Hello readers! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs and programs that works as a downloader. A few days ago I found another publisher named Platform Connector (Fried Cookie Ltd.).
Information about a digital signature and the certificate can be found under the Digital Signature tab. The screenshot shows the Platform Connector (Fried Cookie Ltd.) certificate. From the certificate info we can see that Platform Connector (Fried Cookie Ltd.) appears to be located in Tel Aviv in Israel.
So, why am I writing about the Platform Connector (Fried Cookie Ltd.) file? Check out what the anti-viruses report about the file:
Avira detects installer_jdownloader_English.exe as Adware/InstallCore.734264, ESET-NOD32 reports a variant of Win32/InstallCore.WX potentially unwanted, K7GW reports Trojan ( 004b61851 ) and VIPRE reports InstallCore (fs) are a few of the detection names for installer_jdownloader_English.exe.
Did you also find a Platform Connector (Fried Cookie Ltd.) file? Do you remember where you downloaded it?
Did you just get a pop-up from plarium.com and wonder where it came from? Did the plarium.com ad appear to have been launched from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows? Or did the plarium.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?
Here’s how the plarium.com pop-up looked like when I got it on my computer:
The ad is for the Stormfall Age of War game. The URL mentions the adcash.com domain.
If this description sounds like your system, you most likely have some adware installed on your machine that pops up the plarium.com ads. There’s no use contacting the owners of the web site you currently were browsing. The advertisements are not coming from them. I’ll do my best to help you remove the plarium.com pop-up in this blog post. This is done by cleaning your computer from the unwanted adware.
If you have been following this blog already know this, but if you are new: Not long ago I dedicated a few of my lab machines and purposely installed some adware programs on them. I have been observing the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads additional unwanted software on the computers. I first found the plarium.com pop-up on one of these lab machines.
So, how do you remove the plarium.com pop-up ads? On the machine where I got the plarium.com ads I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the plarium.com pop-ups and all the other ads I was getting in Mozilla Firefox.
It seems as plarium.com is getting quite a lot of traffic, based on Alexa’s traffic rank:
The problem with this type of pop-up is that it can be popped up by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
Anyway, here’s my suggestion for the plarium.com ads removal:
The first thing I would do to remove the plarium.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something suspicious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed approximately about the same time as you started seeing the plarium.com pop-ups.
The next thing to check would be your browser’s add-ons. Adware often show up under the add-ons dialog in Chrome, Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
I think most users will be able to find and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop many years ago. It’s a tool designed to manually identify and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to purchase the program just when you are about to remove the unwanted files.
And if you’re having problems determining if a file is clean or unwanted in the FreeFixer scan result, click on the More Info link for the file. That will open up your web browser with a page which contains additional details about the file. On that web page, check out the VirusTotal report which can be very useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Here you can see FreeFixer in action removing the adware that caused pop-up ads:
Did you find any adware on your machine? Did that stop the plarium.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.
Did you just get a pop-up from diriginal.info and wonder where it came from? Did the diriginal.info ad appear to have been initiated from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows? Or did the diriginal.info pop-up show up while you clicked a link on one of the big search engines, such as Google, Bing or Yahoo?
Here is a screenshot on the diriginal.info pop-up from my computer:
The download pushed here was digitally signed by Andrey Hmelnikov. The download is hosted at groupsetzipmyjob.org.
Does this sound like your experience, you probably have some adware installed on your machine that pops up the diriginal.info ads. So don’t flame the people that runs the web site you were at, the advertisements are almost certainly not coming from that site, but from the adware that’s installed on your system. I’ll do my best to help you with the diriginal.info removal in this blog post.
For those that are new to the blog: A little while back I dedicated some of my lab machines and intentionally installed some adware programs on them. Since then I have been tracking the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself automatically, or if it downloads and installs additional unwanted software on the systems. I first spotted the diriginal.info pop-up on one of these lab computers.
diriginal.info resolves to the 54.69.104.255 address. diriginal.info was created on 2014-08-21.
So, how do you remove the diriginal.info pop-up ads? On the machine where I got the diriginal.info ads I had PriceLess, PriceFountain, PriceHorse, OfferBoulevard and SpeedCheck installed. I removed them with FreeFixer and that stopped the diriginal.info pop-ups and all the other ads I was getting in Internet Explorer.
It seems as diriginal.info is getting quite a lot of traffic, based on Alexa’s traffic rank:
The issue with this type of pop-up is that it can be launched by many variants of adware, not just the adware running on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
Anyway, here’s my suggestion for the diriginal.info ads removal:
Check what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see anything that you don’t remember installing or that was recently installed?
How about your browser add-ons. Anything in the list that you don’t remember installing?
If that did not help, I’d recommend a scan with FreeFixer to manually track down the adware. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:
An example of FreeFixer’s “More Info” links. Click for full size.
Here’s a video guide showing how to remove pop-up ads with FreeFixer:
Did this blog post help you to remove the diriginal.info popup ads? Please let me know or how I can improve this blog post.
Does this sound familiar? You see pop-up advertisements from bestones.net while browsing websites that normally don’t advertise in pop-up windows. The pop-ups manage to escape the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Perhaps the bestones.net pop-ups appear when clicking search results from a Google search? Or does the pop-ups show up even when you’re not browsing?
Here’s a screenshot of the bestones.net pop-up ad when it showed up on my machine:
Does this sound like your story, you most likely have some adware installed on your computer that pops up the bestones.net ads. There’s no use contacting the owners of the website you were browsing. The ads are not coming from them. I’ll try help you to remove the bestones.net pop-ups in this blog post.
Those that have been visiting this blog already know this, but for new visitors: Recently I dedicated a few of my lab computers and intentionally installed some adware programs on them. I have been monitoring the actions on these systems to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads additional unwanted software on the systems. I first observed the bestones.net pop-up on one of these lab machines.
bestones.net resolves to the 54.69.104.255 IP address. bestones.net was registered on 2014-08-21.
So, how do you remove the bestones.net pop-up ads? On the machine where I got the bestones.net ads I had PriceLess, PriceFountain, PriceHorse and SpeedCheck installed. I removed them with FreeFixer and that stopped the bestones.net pop-ups and all the other ads I was getting in Internet Explorer.
The issue with pop-ups such as this one is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
So, what can be done? To remove the bestones.net pop-up ads you need to check your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:
Review what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see anything that you don’t remember installing or that was recently installed?
You can also check the browser add-ons. Same thing here, do you see something that you don’t remember installing?
If that does not help, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your computer at lots of locations where unwanted software is known to hook into your computer. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:
An example of FreeFixer’s “More Info” links. Click for full size.
Here’s a video tutorial on how to remove the pop-ups with FreeFixer:
Did this blog post help you to remove the bestones.net pop-up ads? Please let me know or how I can improve this blog post.
Hello readers. Another day, another blog post. Did you just see something called SpadeCast on your machine? I just spotted SpadeCast while reviewing some of the latest submissions to FreeFixer’s database.
I first thought that this was a BrowseFox variant, based on how it named its filename. But the VirusTotal and the anti-virus programs there detect it as “Adware.SpadeCast“. The detection rate is 9/53. Some of the detection names for SpadeCast are Adware.SpadeCast.A and Trojan.Win32.Generic!BT. I guess it could still be a BrowseFox variant.
So, how about the removal? If you’d like to remove SpadeCast you can do so with the FreeFixer removal tool. Just select the files digitally signed by “SpadeCast”, click the Fix, reboot, and the problem should be solved.
Hope that helped you with the removal.
Did you also find SpadeCast on your computer? Any idea how it installed? Please share by posting a comment. I’d like to install and test this on my lab machine.
Welcome! I was playing around and testing some downloads when I found a file digitally signed by OOO PREM”ER-SERVIS. The OOO PREM”ER-SERVIS certificate shows that the publisher is located in Moscow, Russia.
The problem here is that if adobe_flash_setup.exe really was an installer file for Adobe Flash Player, it should have been signed by Adobe Systems Incorporated and not by some unknown company. Here’s how the authentic Adobe Flash Player looks like when you double click on it. Notice that the “Verified publisher” says “Adobe Systems Incorporated”.
Right now, 6 of the antimalware scanners detected the file. Some of the detection names for the adobe_flash_setup.exe file are Adware/InstallCore.783896, a variant of Win32/InstallCore.WX potentially unwanted, Trojan ( 004b61851 ) and Trojan ( 004b61851 ).
Did you also find a file digitally signed by OOO PREM”ER-SERVIS? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.
Hi there! Just wanted to give you the heads up on a publisher called Ronen Kvurt that I found right now while examining the latest submissions to FreeFixer’s database. The file name seems to suggest that the download is the “The Legend of Zelda: The Wind Waker” computer game.
Avira reports Legend_of_Zelda_The_Wind_Waker_U_STARCUBE.exe as Adware/MPlug.trov, F-Secure detects it as Gen:Variant.Adware.Mikey.7658, McAfee-GW-Edition detects it as BehavesLike.Win32.SoftPulse.tc and Sophos detects it as MultiPlug.
Did you also find a Ronen Kvurt download? Do you remember the download link? Please post it the comments. I’d like to test it myself.
This page shows how to remove guy.brifyghfytify.com from Mozilla Firefox, Google Chrome and Internet Explorer.
Did you just see guy.brifyghfytify.com in the status bar of your browser and ask yourself where it came from? Or did guy.brifyghfytify.com show up while you search for something on one of the big search engines, such as the Google.com search engine?
Here is a screen capture on guy.brifyghfytify.com from my machine when it appeared in my network log, while I did a search at the Google search engine:
Here are some of the status bar messages you may see in your browser’s status bar:
Waiting for guy.brifyghfytify.com…
Transferring data from guy.brifyghfytify.com…
Looking up guy.brifyghfytify.com…
Read guy.brifyghfytify.com
Connected to guy.brifyghfytify.com…
If you also see this on your computer, you probably have some potentially unwanted program installed on your machine that makes the guy.brifyghfytify.com domain appear in your browser. So there’s no use contacting the owner of the site you were browsing. The guy.brifyghfytify.com status bar messages are not coming from them. I’ll do my best to help you with the guy.brifyghfytify.com removal in this blog post.
I found guy.brifyghfytify.com on one of the lab computers where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show ads, or if some new files have been saved to the hard-drive.
guy.brifyghfytify.com resolves to the 5.153.38.134 IP address. guy.brifyghfytify.com was created on 2015-01-05. The domain is protected by WhoisGuard INC.
So, how do you remove guy.brifyghfytify.com from your browser? On the machine where guy.brifyghfytify.com showed up in the status bar I had TinyWallet, BrowserWarden and BlockAndSurf installed. I removed them with FreeFixer and that stopped the browser from loading data from guy.brifyghfytify.com.
The bad news with this type of status bar message is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program on my system. This makes it impossible to say exactly what you need to remove to stop the statusbar messages.
So, what can be done to solve the problem? To remove guy.brifyghfytify.com you need to review your system for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:
The first thing I would do to remove guy.brifyghfytify.com is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something dubious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started seeing the guy.brifyghfytify.com status bar messages.
The next thing to check would be your web browser’s add-ons. Potentially unwanted program often appear under the add-ons menu in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
I think most users will be able to find and uninstall the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool built to manually find and remove unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not locked down like many other removal tools out there. It will not require you to pay a fee just when you are about to remove the unwanted files.
And if you’re having a hard time determining if a file is clean or potentially unwanted in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains more details about the file. On that web page, check out the VirusTotal report which can be quite useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Did you find any potentially unwanted program on your machine? Did that stop guy.brifyghfytify.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.
Does this sound familiar? You see pop-up adverts from aunewsreport.com while browsing web sites that mostly don’t advertise in pop-up windows. The pop-ups manage to bypass the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Perhaps the aunewsreport.com pop-ups show up when clicking search results from Google? Or does the pop-ups appear even when you’re not browsing?
Here’s how the aunewsreport.com pop-up looked like when I got it on my computer:
Does this sound like what you see your machine, you probably have some adware installed on your machine that pops up the aunewsreport.com ads. Contacting the owner of the web site would be a waste of time. They are not responsible for the ads. I’ll try help you with the aunewsreport.com removal in this blog post.
I found the aunewsreport.com pop-up on one of the lab machines where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if anything new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on site that usually don’t show ads, or if some new files have been saved to the hard-drive.
aunewsreport.com was registered on 2015-01-14.
So, how do you remove the aunewsreport.com pop-up ads? On the machine where I got the aunewsreport.com ads I had BlockAndSurf, BrowserWarden and TinyWallet installed. I removed them with FreeFixer and that stopped the aunewsreport.com pop-ups and all the other ads I was getting in Mozilla Firefox.
The issue with pop-ups such as this one is that it can be popped up by many variants of adware, not just the adware on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
To remove the aunewsreport.com pop-up ads you need to examine your machine for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:
Examine what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see anything that you don’t remember installing or that was recently installed?
How about your browser add-ons. Anything in the list that you don’t remember installing?
If that did not help, I’d recommend a scan with FreeFixer to manually track down the adware. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:
An example of FreeFixer’s “More Info” links. Click for full size.
Here’s a video tutorial showing FreeFixer in action removing pop-up ads:
Did you find any adware on your machine? Did that stop the aunewsreport.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.
Welcome! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, used by a publisher called Best Standard (Fried Cookie Ltd.).
To get more details on the publisher, you can view the embedded certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that Best Standard (Fried Cookie Ltd.) seems to be located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.
What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it would have been signed by Skype Software Sarl. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.
When I uploaded the Best Standard (Fried Cookie Ltd.) file to VirusTotal, it came up with a 9% detection rate. The file is detected as Application.Win32.FriedCookie.CIRK by Comodo, a variant of Win32/InstallCore.WX potentially unwanted by ESET-NOD32 and InstallCore (fs) by VIPRE.
Did you also find a file digitally signed by Best Standard (Fried Cookie Ltd.)? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.
