“Errors found on this webpage! Please update your browser. Download Updates Now”
on the Google search page when starting your browser?
If you get this error message, don’t click it. Since the alert is inserted into the Google start page, it may appear the message is comes from the Google, but Google has nothing to do with it. In my case, the alert message was inserted by some adware that was installed on my machine.
I got this error message when using Mozilla Firefox, but I assume you will also see the same type of message when browsing with Google Chrome or Internet Explorer. The error message will probably also appear on other search engines such as Bing and Yahoo.
To remove these misleading messages you need to scan your computer for unwanted software. If you are comfortable using manual removal tools you can use FreeFixer to assist you when tracking down and removing the unwanted software that injects these messages. What adware did you find on your machine?
Hello, just a quick post on a program called Super Optimizer. If Super Optimizer appeared unexpectedly on your machine, it may have been bundled with some other program that you installed recently. Here’s how Super Optimizer was disclosed in two installers when I found it:
Here’s how Super Optimizer’s user interface looks like:
If you’d like to remove Super Optimizer, you can do so from the Windows Control Panel.
“WARNING! Current version of Adobe Flash Player is outdated! Your computer is vulnerable to malware. Update your Adobe Flash Player now.”
If that is the case, you might have some potentially unwanted software on your machine, typically adware. I got lots of these “Adobe Flash Player is Outdated” messages while I was testing a download on my lab machine, a download that I new bundled lots of software. I was using Mozilla Firefox, but I think these warning can appear if you are browsing with Google Chrome or Microsoft Internet Explorer as well.
And obviously, these “Flash Player is outdated” messages are just fake. When clicking on the OK button, you will get a download that is detected by many of the anti-virus programs. If you want to download or update the Flash Player. Go to the official Adobe site. Trust nothing else for Flash downloads.
The “Current version of Adobe Flash Player is outdated” warning messages appears to be hosted on a web site called update-for-pc-1024.com. Did you also see the warning message on this site?
So, if you’d like to get rid of these warning messages, and you have some adware on your machine like me, you need to gets your hands dirty. I had lots of them. Salus, MyBestOffers, WordProser, PriceHorse, etc, etc. Some of them could be uninstalled from the Windows Control Panel, but there remained some processes running. To deal with those, I’d recommend a scan with the freeware tool FreeFixer that I’m developing.
Thank you for reading. Hope this helped you with the removal.
Just wanted to give you the heads up on files digitally signed by OOO “Finans Servis”.
The OOO “Finans Servis” certificate shows that the publisher is located in Moscow in Russia.
The problem here is that the OOO Finans Servis was promoted as an update for Adobe’s Flash Player. If adobe_flash_setup.exe really was a setup file for Adobe Flash Player, it should be digitally signed by Adobe Systems Incorporated and not by some unknown company located in Moscow.
9% of the anti-malware scanners detected the file. PUP.Optional.InstallCore and BehavesLike.Win32.CryptInno.bc were two of the detection names. I think we will see the other anti-virus programs add this one to the detection list soon.
Since you probably came here after finding a file that was digitally signed by OOO Finans Servis, please share what kind of download it was and if it was detected by the anti-malwares at VirusTotal.
Are you getting redirected to or pop-ups from a survey site named oceancorn.biz? If these pop-ups are sneaking though your browser’s built-in pop-up blocker, you probably have some adware installed on your machine. I got the pop-ups in Firefox, but they can appear in Chrome and Internet Explorer too. Here’s how the pop-up looked like. The full domain name was jfpzz.exclusiverewards.oceancorn.biz:
I would recommend reviewing your computer with FreeFixer to track down the software that pops up these surveys. I had SmartOnes, Supporer 1.80, SaferSurf, ProtectedBrowsing and MaxiGet Software Manager installed. After removing those, the pop-ups from oceancorn.biz stopped.
Are you getting messages or pop-ups while browsing the web saying:
“The page at http://s.mjytsw com says: WARNING!!! Your Java Version is Outdated, Have Security Risks, Please Update Now!”
When I got this message I was redirected to a “Java Update”. The update was digitally signed by a company called Fileangels, so it’s clearly not an official Java update. The Fileangels file is detected by some of the anti-virus programs at VirusTotal. A real Java update should be digitally signed by the company that owns Java, that is Oracle America, Inc.
I got these faked Java warnings while browsing with Firefox, but they can probably also appear if you are using Chrome or Internet Explorer as you web browser.
So, why are you getting these faked Java Update pop-ups? Most likely you have some adware installed on your machine. When I got these ads, I had lots of adwares installed on my lab machine. After removing them with FreeFixer, the “Java Update” pop-ups stopped. These where the adware programs I had and uninstalled: Browser Warden, SmartOnes, TinyWallet, BlockAndSurf, HQ-Video-Pro-2.1c.
To remove these faked Java warnings I would begin to examine the Add/Remove programs dialog in the Control Panel to see if something suspicious is listed there and remove it. Do you see some program that you don’t remember installing? If you sort the programs on the “Installed On” date, do you see anything that was installed approximately about the same time as you first noticed the “Java” warnings?
I think you should also check the add-ons installed into Chrome, Firefox, Internet Explorer. Do you see anything suspicious? Something that you don’t remember installing?
If that did not fix the problem, you can give FreeFixer a try. It’s a tool that I’ve been working on for some time now. FreeFixer is designed to help you manually identify and remove unwanted software, such as the adware that’s running on your machine. FreeFixer scans the processes running on your computer, browser add-ons, startups, scheduled tasks, recently modified files, and lots of other locations. FreeFixer is freeware and its removal feature is not crippled liked many other malware removers out there. If FreeFixer solved your problem, please help me spread the word and let your friends know about it.
Tip: If you are having difficulties to figure out whether a file or setting in FreeFixer’s scan result is legitimate or if it should be removed, please check out the information shown on the More Info page. It will show a VirusTotal report which can be quite useful when trying to determine whether to keep or remove a file.
Which adware programs did you have to uninstall to get rid of the “Java Update” warnings?
And if you are looking for the real Java download, go to the official Java site: https://www.java.com/en/
Thanks for reading.
Update 2014-10-26: These fake Java warnings are still going on. Found the same type of pop-up, but this time it mentions another web site: d.andoie.com. What web site does your warning message mention?
When clicking on the warning message, the faked Java site at phohyt.com opens up. Is this the site you are redirected to as well?
Update 2014-10-27: The pop-ups are still appearing. Now they mention d.mobcgm.com and d.mobdty.com. If clicking the OK button in the dialog, apprfv.com opens up containing a faked java update site.
Update 2014-10-30: These fake Java warnings and faked Java sites are still popping up. Today the pop-up mention www.qposwe.com and debajxcj.com and the faked site is hosted at irzsmdcs.com:
Update 2014-11-11: This is still going on. zpkaid.com is used host the fake Java Update site. The title of the page is “Update for Your Computer” and the download is signed by Safe Down.
Update 2014-11-13: Today the fake update site is hosted zrmica.com.
Update 2014-11-14: Today the fake site is hosted at zszpkt.com and ztcdnr.com. The downloads are signed by “Safe Down” and Fileangels.
Update 2014-11-16: Now the fake site is hosted at zwkuvp.com.
Just found a file called InetStat.exe, bundled in another software download. InetStat.exe was located in c:\users\%USERNAME%\appdata\roaming\inetstat. I could also see it running in the Windows Task Manager.
InetStat.exe was not detected by the anti-virus programs over at VirusTotal when I uploaded it, but I think it should be removed anyway. It was bundled with another software download, but as far as I could see, not disclosed in the installer. The file did not have a digital signature or any version information that could help users figure out the purpose of the file and who developed it.
I’ve saved a copy of the InetStat.exe file to see if it will be added to the anti-virus programs detection list in the future.
Anyway, if you’d like to remove InetStat, you can do so with FreeFixer. Just select InetStat.exe for removal:
Welcome! Just a short post on a publisher called Safe Down. I just found a download named Java_Setup.exe that was digitally by this publisher, and it turns out that it is detected by some anti-virus programs.
What caught my attention was that the download was called Java_Setup.exe. This might look like an official Java download, but it is not. If it was an official download, it should be digitally signed by Oracle INC.
22% of the scanners detected the file. ESET-NOD32 reports Java_Setup.exe as a variant of Win32/AdWare.iBryte.BM, Fortinet detects it as W32/Zbot.AAN!tr, Kaspersky calls it Trojan.Win32.Badur.joje, McAfee reports IBryte-FRK and VIPRE names it Optimum Installer (fs).
Hello! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of programs. This morning I found another publisher named Astro Network (Fried Cookie Ltd.).
The following screenshot shows the User Account Control dialog when running the Astro Network (Fried Cookie Ltd.) file:
You can also check who signed a file by checking the digital signature tab. According to the certificate we can see that Astro Network appears to be located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.
What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it would have been signed by Skype Software Sarl. And that’s why I’m writing this blog post. If you are looking for the official Skype download, go to http://www.skype.com/ to get the real deal.
I uploaded the Skype_Setup.exe file to VirusTotal, but none of the 50+ anti-virus scanners detected it. Was your file detected by the anti-virus programs?
Did you also find a file signed by Astro Network? What kind of download was it and where did you find it? How was the download promoted? Did it appear in the sponsored search results in one of the search engines?
Did you just get a new tab or a pop-up from surveygenieonline.com that managed to leak through your browser’s pop-up blocker, or did you get redirected to surveygenieonline.com from the web page you were browsing? It’s possible that you have some adware installed on your machine that launched the surveygenieonline.com surveys. I’ll try to help you remove the surveygenieonline.com pop-ups in this blog post.
Here’s a few screenshots of the surveygenieonline.com surveys that I got on my lab machine. They all have the country as a subdomain, in my case that’s sweden.
All of these appeared in Mozilla Firefox, but you will most likely have the same problem if you are browsing the web with Google Chrome or Microsoft Internet Explorer.
I recently started to examine what advertisements adware are showing to the users. I think its important to talk about these pop-ups and surveys since it’s usually the first sign the user sees after getting the adware. In my case, I’ve installed a few adwares on my lab machine and now I’m closely following and documenting the ads that appear.
Generally, these surveys appears in a new tab while you are browsing the web. They often try to make it appear as the survey was initiated by the site you were browsing, by mentioning the domain name. That happened to me too, as you can see in the screenshots above, they mention the www.freefixer.com site which was the site I was currently browsing. The surveys sometimes claim that you will be compensated for completing it. That also happened here, where one of the surveys said it would give me a price worth 400 SEK.
Something that’s interesting is the amount of traffic the surveygenieonline.com web site it getting. Just check out the traffic rank from Alexa. Rank 12500 means that its getting a lot of traffic. So you are probably not the only one getting these surveys 😉
So, what is required to remove surveygenieonline.com? Well, in my case, I had three adwares installed on my machine. They were Browser Warden, BlockAndSurf, TinyWallet. One of them were responsible for the pop-ups. I removed those three with FreeFixer and the surveygenieonline.com surveys were gone. The problem is that the surveygenieonline.com surveys can be launched by many variants of adware, so if you don’t have any of the three adwares mentioned above, you might have dig in a little deeper to track down the unwanted software.
If you had to remove something else, in addition to the 3 adwares I mentioned above, please post a comment below to help other users that are struggling in the same situation.