Tag Archives: artemis

Mathematical Applications – 32% Detection Rate – PullUpdate / Jatif / Artemis

Hello readers! Short on time today, but I just wanted to give you the heads up on a publisher called Mathematical Applications. I’ve seen many files digitally signed by this publisher submitted to the FreeFixer database, so I thought it was about time to write a few lines about it.

The issue with the Mathematical Applications file is that it is detected by many of the anti-virus progams. Here are some of the detection names: Downloader.CBD, Adware.Yontoo.55, a variant of MSIL/Adware.PullUpdate.G.gen, Gen:Variant.Adware.Jatif.92, PUP.Optional.CrimeWatch.A and Artemis. In other words, you are probably better off removing these files.

Mathematical Applications virustotal

Did you also find a download that was signed by Mathematical Applications? What kind of download was it and was it detected by the anti-viruses at VirusTotal? Please share in posting comments below.

Thanks for reading.

Sanflex – 33% Detection Rate – WebInstallBundle, DownloadAdmin and Artemis

Hello! Just a quick post on a file named installer_adobe_flash_player_Swedish.exe signed by Sanflex. The following screenshot shows the User Account Control dialog when running the Sanflex file:

Sanflex publisher

By looking at the certificate we can see that Sanflex appears to be located in San Fransisco, United States of America.

Sanflex certificate

The problem here is that if installer_adobe_flash_player_Swedish.exe really was a setup file for the official Adobe Flash Player, it would be digitally signed by Adobe Systems Incorporated and not by some unknown company. This looks very suspicious.

If you are considering to run the Sanflex signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program. Big thanks to VirusTotal for the scan result.

Sanflex virustotal

F-Secure detects installer_adobe_flash_player_Swedish.exe as Adware:W32/WebInstallBundle, Fortinet reports Riskware/DownloadAdmin, Malwarebytes classifies it as PUP.Optional.DownloadAdmin and McAfee detects it as Artemis.

Did you also find a Sanflex file? What kind of download was it?

Thanks for reading.

AdvanceElite Adware Removal Instructions

Hello guys and gals. Today I wanted to talk about an adware called AdvanceElite and give you some removal instructions. AdvanceElite seems to be a variant of BrowseFox that I’ve written about before. If AdvanceElite is installed and running on your machine, you will see ads labeled AdvanceElite Ads in and new add-on called AdvanceElite 1.0.1 in Internet Explorer and Mozilla Firefox. I’ll show how to remove AdvanceElite in this blog post with the FreeFixer removal tool.advanceelite firefoxAdvanceElite is bundled with a number of downloads. Bundling means that software is included in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.advanceElite installerGenerally, you can avoid bundled software such as AdvanceElite by being careful when installing software and declining the bundled offers in the installer.

When I play around with some new bundled software I always upload it to VirusTotal to test if the anti-virus tools there find something interesting. Of the 55 anti-virus scanners, 13 detected the file. Some of the detection names for AdvanceElite are BrowseFox.F, PUP.Optional.AdvanceElite.A and Artemis.

AdvanceElite virustotal

You probably came here looking for removal instructions for AdvanceElite and you can do so with the FreeFixer removal tool. Here’s a few screenshots from the removal that should help you: A restart of your system may be required to complete the removal.

removing advanceelite from firefox removing advanceelite from internet explorer

Hope this helped you remove the AdvanceElite adware.

Do you also have AdvanceElite on your machine? Any idea how it installed? Please share your story the comments below. Thanks!

Thank you for reading and welcome back.

How To Remove The Framed Display Adware

Just wanted to write a short post before going calling it a day. Stumbled upon the Framed Display adware. Framed Display appears to be a variant of AltBrowse/BrowseFox. If the Framed Display adware is running on your machine, you will see various type of advertisements according to the Frame Display EULA. However, for some reason I don’t see any ads. Do you? If you got this on your machine, you will also notice it in the browser’s add-on menu. For example, here’s Frame Display in Firefox:

framed display 1.0.1 firefox

Framed Display is bundled with a number of downloads. Bundling means that software is included in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.

framed display disclosure

When I find some new bundled software I usually upload it to VirusTotal to check if the antimalware scanners there detect something interesting. 20% of the anti-virus scanners detected the file. The Framed Display files are detected as BrowseFox.F by AVG, PUP.Optional.FramedDisplay.A by Malwarebytes and Artemis!032AA150BDFB by McAfee.framed display virustotal

So, how about the Framed Display removal? You can remove Framed Display with the FreeFixer removal tool. Just select the Framed Display files as the screenshots below shows. A restart of your machine might be required to complete the removal.

framed display firefox extension FramedDisplaybho.dll in internet explorer

Hope that helped you to figure out how to do the removal.

I found Framed Display while testing out some downloads that are known to bundled lots of unwanted software. Any idea how you got Framed Display on your computer? Please share your story the comments below. Thank you very much!

Hope you found this useful. Thanks for reading.

PennyBee.exe and PennyBeeW.exe – Adware Removal Instructions

Just wanted to write a short blog post before going back to programming. Today I wanted to talk about an adware called PennyBee and thought I should give you some removal instructions. PennyBee appears to be a variant of the Linkury adware. If PennyBee is running on your system, you will spot PennyBee.exe and PennyBeeW.exe running in the Windows Task Manager and a new service installed, triggered to run PennyBee.exe. I’ll show how to remove PennyBee in this blog post with the FreeFixer removal tool.

pennybee.exe pennybeew.exe Task Manager

PennyBee is bundled with other software. Bundled means that it is included in another software’s installer. When I first found PennyBee, it was bundled with a software download named an unofficial Flash Player download. This is how PennyBee was disclosed in the unofficial Flash Player download’s installer when I found it.

pennybee in the bundling installer

Generally, you can avoid bundled software such as PennyBee by being careful when installing software and declining the bundled offers in the installer.

When I find some new bundled software I normally upload it to VirusTotal to test if the anti-virus progams there find something. Of the 54 anti-virus scanners, 26 detected the file. Some of the detection names for PennyBee are a variant of MSIL/Toolbar.Linkury.H, Artemis and Adware.Linkury (fs).

pennybee.exe virustotal

Since you probably want to remove PennyBee, these are the files you should check for removal if you want to remove it with FreeFixer. You might have restart your machine to complete the removal. Problem fixed.

pennybee processes and service

Hope that helped you with the removal.

Any idea how PennyBee was installed on your machine? Please share by posting a comment. Thank you!

Thanks for reading!

UniversalUpdater, UpdateService.exe and AlNaddy Removal

Hello readers! Hope you are having a good time and not too many malware issues. Currently I’m on a short vacation, but I brought the laptop since I found a few new malware programs that I wanted to post about.

Found something called UniversalUpdater while testing out another download. If you’ve got UniversalUpdater on your machine, you’ll notice UpdateService.exe and CrashMon.exe running in the Windows Task Manager.

So, what’s are those two files? Well, a few of the anti-virus scanners over at VirusTotal flags the files as you can see in the screenshot. Artemis and Alnaddy are two of the detection names.

UniversalUpdater is detected as Alnaddy and Artemis

I could not see any entry for UniversalUpdater in the Add / Remove programs dialog. However, removing UniversalUpdater is easy with FreeFixer, just select the CrashMon.exe and UpdaterService.exe file for removal:

updaterservice.exe and the crashmon.exe files updaterservice.exe service

Did you also find UniversalUpdater on you machine? Any idea how it was installed?

Media_Play_AIR+ – Removal Instructions

Just wanted to let you know about a new adware variant called Media_Play_AIR+ that I found tonight. 8 of the 50 anti-virus scanners at VirusTotal detects the Media_Play_AIR_1.1-bg.exe file, which you may see in the Windows Task Manager: media_play_air+-virustotal Some of the anti-virus program calls Media_Play_AIR+ Artemis, CrossRider and AppRider.

These are the variants I’ve found so far:

  • Media_Play_AIR+_1.1
  • Mediaa_Play_AIR_1.4

I found Media_Play_AIR+ bundled with a Zip/Unzip utility. The setup file was digitally signed by CloverMedia SL. How did you get Media_Play_AIR on your computer? The Media_Play_AIR+ files are digitally signed by individual developer SIMONA-VIORICA MARIN, which according to the certificate is located in Bucharest, Romania. Media_Play_AIR+_1.1-bg.exe certificate You can remove Media_Play_AIR+ with FreeFixer. Just select the Media_Play_AIR+ files as shown in the screenshots. Most of the files are located in c:\Program Files \Media_Play_AIR+_1.1 or c:\Program Files (x86)\Media_Play_AIR+_1.1 on 64-bit Windows. media_player_air+ in Firefox media_play_air+-bho media_play_air+ Media_Play_AIR+ is a variant of MPlayerPlus. Since the removal procedure is the same I’ll link that removal video where you can see FreeFixer in action removing the adware: Hope you found this useful.