Monthly Archives: June 2014

Unitech LLC – Digital Signature Warning!

Short on time today, but I just wanted to give you the heads up on a publisher called Unitech LLC.

Unitech LLC publisher

I found this file while browsing around at torrent site a few days ago. The file is digitally signed by Unitech LLC, which according to the digital certificate is located in Moscow, Russia:

Unitech LLC certificate

The reason I’m writing this post is that the Unitech LLC file is detected by some of the anti-virus programs:

Unitech LLC virustotal - malware, Ividi

Did you also find a Unitech LLC file? What kind of download was it? Was it also detected by the anti-virus programs at VirusTotal?

Igor Moroz – Digital Signature Warning!

Just wanted to give you the heads up on another publisher, named Igor Moroz, that bundles some software. If you have a Igor Moroz file on your machine you may have noticed that Igor Moroz is displayed as the publisher in the UAC dialog when double-clicking on the file.

Igor Moroz Publisher - Installer for MountainApp

You can also look at the Igor Moroz certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Igor Moroz is located in Kiev, Ukraine.

Igor Moroz Certificate

These are the current VirusTotal detections for the file. TSULoader, InstallRex, InstalleRex and AntiFW are some of the detections shown by the anti-virus scanners.

Igor Moroz Virus Total scan result

If you already have installed the software packaged with the Igor Moroz file, you can delete these unwanted programs, files and settings with help from the FreeFixer tool.

Where did you find the Igor Moroz file? What kind of download was it?

How To Remove The Focusbase Adware

Just stumbled on a new adware called Focusbase this morning. You might have noticed it on your machine by new ads labeled  Ads by Focusbase appearing or the Focusbase add-ons listed in Firefox and Internet Explorer.

focusbase firefox add-on Focusbase Internet Explorer add-on

I found the Focusbase adware bundled with another program. The installer file was called FlvPlayer.exe and was digitally signed by a company called Outbrowse LTD.

focusbase installer digitally signed by OutBrowse LTD.

Here’s how Focusbase was disclosed in the installer:

How Focusbase is disclosed in the bundling installer

 

Focusbase content includes advertisements and is not affiliated with any underlying web sites.

So, how about the Focusbase removal? Easy peasy with FreeFixer. Just select the Focusbase files for removal in FreeFixer as shown in the screenshots below:

removing the Focusbase extension in Firefox Removing focusbasebho.dll

Hope this helped you figure out what Focusbase is, how it is installed on user’s computers and how to remove it.

How did you get the Focusbase adware on your machine?

 

Search App by Ask – What is it?

Are you looking in the Add/Remove Programs dialog and see something called Search App by Ask and wonder what is it and how you got it on your machine?

Search App by Ask in the Remove programs dialog

Search App by Ask is a Web browser toolbar. Below is an example how Search App appears in Firefox. Search App also installs a custom search engine that appears in the search field in the upper right corner of Firefox.

Search App by Ask - About Box

I found Search App while installing a program called FreeTorrentViewer. FreeTorrentViewer bundled Search App. Here’s how Search App was disclosed in the FreeTorrentViewer installer:

Search App by Ask installer

How did you get Search App on your machine? Was it also bundled with another download?

Sergey Panov Publisher – Warning!

If you are a regular here on the FreeFixer blog, you know that I’ve been examining files that have a digital signature and bundle various types of potentially unwanted software. Today I found another publisher named Sergey Panov that bundles some software.

If you have a Sergey Panov file on your computer you may have noticed that Sergey Panov pops up as the publisher in the User Account Control dialog when running the file.

Sergey Panov Publisher

You can also examine the Sergey Panov certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Sergey Panov is located in Kiev, Ukraine.

Sergey Panov Certificate

These are the current VirusTotal detections for the file. I’d say the 16/52 detection rate by the anti-virus programs is ok.

Sergey  Panov Virus Total

In case you have already installed the programs bundled with the Sergey Panov download, you can remove these unwanted programs, files and settings with help from the FreeFixer tool.

Where did you find the Sergey Panov download? What kind of download was it?

How To Remove Bubble Dock

Stumbled on something called Bubble Dock today. You might notice it since it opens up pop-ups in the lower right corner on the Windows desktop. Here are two examples:

Bubble Dock pop up Bubble Dock ad in the lower right corner of the desktop

I found Bubble Dock bundled with a free download. Here’s how it was disclosed in the installer:

Bubble Dock installer

Some of the anti-virus programs over at VirusTotal detects the Bubble Dock files:

BubbleDock axSurfMatch.dll

If you’d like to uninstall Bubble Dock, you can do so from the Add/Remove programs dialog or with FreeFixer. Check the Firefox extension, LBubble Dock.exe, Bubble Dock.exe  and axSurfMatch.dll for removal as shown in the screenshots:

BubbleDock firefox Bubble Dock.exe process Bubble Dock LBubbleDock.exe Bubble Dock axSurfMatch.dll in the Nosibay folderDo you also have Bubble Dock on your machine? Any idea how it got there?

 

How To Remove V-Bates

Another quick post before getting to bed. I just found something called V-Bates, bundled with a free download. Here’s how V-Bates was disclosed in the installer:

v-bates install 404 page not found

The Terms and Condition link opened up a 404 Page Not Found, which can make it difficult for users to take an informed decision whether to install V-Bates or not.

Only a few of the anti-virus programs detects the  V-Bates files:

v-bates is called wajamu and wajam

Baidu and VIPRE refers to it as Wajam and Wajamu.

If you’d like to remove V-Bates you can simply do so by uninstalling it from the Add/Remove programs dialog.

v-bates uninstall

If that fails for some reason you can also remove V-Bates with FreeFixer by checking notifier.exe, guardsvc.exe, extensionupdaterservice.exe, PrefHelper.exe, extension32.dll and extension64.dll for removal:

v-bates notifier.exe v-bates guardsvc.exe v-bates Extension64.dll v-bates PrefHelper.exe v-bates Firefox v-bates ExtensionUpdaterService.exe

Do you have V-Bates on your machine? Any idea how it was installed?

 

Context2pro, conadvanced.exe, contextprod.exe and contextfr.exe – Removal Instructions

Just a quick post. Found something called Cyclon or Context2Pro bundled in a free download. This is how it appeared in the installer.

Context2pro Cyclon Installer

Clicking the EULA link opened up a 404 Not Found page. Once installed I noticed pop-ups from markettizer.net.

markettizer.net pop up

The anti-virus programs have a relatively good detection rate for Context2Pro:

Context2Pro Contextprod.exe VirusTotal scan result

To remove Context2Pro, check conadvanced.exe, contextprod.exe and contextfr.exe for removal in FreeFixer. During my testing there was no entry in the Add/Remove programs dialog for Context2pro.

context2pro startups - contextfr.exe, conadvanced.exe and contextprod.exe Context2Pro processes contextadvanced.exe

How did you get Context2Pro on your computer?

What is PC Faster?

PC Faster is a program from Baidu with various scanning and cleaning features:

PC Faster main screen

If PC Faster appeared unexpectedly on your machine, it may have been bundled with another download. Here’s how it was disclosed when I found it, while bundled with a download manager.

PC Faster 404 page not found

During my testing, the Terms and Condition link opened up a 404 Page Not Found browser tab.

Are you using PC Faster? Do you like it and does it speed up your computer as much as it claims?

 

How To Remove Sharp Savings Ads

Gettings ads labeled “Ads by Sharp Savings” or text links with a mouse-over saying “Click to Continue > by Sharp Savings”.

Sharp Savings - Ads by Sharp Savings Sharp Savings text link - Click to Continue > by Sharp Savings

 

Sharp Savings is bundled with free downloads. Here’s how it was disclosed when I found it:

Sharp Savings installer

You can remove Sharp Savings from the Windows Control Panel. During the uninstall you need to solve a CAPTCHA.

Sharp Savings uninstall Sharp Savings uninstall captcha

If the removal fails for some reason, you can remove Sharp Savings with FreeFixer, by selecting the Sharp Savings files (bservice.exe, wd.exe, updater.exe, framworkBHO.dll, etc) as shown in the screenshots. You will also need to manually restore your browser’s proxy settings.

Sharp Savings wd.exe bservice.exe Sharp Savings update.exe Sharp Savings startups Sharp Savings mozilla Sharp Savings Internet Explorer