Hello readers! Short on time today, but I just wanted to give you the heads up on a publisher called Mathematical Applications. I’ve seen many files digitally signed by this publisher submitted to the FreeFixer database, so I thought it was about time to write a few lines about it.
The issue with the Mathematical Applications file is that it is detected by many of the anti-virus progams. Here are some of the detection names: Downloader.CBD, Adware.Yontoo.55, a variant of MSIL/Adware.PullUpdate.G.gen, Gen:Variant.Adware.Jatif.92, PUP.Optional.CrimeWatch.A and Artemis. In other words, you are probably better off removing these files.
Did you also find a download that was signed by Mathematical Applications? What kind of download was it and was it detected by the anti-viruses at VirusTotal? Please share in posting comments below.
Thanks for reading.
Hello! Just a quick post on a file named installer_adobe_flash_player_Swedish.exe signed by Sanflex. The following screenshot shows the User Account Control dialog when running the Sanflex file:
By looking at the certificate we can see that Sanflex appears to be located in San Fransisco, United States of America.
The problem here is that if installer_adobe_flash_player_Swedish.exe really was a setup file for the official Adobe Flash Player, it would be digitally signed by Adobe Systems Incorporated and not by some unknown company. This looks very suspicious.
If you are considering to run the Sanflex signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program. Big thanks to VirusTotal for the scan result.
F-Secure detects installer_adobe_flash_player_Swedish.exe as Adware:W32/WebInstallBundle, Fortinet reports Riskware/DownloadAdmin, Malwarebytes classifies it as PUP.Optional.DownloadAdmin and McAfee detects it as Artemis.
Did you also find a Sanflex file? What kind of download was it?
Thanks for reading.
Hello guys and gals. Today I wanted to talk about an adware called AdvanceElite and give you some removal instructions. AdvanceElite seems to be a variant of BrowseFox that I’ve written about before. If AdvanceElite is installed and running on your machine, you will see ads labeled AdvanceElite Ads in and new add-on called AdvanceElite 1.0.1 in Internet Explorer and Mozilla Firefox. I’ll show how to remove AdvanceElite in this blog post with the FreeFixer removal tool.AdvanceElite is bundled with a number of downloads. Bundling means that software is included in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.Generally, you can avoid bundled software such as AdvanceElite by being careful when installing software and declining the bundled offers in the installer.
When I play around with some new bundled software I always upload it to VirusTotal to test if the anti-virus tools there find something interesting. Of the 55 anti-virus scanners, 13 detected the file. Some of the detection names for AdvanceElite are BrowseFox.F, PUP.Optional.AdvanceElite.A and Artemis.
You probably came here looking for removal instructions for AdvanceElite and you can do so with the FreeFixer removal tool. Here’s a few screenshots from the removal that should help you: A restart of your system may be required to complete the removal.
Hope this helped you remove the AdvanceElite adware.
Do you also have AdvanceElite on your machine? Any idea how it installed? Please share your story the comments below. Thanks!
Thank you for reading and welcome back.
Just wanted to write a short post before going calling it a day. Stumbled upon the Framed Display adware. Framed Display appears to be a variant of AltBrowse/BrowseFox. If the Framed Display adware is running on your machine, you will see various type of advertisements according to the Frame Display EULA. However, for some reason I don’t see any ads. Do you? If you got this on your machine, you will also notice it in the browser’s add-on menu. For example, here’s Frame Display in Firefox:
Framed Display is bundled with a number of downloads. Bundling means that software is included in other software’s installers. Here’s one example how it appears in an installer for an unrelated program.
When I find some new bundled software I usually upload it to VirusTotal to check if the antimalware scanners there detect something interesting. 20% of the anti-virus scanners detected the file. The Framed Display files are detected as BrowseFox.F by AVG, PUP.Optional.FramedDisplay.A by Malwarebytes and Artemis!032AA150BDFB by McAfee.
So, how about the Framed Display removal? You can remove Framed Display with the FreeFixer removal tool. Just select the Framed Display files as the screenshots below shows. A restart of your machine might be required to complete the removal.
Hope that helped you to figure out how to do the removal.
I found Framed Display while testing out some downloads that are known to bundled lots of unwanted software. Any idea how you got Framed Display on your computer? Please share your story the comments below. Thank you very much!
Hope you found this useful. Thanks for reading.
Just wanted to write a short blog post before going back to programming. Today I wanted to talk about an adware called PennyBee and thought I should give you some removal instructions. PennyBee appears to be a variant of the Linkury adware. If PennyBee is running on your system, you will spot PennyBee.exe and PennyBeeW.exe running in the Windows Task Manager and a new service installed, triggered to run PennyBee.exe. I’ll show how to remove PennyBee in this blog post with the FreeFixer removal tool.
PennyBee is bundled with other software. Bundled means that it is included in another software’s installer. When I first found PennyBee, it was bundled with a software download named an unofficial Flash Player download. This is how PennyBee was disclosed in the unofficial Flash Player download’s installer when I found it.
Generally, you can avoid bundled software such as PennyBee by being careful when installing software and declining the bundled offers in the installer.
When I find some new bundled software I normally upload it to VirusTotal to test if the anti-virus progams there find something. Of the 54 anti-virus scanners, 26 detected the file. Some of the detection names for PennyBee are a variant of MSIL/Toolbar.Linkury.H, Artemis and Adware.Linkury (fs).
Since you probably want to remove PennyBee, these are the files you should check for removal if you want to remove it with FreeFixer. You might have restart your machine to complete the removal. Problem fixed.
Hope that helped you with the removal.
Any idea how PennyBee was installed on your machine? Please share by posting a comment. Thank you!
Thanks for reading!
Hello readers! Hope you are having a good time and not too many malware issues. Currently I’m on a short vacation, but I brought the laptop since I found a few new malware programs that I wanted to post about.
Found something called UniversalUpdater while testing out another download. If you’ve got UniversalUpdater on your machine, you’ll notice UpdateService.exe and CrashMon.exe running in the Windows Task Manager.
So, what’s are those two files? Well, a few of the anti-virus scanners over at VirusTotal flags the files as you can see in the screenshot. Artemis and Alnaddy are two of the detection names.
I could not see any entry for UniversalUpdater in the Add / Remove programs dialog. However, removing UniversalUpdater is easy with FreeFixer, just select the CrashMon.exe and UpdaterService.exe file for removal:
Did you also find UniversalUpdater on you machine? Any idea how it was installed?