One of the tools that I’m using quite often is DDS. It is a used to generate a log file containing the running processes, services, search settings, browser plugins, etc. Basically the same information as the items that appears in the FreeFixer log. From time to time I’m getting an error saying “PEV.DAT has stopped working” when running DDS and I’m wonder if anyone out there know of a work-around, or if there’s a more recent DDS download that solves this bug?
Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by Boris Burkin. Typically you’d see the Boris Burkin publisher name appear when double-clicking on the file:
You will also see Boris Burkin appear if you check the file’s digital signature.
If you are considering to run the Boris Burkin signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program:
The anti-virus program calls the file Trojan.AntiFW, InstalleRex, Adware.Downware, Win32.InfoLeak, Downloader.AdLoad, etc.
Did you also find a file digitally signed by Boris Burkin? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.
Just got home after having an espresso with my friend Jon Kågström and started to check out a bunch of suspicious downloads. One of the downloads was signed by the Clovermedia SL publisher. If you came here wondering if the file is safe or not, I think you should avoid running the Clovermedia file.
You can also check who signed a file by looking under the file’s properties. The following screenshots shows how the Clovermedia SL certificate appears under the Digital Signature tab.
There is also additional info available, such as that Clovermedia SL is located on Tenerife.
Anyway, the problem with the Clovermedia file is that it bundles lots of potentially unwanted programs, such as MediaPlayer Plus, Freeven, etc. Many of the anti-virus programs are well aware of this, and flags the Clovermedia file with names such as DomaIQ.
Hope this helped you avoid some adware.
Did you also find a Clovermedia file. Where did you download it?
I was looking around for some adware to install on my lab machine to test a new cleaning feature that I’m working on for the FreeFixer tool, when I stumbled on a file digitally signed by HARASAN PRAPAPON. I’m writing this post to warn you about the file. Typically the files is named after some popular TV-series or movie.
If you are hesitating with the following UAC prompt saying HARASAN PRAPAPON is the publisher, I strongly suggest you click the No button.
Tip: You can also check a digital signature by right-clicking on a file -> Properties -> Digital Signature.
So what’s the problem with the HARASAN PRAPAPON signed file? Here’s the detection results, which should convince you:
I’m sure the other anti-virus programs will pick up this file sooner than later.
Did you also find a file signed by HARASAN PRAPAPON? What are the anti-virus programs calling it? (Hint: upload it to www.virustotal.com)
To save you from some adware cleaning, I just want to give you the heads up on files that are digitally signed by WARP INSTALLER. Most versions of Windows will display the publisher when double-clicking on a downloaded file, as shown in the screenshot below.
If you get this prompt about Premium Installer by WARP INSTALLER, click No.
You can also see check the digital signature, by looking under digital signature tab on a file’s properties.
So, why should you avoid the WARP INSTALLER files? StartDownload.exe, which is digitally signed by WARP INSTALLER, is detected by 15 of the 50 anti-virus programs! Here are some of the detection names:
Did you also download one of the WARP INSTALLER signed files? Where did you find it?
Getting bombarded by Findopolis ads like in the screenshot below. No problem, I’ll show how to remove the Findopolis adware. Read on…
The Findopolis adware has been are for some time, at least from the beginning of February 2014, but it is still being distributed. So I though I should write a few lines about it. I found Findopolis yesterday when a pop-up claimed that my computer needed a “Video Upgrade”.
All you need to do to remove Findopolis is to check the Findopolis files for removal in FreeFixer and click the Fix button.
Here’s a video showing demonstrating the removal:
Hope you found this useful.
How did you get Findopolis on your machine? Please share your story in a comment below.
If you see systemku.exe and SystemkService.exe running in the Task Manager you have the Settings Manager by Aztec Media installed on your machine. SettingsManager comes bundled with some free software downloads.
Settings Manager is detected by some of the anti-virus programs. Here’s the scan result for the SystemkService.exe file:
You can simply uninstall SettingsManager from the Windows Control panel as shown in the video below:
If the Settings Manager removal failed for some reason, you can also remove it with FreeFixer, by selecting Systemku.exe, SystemkService.exe, sysapcrt.dll and the Settings Manager Firefox extension for removal.
How did you get Settings Manager on your machine? Please share your story in the comments below.
Do you see a process named dgen.exe running at 99% or even 100% CPU usage? If that is the case someone is mining Bitcoins on your machine!
The dgen.exe Bitcoin miner has been around for some time. I first spotted it about a month ago, but for some reason I chose not to blog about it at that time. However, today I found it again, bundled with another download, so I thought I should post about it after all. Many of the anti-virus programs detect it as you can see in the scan result from VirusTotal:
How did you get dgen.exe on your machine? Please share by posting a comment.
To remove the dgen.exe bitcoin miner you can check the dgen.exe process and the starthelp.exe service for removal in FreeFixer. This will also fix the high CPU usage that you probably see on your machine.
The starthelp.exe service appear as “Protect Monitor”:
Here’s a video where I show FreeFixer in action while removing dgen.exe and starthelp.exe:
Hope you found this useful. Thank you for watching!
Update 2014-08-11: I’ve seen a few cases where other filenames appear in the “c:\Program Files\PCDapp” folder:
Just found a new adware variant called MPlayerplus_01. You might have found it in the Windows Task Manager where it appears as Mplayerplus_01-nova.exe or when inspecting the add-ons in Internet Explorer and Mozilla Firefox:
Update 2014-05-22: There seems to be another variant around called MPP, that uses filenames such as MPP-bho64.dll, MPP-bho.dll, MPP-codedownloader.exe, MPP-novainstaller.exe, MPP-nova.exe and MPP-bg.exe.
Update 2014-05-26: Just found another variant. It is called MPMP.
Update 2014-05-27: Seems like the MPlayerPlus_01 constantly updates its name. I’ll list any future name here:
I found MPlayerplus_01 while checking out a free media player download. In my case the installer disclosed that MPlayerplus_01 was bundled. Currently only a few anti-virus programs flag MPlayerplus_01:
The anti-virus vendors report MPlayerPlus as CrossRider.
How did you get MPlayerplus_01 on your machine? Was it bundled with some free downloads, and if so, was it disclosed that MPlayerplus_01 would be installed along with the download?
Removing MPlayerplus_01 with FreeFixer is a piece of cake. All you need to do is to select the MPlayerplus_01 files for removal and click the Fix button.
Here’s a removal video where I show FreeFixer in action deleting Mplayerplus:
Hope this helped you to figure out what MPlayerplus_01 is and how to remove it. If you like, please post a comment and share what you know about MPlayerplus_01.
Just wanted to give you heads-up on suspicious file I found right now. The file is digitally signed by Anton Lemes.
So, what’s the problem? Well, many of the anti-virus over at VirusTotal detects the Anton Lemes file. TSULoader, Kazy, InstalleRex, AntiFW are some of the detection names:
So, what ever you do, don’t run the Anton Lemes file. It will install a whole of unwanted software on your machine.
Where did you find the file with the Anton Lemes signature?