Fpro1.2 Ads – Removal Instruction

May 15, 2014adware, freefixerFPro1.2, Fpro_1.2, freeven, pro12, pro123Roger Karlsson

I just found a new variant of the Freeven Pro adware called Fpro1.2, Fpro_1.2, pro123 and pro12. This will be a quick post before I’m going to bed. If you have Fpro1.2 on your machine you will probably notice it when it displays the ads that are labeled “Click to Continue – by Fpro1.2” and “Ad by Fpro1.2” as shown in the screenshots below:

The ads above are from Internet Explorer and Mozilla Firefox. You can also see FPro listed in the web browser’s add-ons list, here in Firefox:

The Fpro1.2 removal easy, just select the FPro files in FreeFixer: Fpro1.2-nova.exe, Fpro1.2-bg.exe, the Fpro Firefox Extensions, etc:

Since the removal for Fpro1.2 is the same as for Freeven Pro, for which I’ve done a removal video, I won’t do a new one. I think you’ll get the hang of it by watching the old video:

There’s also an entry in the add/remove programs dialog, but I have not tested it: fpro1.2-uninstall

Hope you found this useful.

How did you get Fpro1.2 on your machine? Please share by posting a comment.

websearch.eazytosearch.info – Removal Instructions

May 10, 2014freefixereazytosearch.info, websearch.eazytosearch.infoRoger Karlsson

Found another search engine called websearch.eazytosearch.info that is installed as a bundled offer. Here’s how eazytosearch.info looks like in Internet Explorer:

The removal is pretty straightforward with FreeFixer, just select the websearch.eazytosearch.info entries. Here are a few of them: websearch.eazytosearch.info in Firefox

I’ve made a quick video where I show FreeFixer in action removing websearch.eazytosearch.info:

Hope you found this useful.

Freeven Pro – Removal Instructions

May 6, 2014adware, freefixerAdWare.PlusHD, AppRider., freeven pro, MultiBundle.R, Win32.Application.Plush.BRoger Karlsson

Are you getting ads while browsing the web labeled “Click to Continue > by Freeven pro 1.2“, like the one shown below?

Then you have a piece of software called Freeven Pro installed on your machine. Freeven Pro comes bundled with various software downloads. In my case I found it while testing a non-official download of the Google Chrome browser.

So, what is Freeven Pro? Obviously it’s adware since it shows advertisements. The anti-virus programs over at VirusTotal classify the Freeven pro 201.2-bho.dll file with names such as MultiBundle.R, Win32.Application.Plush.B, AdWare.PlusHD and AppRider.

Removing Freeven Pro is pretty easy. Simply check the Freven Pro files for removal in FreeFixer. The screenshots below shows which files to remove:

Freeven Pro in Firefox

I’ve also captured a video that shows FreeFixer in action while deleting the Freeven Pro files. Hope you find it useful:

It seems as the Freeven developers are randomizing the product name. These are the variants I’ve found so far:

Frevens Pro 13
Fre_Ven_s Pro 23
Free_Ven_s_pro 25
Frieven_s_Prox_1.8
Fraven 1.1

What variants of Freeven have you found?

WebGet Adware – Removal Instructions

May 6, 2014UncategorizedAltbrowse, BrowseFox, updatewebget.exe, webget, WebGetBho.dllRoger Karlsson

Yesterday I was reviewing some of the files recently added to the FreeFixer library. Currently there are around 125 000 files added to the database. One of the files that caught my attention was WebGetBho.dll, digitally signed by WebGet, which looked like a new variant of the Altbrowse/BrowseFox adware. The scan result from VirusTotal clearly shows that this is the case:

I have not found out how WebGet is distributed. If you have some hints on where I can find the software that bundles WebGet, please let me know since I’d like to test it and see how the WebGet ads looks like. In case you have WebGet on your machine and it displays one of its ads, please take a screenshot and post it comments field below so me and the other readers can have a look at it.

I assume that WebGet works like the other Altbrowse/BrowseFox variants: WebGet adds itself into Internet Explorer and Mozilla Firefox, and show some sort of ads. The ads may be labelled “WebGet”.

To remove WebGet, simply check the WebGet files for removal in the FreeFixer scan result. The WebGet files are usually located in “C:\Program Files\webget\” or “C:\Program Files\webget (x86)\” if you are running 64-bit Windows. These are some of the files that may appear in the scan result:

webgetbho.dll
updatewebget.exe
webget.FFUpdate.dll
webget.FirstRun.exe
webget.CompatibilityChecker.dll
webget.IEUpdate.dll

Hope this helped you figure out what WebGet is and how to remove it.

Sergey Petrov Digital Signature – Don’t Run The File

May 5, 2014digital signature, trojandigital signature, InstalleRex, sergey petrov, Trojan.WebPickRoger Karlsson

Recently I’ve been browsing around on some torrent sites to see what software downloads that are hiding behind the ads on these sites. One of the names that often shows up in the digital signature field is Sergey Petrov:

Sergey Petrov digital signature

You will also see Sergey Petrov listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file:

The Sergey Petrov signed files often use names of known TV-series or movies to trick users into running the file.

The scan result from VirusTotal below clearly shows why you should immediately delete the Sergey Petrov file. It is detected under names such as InstalleRex and Trojan.WebPick. 17 of the 52 anti-virus programs detect the file:

Hope this saved you from some unnecessary malware cleaning. In case you’ve already run one of the Sergey Petrov signed files, you can examine your system with FreeFixer to make sure your computer is clean.

How To Remove Search-NewTab

May 5, 2014adware, freefixer, trojanSearch-NewTab, Search-NewTaBi, Seearch-NewTTabRoger Karlsson

I’m currently looking at what is advertised on some of the torrent sites. Today I found another adware called Search-NewTab that installed into Internet Explorer and Mozilla Firefox:

The software seems to use some semi-random naming. I’ve seen in appear as “Seeaerch-oNeewTAb”, “Seearch-NewTTab”, “Sieaarch-NewTab” and “Search-NewTaBi”. What name did Search-Newtab use on your machine?

Currently, Search-NewTab is detected by many of the anti-virus program under names such as MultiPlug and MultiPlag. Most of the antivirus programs classify it as adware, but some report Search-NewTTab as a trojan, as you can see in the screenshot from VirusTotal below:

So how about the removal? You can easily remove Search-NewTab by checking its files in FreeFixer:

There’s also a Search-NewTab entry in the Add/Remove programs dialog in the Windows Control Panel, but I have not tested it. So no guarantees there.

Hope this helped you with the Search-Newtab removal.

How did you get Search-Newtab on your machine Please share by posting a comment.

Remove PlurPush Ads

May 2, 2014adware, freefixerplurpushRoger Karlsson

If you see updatePlurPush.exe in the Task Manager or pop-up ads labeled PlurPush you have the PlurPush adware installed on your machine.

I found PlurPush when testing a free download, where the following information was displayed in the installer:

In other words: PlurPush will show ads while you browse the web.

PlurPush will add itself into Internet Explorer and Mozilla Firefox as shown below:

If you’d like to remove PlurPush with FreeFixer, you can easily do so by checking PlurPushBho.dll, updatePlurPush.exe and the PlurPush Firefox Extension for removal:

UpdatePlurPush.exe The PlurPush Firefox Extension

I’ve created a short video that shows FreeFixer in action while removing PlurPush:

Hope you found this useful.

How did you get PlurPush on your machine? Please share in the comments field below.

urlguard.exe is Gen.Variant.Symmi – Removal Instructions

May 1, 2014freefixergen.variant.symmi, urlguard.exeRoger Karlsson

Did you spot urlguard.exe in the Windows Task Manager? Then you have something called Gen.Variant.Symmi running on your machine.

urlguard.exe in the task manager

urlguard.exe is currently detected by 7 of the 52 anti-virus programs over at VirusTotal: urlguard.exe is Gen:Variant.Symmi.9161

You can remove urlguard.exe with FreeFixer by selecting the urlguard.exe file and registry startup entry:

urlguard.exe startup in registry

Hope that helped you to get rid of urlguard.exe.

How did you get urlguard.exe on your machine? Please share by posting a comment.

Blogging at freefixer.blogspot.com

April 28, 2014UncategorizedRoger Karlsson

I’ve been posting for some time now here at www.freefixer.com/b/, but I’m not entirely happy with the results. Often the blog posts rank pretty bad in the Google search results.

So, I’m going to keep posting as usual, but I will put some of the posts over at freefixer.blogspot.com, to see if the content ranks differently.

How To Remove SaveClicker

April 24, 2014adware, freefixerSaveClickerRoger Karlsson

I was actually searching for another adware, but ran into the SaveClicker adware instead. When I found SaveClicker, it was bundled with a free download manager. Here’s the info it displays in the installer.

saveclicker install info

“Just install the add-on on your browser, surf the web and get specials offers (special coupons, discounts and sales)”

Obviously SaveClicker is adware. Here’s how the SaveClicker ad looks like:

SaveClicker can easily be uninstalled by selected in the SaveClicker files in FreeFixer, or by using the entry in the Programs and Features dialog:

How did you get SaveClicker on your computer? Please share by posting a comment.