Welcome! Did you just find a file that’s digitally signed by Bon Don Jov and came here to find more about it? You will see Bon Don Jov listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file:
To get more details on the publisher, you can view the embedded certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that Bon Don Jov seems to be located in Dublin, Ireland and that the certificate is issued by GlobalSign CodeSigning CA – G2.
10 of the scanners at VirusTotal detected the file. Win32:OutBrowse-X [PUP], APPL/Downloader.Gen, Trojan.OutBrowse.54, Win32/OutBrowse.BU potentially unwanted, OutBrowse Revenyou and OutBrowse (fs) were the detection names.
Did you also find a Bon Don Jov file? What kind of download was it? If you remember the download link, please post it in the comments below.
Thanks for reading.
Welcome! Short on time today, but I just wanted to give you the heads up on a publisher called Yes Apps.
Typically you’d see the Yes Apps publisher name appear when double-clicking on the installer_jdownloader_English.exe file: You can also look at the Yes Apps certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Yes Apps is located in Dublin, Ireland.
After uploading the Yes Apps file – installer_jdownloader_English.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 36% and some of the detection names were: Downloader.DGR, APPL/Downloader.Gen, PUP.Optional.OutBrowse, Adware-OutBrowse.e and Trojan.Win32.Generic!BT.
Did you also find a file signed by Yes Apps? What kind of download was it and where did you find it?
Thank you for reading.
Hello! Just wanted to let you know about a publisher called Mari Mara that I found earlier today. Here’s how the UAC dialog looks like when running the file:
You can also check the digital signature under the file’s properties. According to the certificate we can see that Mari Mara appears to be located in Dublin, Ireland and that the certificate is issued by GlobalSign CodeSigning CA – G2.
The VirusTotal report shows that the Mari Mara file should probably be avoided, since setup.exe is detected as Win-PUP/OutBrowse by AhnLab-V3, Mari.668 by AVG, PUA.OutBrowse by Ikarus, PUP.Optional.Maru by Malwarebytes and OutBrowse Revenyou by Sophos.
Did you also find a Mari Mara file? What kind of download was it? If you remember the download link, please post it in the comments below.
Thank you for reading.
Hi there! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. This morning I found another publisher named Click Yes. The following screenshot shows the User Account Control dialog when running the Click Yes file:
By looking at the certificate we can see that Click Yes appears to be located in Dublin, Ireland. The certificate is quite new. It’s validity period started yesterday, on the 21st of October.
The VirusTotal report shows that the Click Yes file should probably be avoided, since setup.exe is detected as APPL/Downloader.Gen by Avira, Trojan.Packed.29192 by DrWeb and Win32/OutBrowse.AY by ESET-NOD32. The detection rate is only 6% which is quite low.
Did you also find a Click Yes file? What kind of download was it? If you remember the download link, please post it in the comments below and I’ll upload it to VirusTotal to see if the detection rate is improved.
Hope this blog post helped you avoid some unwanted software on your machine.
Thanks for reading.
Hello there and welcome to the FreeFixer blog. Just a short post on an adware called CheckMeUp. If the CheckMeUp adware is installed on your machine, you’ll find ads labeled “Ads by CheckMeUp”, a new add-on named CheckMeUp added into Internet Explorer and Firefox and a process called CheckMeUp.exe running in the Windows Task Manager. I’ll show how to remove CheckMeUp in this blog post with the FreeFixer removal tool.
Here’s how CheckMeUp shows up in Firefox and Internet Explorer:
CheckMeUp is distributed by a tactic called bundling. Bundling means that a piece of software – in this case CheckMeUp – is included in other software’s installers. When I first found CheckMeUp, it was bundled with a download called FLV Player by OutBrowse.
Generally, you can avoid bundled software such as CheckMeUp by being careful when installing software and declining the bundled offers in the installer.
When I find some new bundled software I usually upload it to VirusTotal to see if the anti-malware tools there detect something. 3 of the 55 anti-virus scanners detected the file. The CheckMeUp.exe file is detected as AddLyrics by Sophos and Revizer (fs) by VIPRE.
Since you probably want to remove CheckMeUp, these are the items you should check for removal if you want to remove it with FreeFixer. You might have to restart your machine to complete the removal. Problem taken care of.
Hope that helped you to figure out how to do the removal.
Any idea how CheckMeUp was installed on your computer? Please let me and the readers know by posting a comments. Thank you!
Thanks for reading. Welcome back!
Update 2014-12-06: CheckMeUp is now using files named webinstrNewH.sys, 184_x64.dll and 184.dll.