Monthly Archives: September 2014

OOO Alians – 7% Detection Rate at VirusTotal

Just a short post on a publisher called OOO Alians. I just found a download named adobe_flash_setup.exe that was digitally by this publisher, and it turns out that it is detected by some of the anti-virus programs.

OOO Alians OOO Alians virus total report

 

Adware/InstallCore, AdWare.Win32.InstallCore and PUA.Alians are some of the detection names.

Did you also find a OOO Alians download? Was that also promoted as Adobe’s Flash Player.

Now, back to programming on the FreeFixer tool 🙂

Gogo Network Club – 13% Detection Rate – Win32.Adware.CrossRider

Just a quick post today, since I’m busy working with the next release of FreeFixer.  If you see some files on your system, such as Browser+ Apps-be.exe, that are digitally signed by Gogo Network Club, you probably have the CrossRider adware on your machine. Here’s the scan result from VirusTotal:

Gogo Network Club - Digital signature and Virus Total scan report.

 

Hope this helped you figure out what the Gogo Network Club files are.

findamo.com and websearch.searchiseasy.info – Removal Instructions

Getting redirected to findamo.com when starting your web browser? It appears that another web site, websearch.searchiseasy.info, is currently redirected to findamo.com.  So, if you are trying to remove findamo.com, you might have to look for searchiseasy.info instead of findamo.com in your browser’s home page and search settings.

findamo.com

I stumbled upon the findamo.com search engine while testing out some downloads that are known to bundled lots of unwanted software. How did you get findamo.com on your computer? Please share by posting a comment.

Back to the findamo.com removal. One way to do the removal is to use the FreeFixer tool.

  1. Download and install FreeFixer.
  2. Click the Start scan button. It should complete in about 5 minutes.
  3. Check the websearch.searchiseasy.info items in the scan result.
  4. Click the Fix button.
  5. Restart your web browsers.

You can also use the reset function in Firefox, Chrome and Internet Explorer. The reset feature restores most of the settings of the web browser to its default state. The problem is that it may do a little to much.

How to reset Mozilla Firefox settings:

  1. Click the menu button firefox menu button in the upper-right corner of the browser.
  2. Then click the Help button firefox help button at the bottom of the Firefox menu.
  3. From the Help menu, choose Troubleshooting Information.
  4. If you cannot access the Help menu, type about:support in the address bar to open up the Troubleshooting Information page.
  5. Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
    firefox reset button
  6. A dialog will pop up explaining what settings Firefox tries to preserve. Notice that everything else will be removed! To continue, click the Reset Firefox button in the confirmation window that opens.firefox reset button confirm.
  7. Firefox will close and reset itself. When the reset is done, a window will list the information that was imported. Click Finish and you’re done.

How to reset Google Chrome settings:

  1. Click the Chrome menu chrome menu button in the upper-right corner of Chrome.
  2. Select Settings.
  3. Click Show advanced settings and locate the “Reset browser settings” section. chrome reset browser settings button
  4. Click the Reset browser settings button.
  5. In the confirmation dialog that appears, review the changes the reset feature performs, then click Resetchrome reset confirm

 How to reset Internet Explorer settings

  1. Start Internet Explorer.
  2. On the Tools menuie tools button that appears in the upper-right corner of the browser, clickInternet options. If you can’t see the Tools menu, press Alt on your keyboard.
  3. In the Internet Options window, click the Advanced tab. ie advanced tab
  4. Click Reset… If you’re using Internet Explorer 6, click Restore Default.
  5. In the Reset Internet Explorer Settings dialog box, click Resetie confirm reset
  6. Select the Delete personal settings check box if you want to reset home pages, search providers and accelerators. Delete temporary Internet files, history, cookies, web form information, ActiveX Filtering data, Tracking Protection data, Do Not Track data and passwords.
  7. When Internet Explorer has finished applying the default settings, click the Close button.
    ie reset progress
  8. Reboot your machine.

Hope that helped you remove findamo.com. Thank you for reading.

 

 

OUTbrowse Ltd – 13% Detection rate: Trojan.Win32.OutBrowse and Adware.Win32.OutBrowse

If you’ve been following me for the last months you know that I’ve been examining many software publishers that put a digital signature on their downloads. Yesterday I found another publisher called OUTbrowse Ltd. This is how it appears when running the file:

outbrowse ltd

 

To get more details on the publisher, you can view the certificate by right-clicking on the file, and looking under the Digital Signatures tab:

outbrowse ltd Digital Signature

 

According to the certificate information, OUTbrowse Ltd appears to be located in Israel. The certificate is about two weeks old.

When running the OUTbrowse file, it displayed a link to the OUTbrowse Terms and Conditions, which were located on www.mixi.dj.

outbrowse web site - www.mixi.dj

So, why did I put up this blog post? Well, the thing is that the OUTbrowse file is detected by some anti-virus programs, according to VirusTotal:

OUTBrowse virus total report - 7/54

PUP.Optional.OutBrowse, Trojan.Win32.OutBrowse and Adware.Win32.OutBrowse are a few of the detection names. The detection rate is 7/54, that is 13%.

Hope this blog post helped you avoid some unwanted software on your machine.

Did you also find an OUTbrowse file? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

 

 

 

 

 

YouTubeAdBlocke – Removal Instructions

Hello there! As usual I was looking around on the Internet to see what is being bundled with some software downloads. This time I found something called YouTubeAdBlocke, which is installed as an add-on in Internet Explorer and Mozilla Firefox.

YoutubeAdBlocke 1.0 in Firefox YoutubeAdBlocke in Internet Explorer

YouTubeAdBlocke was installed with a bunch of other unwanted softwares called PC_Booster, PC_Sustainer 1.80 and PriceChop.

Just to set the record straight. YouTubeAdBlocke is not official software from Google.

As per usual I uploaded the suspicious YoutubeAdBlocke file to VirusTotal to see if any scanner detects it. The detection rate is quite low.

YoutubeAdBlocke virustotal report

PUP.Optional.MultiPlug, Adware.Win32.MultiPlug and Win32/Adware.MultiPlug are some of the detection names for the YoutubeAdBlocke file.

You can remove YouTubeAdBlocke from the Windows Control Panel. Please remember to remove the other unwanted softwares too.

YoutubeAdBlocke PC_Booster PC_Sustainer 1.80 PriceChop removal from the Windows Control Panel

If that does not work, you can remove YouTubeAdBlocke with the freeware FreeFixer malware removal tool. Just select the the YouTubeAdBlocke files for removal:

YoutubeAdBlocke Firefox Extension in FreeFixer

YoutubeAdBlocke bho in FreeFixer

Hope that helped you to figure out how to do the removal.

Did you also get YouTubeAdBlocke on your machine? Any idea how you got it?