , ,

Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file in the FreeFixer database called digital-photo-2013-11-nov.pdf.exe, digitally signed by Artur Kozak.

You can see who the signer is when double-clicking on an executable file. Artur Kozak appears in the publisher field in the dialog that pops up. You can also see the Artur Kozak certificate under the digital signature tab.

So, why am I warning you about the Artur Kozak file? Check out what the anti-virus programs report about the file:

artur-kozak

TSULoader, InstalleRex, Win32.Adload and Adware.Downware are some of the detection names reported by the anti-virus scanners.

Hope this helped you avoid getting some unwanted programs on your machine.

Where did you find the Artur Kozak file? What was the file called?

SuperCool Applications Publisher – Warning

digital signature, , ,

This night I found a file claiming to be an installer for Adobe’s Flash Player. However, the file was not signed by Adobe as it should be. Instead SuperCool Applications appeared as the publisher:

SuperCool Applications Publisher

SuperCool Applications also appears under the digital signature tab. SuperCool Applications is located in Tel Aviv, Israel.

SuperCool Applications Digital Signature

Supercool Applications certificate says Tel Aviv, Israel

So, why should you avoid the SuperCool Applications “Flash Player” and instead download Flash from the official site? The anti-virus scanners should convince you:

SuperCool Applications virus total scan result.

Seven of the anti-virus programs detects the the SuperCool Applications file, and refers to it as Max Setup, InstallCore, Install Core Click run Software and PUP.Optional.InstallCore.

Hope this helped you to get the official Flash Player and skip the SuperCool Applications download.

Please let me know if you found this blog post useful.

GetMyFilesNow – How To Remove

adware, freefixer, , , ,

Stumbled upon an adware called GetMyFilesNow the other day. Here’s how its installer looks like:

getmyfilesnow installer

Once installed it will appear as an add-on in Mozilla Firefox:

getmyfilesnow addon 1.0 in Firefox

So, what kind of advertising does GetMyFilesNow show? After installation the well-known Nav-Links type of ads started to appear, but when I tested it GetMyFilesNow also replaced Google Adsense ads on the web sites that I visited.

getmyfilesnow nav-link popup

 

GetMyFilesNow may also insert ads into Google search results. They ads are labeled “Powered by GetMyFilesNow“:

Powered by GetMyFilesNow ads

Many of the anti-virus programs are obviously aware of GetMyFilesNow. When I scanned getmyfilesnow.exe, 14 of the 53 anti-virus programs flagged the file. Most of them report it as KillFiles, Linkular and Linkun.

getmyfilesnow.exe virus total scan

You can remove GetMyFilesNow by simply removing the Firefox Extension, either directly in Firefox or by checking the extension for removal in FreeFixer:

getmyfilesnow-firefox-ext

Hope this helped you figure out what GetMyFilesNow is and how to remove it.

How did you get this adware on your machine? Please share by posting a comment.

 

Stas Kosmov Publisher – Digital Signature Warning!

digital signature

For some unknown reason I had trouble sleeping this night, so instead I spent a few hours hunting some adware installers. I found a file digitally signed by Stas Kosmov that bundled lots of unwanted software. Stas Kosmov will appear as the publisher when double-clicking on the file and in the file’s digital signature tab. According to the certificate Stas Kosmov is located in Kiev, Ukraine.

Stas Kosmov Publisher - Installer for TopApp soft

Stas Kosmov Digital Signature

Stas Kosmov Kiev Ukraine

So, what does the anti-virus scanners say about this file? The following scan result should convince you to not run the Stas Kosmov file:

stas kosmov virus total

Did you also find a file signed by Stas Kosmov? Where did you find it?

Coupigo Adware Removal Instructions

Uncategorized,

Seems like there’s a lot of new adware variants popping up right now. Found a new one called Coupigo this morning. Coupigo adds itself into Firefox and Internet Explorer. Here’s how it appears in Firefox:

Coupigo Adware in Mozilla Firefox Add-ons Manager

FreeFixer can remove Coupigo with a few clicks. Just select the Coupigo files in the scan result and then hit the Fix button. Problem solved.

Coupigo Adware in Internet Explorer Coupigo Adware listed as a Firefox Extension

The anti-virus programs are clearly aware of the Coupigo adware. Just check out the detection result from VirusTotal. Graftor and MultiPlug seems to be the most common detection names. I’d say 33/53 is pretty good:

Coupigo detections at virus total - Graftor - MultiPlug

How did you get the Coupigo adware on your machine?

GreatSaver Adware Removal Instructions

Uncategorized

Seems like there’s no end to the adware variants out there. Found something called GreatSaver right now. It will install itself as an add-on in the web browser. Here’s GreatSaver in the Firefox add-ons list:

greatsaver 2.7 adware firefox addon

So, how can you remove GreatSaver? Easy peasy with FreeFixer, just select the GreatSaver files for removal. That’s all it takes 🙂

greatsaver adware internet explorer greatsaver adware firefox extension

How did GreatSaver find its way onto your machine? Please let me know by posting a comment.

 

Anton Melnikov Publisher – WARNING

adware, digital signature

Just a short post before getting back to work. I found a software download this morning that bundles some unwanted software. The download is digitally signed by Anton Melnikov. The problem with the Anton Melnikov download is that is bundles lots of unwanted software, such as “SaveOn”, “Y**tubeAdBlocker”, “SW-Booster”, “SW-Sustainer”, etc.

Windows will display Anton Melnikov as the publisher when running the file. The program name is “Installer for TopApp software“.

Anton Melnikov publisher - Installer for TopApp software

You can also check the digital signature under the file’s properties. The certificate says Anton Melnikov is located in Kiev, Ukraine.

anton-melnikov-digital-signature

anton-melnikov-kiev-ukraine

Well, hope this blog post saved you a few hours by avoiding those unwanted programs. There are after all more interesting things to do than cleaning a computer from adware.

Did you also find a file signed by Anton Melnikov? Where did you find it and what kind of download was it? Thanks for sharing.

Productivitypro Ads – Removal Instruction

adware, freefixer,

Getting bombarded with ads labeled “productivitypro Ads” and a large sidebar with search results called “Topic Torch by productivitypro” like in the screenshots below?

productivitypro ads

Topic Torch by productivitypro

productivitypro will also appear in your web browser’s add-on list. It appears as “productivitypro 1.0.1” in Firefox:

productivitypro 1.0.1

So, how about the removal. Simply check the productivitypro files in FreeFixer for removal:

productivitypro Internet Explorer add-on productivitypro firefox extension

Out of curiosity, how did you get the productivitypro adware on your computer? Please let me know by posting a comment.

WiseManager’s CfjdkPfhrU.exe is a Bitcoin Miner – Removal Instructions

freefixer, Uncategorized,

I found yet another Bitcoin miner this morning. You might have spotted it because of a new file called WiseManager.exe running at startup or the high CPU usage by CfjdkPfhrU.exe as shown in the screenshot of the Task Manager below:

CfjdkPfhrU.exe CPU Setup Task Manager

The Wise Manager files are located in C:\Users\%USER%\AppData\Roaming\WiseManager\ and C:\Users\%USER%\AppData\Roaming\WiseManager\CGMInerDLLs.

wisemanager cgminerdlls folder

Currently no anti-virus detects the two main files, WiseManager.exe and CfjdkPfhrU.exe when I uploaded them to VirusTotal, but I assume the scanners will start picking them up sooner than later. WiseManager.exe is digitally signed by Moresta Holdings LimitedCfjdkPfhrU.exe is unsigned.

By the way, CfjdkPfhrU.exe sounds like it been given a random file name. Does your computer show another file hogging the CPU?

Removing WiseManger.exe and CfjdkPfhrU.exe is easy with FreeFixer. Just check WiseManager.exe and CfjdkPfhrU.exe for removal and click the Fix button and the problem is solved.

wisemanager.exe startup in the roaming folder wisemanager.exe and cfjdkPfhrU.exe processes

Now you can remove the C:\Users\%USER%\AppData\Roaming\WiseManager\ folder manually in Explorer.

I found the Wise Manager Bitcoin miner while testing a free download. WiseManager was bundled inside the download. How did you get Wise Manager and CfjdkPfhrU.exe on your computer?

Daneil Jemoch Publisher – WARNING!

digital signature, ,

Just a quick post before starting todays programming on the FreeFixer tool. This is the second time I spot a file digitally signed by Daneil Jemoch that bundles lots of unwanted programs. Though I should warn you and hopefully save you from some unnecessary adware cleaning. You can see Daneil Jemoch appear as the publisher when running the file as shown below.

Daneil Jemoch Publisher - Excellent4App Daneil Jemoch publisher

You can also check who signed a file by checking the digital signature tab. The screenshot below shows the Daneil Jemoch certificate. From the certificate info we can see that Daneil Jemoch appears to be located in Kiev, Ukraine.

daniel-jemoch-digital-signature

Daneil Jemoch, Kiev, Ukraine

The anti-virus programs have a decent detection rate for the Daneil Jemoch file:

Daneil Jemoch virus total

The anti-virus scanners refers to the file as Graftor, MultiPlug and InstalleRex.

Where did you find the  Daneil Jemoch signed file?

Hope you found this post useful. Please let me know by posting a comment.