Monthly Archives: February 2015

Remove ply.wayreview.com From Your Browser

browser status bar, ,

This page shows how to remove ply.wayreview.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Sound familiar? You see ply.wayreview.com in your web browser’s status bar while browsing sites that generally don’t load any content from third party domains. Maybe the ply.wayreview.com domain show up when performing a search at the Google.com search engine?

Here is how the ply.wayreview.com statusbar message looked like on my computer. It appeared while searching on Google:

ply.wayreview.com statusbar

Here are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for ply.wayreview.com…
  • Transferring data from ply.wayreview.com…
  • Looking up ply.wayreview.com…
  • Read ply.wayreview.com
  • Connected to ply.wayreview.com…

If you also see this on your machine, you presumably have some potentially unwanted program installed on your system that makes the ply.wayreview.com domain appear in your browser. So there’s no use contacting the owner of the site you were browsing. The ply.wayreview.com status bar messages are not coming from them. I’ll do my best to help you with the ply.wayreview.com removal in this blog post.

I found ply.wayreview.com on one of the lab machines where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if anything new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show ads, or if some new files have been saved to the hard-drive.

ply.wayreview.com was created on 2014-07-29. ply.wayreview.com resolves to the 50.22.215.24 IP address and wayreview.com to 162.255.119.154. The domain is protected by WhoisGuard INC.

So, how do you remove ply.wayreview.com from your browser? On the machine where ply.wayreview.com showed up in the status bar I had WebWaltz, YTDownloader, SpeedChecker and PriceFountain installed. I removed them with FreeFixer and that stopped the browser from loading data from ply.wayreview.com.

The issue with status bar messages like the one described in this blog post is that it can be caused by many variants of potentially unwanted programs. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

Anyway, here’s my suggestion for the ply.wayreview.com removal:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. How about your browser add-ons. Anything in the list that you don’t remember installing?
  3. If that did not help, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down potentially unwanted programs. It is a freeware utility that I’ve been working since 2006 and it scans your computer at lots of locations where unwanted software is known to hook into your computer. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop ply.wayreview.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

Remove api.webwaltz.net and apiwebwaltznet-a.akamaihd.net from Firefox, Chrome and Internet Explorer

browser status bar

This page shows how to remove apiwebwaltznet-a.akamaihd.net and api.webwaltz.net from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see apiwebwaltznet-a.akamaihd.net in the status bar of your browser and ask yourself where it came from? Or did apiwebwaltznet-a.akamaihd.net show up while you search for something on one of the major search engines, such as the Google.com search engine?

Here are some of the status bar messages you may see in your browser’s status bar:

  • Waiting for apiwebwaltznet-a.akamaihd.net…
  • Transferring data from apiwebwaltznet-a.akamaihd.net…
  • Looking up apiwebwaltznet-a.akamaihd.net…
  • Read apiwebwaltznet-a.akamaihd.net
  • Connected to apiwebwaltznet-a.akamaihd.net…

Does this sound like your experience, you apparently have some potentially unwanted program installed on your system that makes the apiwebwaltznet-a.akamaihd.net domain appear in your browser. So there’s no use contacting the owner of the site you were browsing. The apiwebwaltznet-a.akamaihd.net status bar messages are not coming from them. I’ll try help you with the apiwebwaltznet-a.akamaihd.net removal in this blog post.

I found apiwebwaltznet-a.akamaihd.net and api.webwaltz.net on one of the lab computers where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if anything new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on web site that usually don’t show ads, or if some new files have been saved to the hard-drive.

apiwebwaltznet-a.akamaihd.net resolves to the 23.62.6.88 address. api.webwaltz.net resolves to 70.186.131.239.

Update 2015-03-19: Noticed a connection to wwwwebwaltznet-a.akamaihd.net too.

So, how do you remove apiwebwaltznet-a.akamaihd.net from your browser? On the machine where apiwebwaltznet-a.akamaihd.net showed up in the status bar I had PriceFountain, SpeedChecker, YTDownloader and WebWaltz installed. I removed them with FreeFixer and that stopped the web browser from loading data from apiwebwaltznet-a.akamaihd.net. Most likely, WebWaltz was responsible for the apiwebwaltznet-a connection.

The problem with status bar messages like this one is that it can be caused by many variants of potentially unwanted programs. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

So, what can be done to solve the problem? To remove apiwebwaltznet-a.akamaihd.net you need to check your machine for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:

The first thing I would do to remove apiwebwaltznet-a.akamaihd.net is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something shady listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started observing the apiwebwaltznet-a.akamaihd.net status bar messages.

Then you can examine you browser add-ons. Potentially unwanted program often appear under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to identify and remove the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool designed to manually find and remove unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having problems determining if a file is safe or potentially unwanted in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains more information about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did this blog post help you to remove apiwebwaltznet-a.akamaihd.net? Please let me know or how I can improve this blog post.

Thank you!

Remove tracking.ibexnetwork.com Pop Up Ads Caused By Adware

pop-ups,

Did you just get a pop-up from tracking.ibexnetwork.com and wonder where it came from? Did the tracking.ibexnetwork.com ad appear to have been popped up from a web site that under normal circumstances don’t use aggressive advertising such as pop-up windows? Or did the tracking.ibexnetwork.com pop-up show up while you clicked a link on one of the big search engines, such as Google, Bing or Yahoo?

Here’s how the tracking.ibexnetwork.com pop-up looked like when I got it on my system:

tracking.ibexnetwork.com pop-up

After a while, the pop-up opened the option.fm page where the actual ad was displayed.

Does this sound like what you are seeing, you probably have some adware installed on your computer that pops up the tracking.ibexnetwork.com ads. There’s no use contacting the owners of the site you currently were browsing. The ads are not coming from them. I’ll try help you with the tracking.ibexnetwork.com removal in this blog post.

If you have been reading this blog already know this, but if you are new: A little while back I dedicated a few of my lab machines and deliberately installed a few adware programs on them. Since then I have been tracking the actions on these machines to see what kinds of ads that are displayed. I’m also looking on other interesting things such as if the adware updates itself, or if it downloads additional unwanted software on the computers. I first noticed the tracking.ibexnetwork.com pop-up on one of these lab computers.

tracking.ibexnetwork.com resolves to the 54.173.20.116 IP address and ibexnetwork.com to 50.7.157.124. tracking.ibexnetwork.com was created on 2012-01-16.

So, how do you remove the tracking.ibexnetwork.com pop-up ads? On the machine where I got the tracking.ibexnetwork.com ads I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the tracking.ibexnetwork.com pop-ups and all the other ads I was getting in Mozilla Firefox.

The issue with pop-ups like the one described in this blog post is that it can be initiated by many variants of adware, not just the adware on my machine. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

Anyway, here’s my suggestion for the tracking.ibexnetwork.com ads removal:

The first thing I would do to remove the tracking.ibexnetwork.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something dubious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started observing the tracking.ibexnetwork.com pop-ups.

Then you can examine you browser add-ons. Adware often show up under the add-ons menu in Firefox, Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think you will be able to track down and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool built to manually track down and remove unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked down like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having difficulties figuring out if a file is legit or adware in the FreeFixer scan result, click on the More Info link for the file. That will open up your browser with a page which contains more information about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial on how to remove the pop-ups with FreeFixer:

Did this blog post help you to remove the tracking.ibexnetwork.com pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove Binkiland.com and Binkiland.exe Adware

adware

Welcome! Just a quick post on the Binkiland adware. This appears to be a variant of Vosteran and Taplika that I’ve previously written about. If you got Binkiland installed and running on your computer, you will see lots of Binkiland.exe processes running in the Windows Task Manager, the search provider and start page changed to binkiland.com in Internet Explorer and a custom-built Chrome browser installed on the computer, named Binkiland. I’ll show how to remove Binkiland in this blog post with the FreeFixer removal tool.

binkiland.exe task manager binkiland task bar binkiland chrome installer

Binkiland is bundled with other software. Bundled means that it is included in another software’s installer.

When I run into some new bundled software I usually upload it to VirusTotal to check if the anti-viruses there detect something interesting. 25% of the scanners detected the file. The Binkiland files are detected as Trojan.Generic.12750616 by Ad-Aware, Hacktool.Win32.ADInstaller.d by Baidu-International, Artemis!D946977D16BD by McAfee and Win32/Virus.RiskTool.a62 by Qihoo-360.

binkiland.exe virustotal

All you need to do to remove Binkiland is to check the Binkiland files in the scan result and click the Fix button. You may have to reboot your computer to complete the removal. Here’s a few screenshots that should help you along the way:

binkiland.exe processes binkiland startup binkiland startpage remove binkiland search provider remove

Hope this helped you remove the Binkiland adware.

Did you also find Binkiland on your computer? Any idea how it was installed? Please share your story the comments below. Thank you!

Thanks for reading!

Remove micepopcorn.country Pop Up Survey Ads

pop-ups, survey,

Sound familiar? You see pop-up ads from micepopcorn.country while browsing web sites that mostly don’t advertise in pop-up windows. The pop-ups manage to escape the built-in pop-up blockers in Chrome, Firefox, Internet Explorer or Safari. Maybe the micepopcorn.country pop-ups appear when clicking search results from a Google search? Or does the pop-ups appear even when you’re not browsing?

Here’s how the micepopcorn.country pop-up looked like when I got it on my machine:

micepopcorn.country

If this sounds like what you are seeing on your computer, you most likely have some adware installed on your system that pops up the micepopcorn.country ads. There’s no use contacting the owners of the site you were browsing. The ads are not coming from them. I’ll do my best to help you with the micepopcorn.country removal in this blog post.

Those that have been spending some time on this blog already know this, but for new visitors: Not long ago I dedicated a few of my lab computers and intentionally installed some adware programs on them. Since then I’ve been tracking the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it installs additional unwanted software on the machines. I first spotted the micepopcorn.country pop-up on one of these lab computers.

micepopcorn.country was created on 2015-01-07. micepopcorn.country resolves to the 184.73.247.179 IP address and kovzz.super-promo.micepopcorn.country to 104.207.140.57.

So, how do you remove the micepopcorn.country pop-up ads? On the machine where I got the micepopcorn.country ads I had TinyWallet, BlockAndSurf and BrowserWarden installed. I removed them with FreeFixer and that stopped the micepopcorn.country pop-ups and all the other ads I was getting in Mozilla Firefox.

The issue with pop-ups like this one is that it can be launched by many variants of adware, not just the adware on my computer. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what can be done to solve the problem? To remove the micepopcorn.country pop-up ads you need to review your machine for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the micepopcorn.country pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something dubious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started observing the micepopcorn.country pop-ups.

Then you can examine you browser add-ons. Adware often appear under the add-ons dialog in Chrome, Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to track down and uninstall the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. Freefixer is a tool designed to manually find and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked like many other removal tools out there. It won’t require you to pay for the program just when you are about to remove the unwanted files.

And if you’re having problems figuring out if a file is clean or adware in FreeFixer’s scan report, click on the More Info link for the file. That will open up your web browser with a page which contains more details about the file. On that web page, check out the VirusTotal report which can be quite useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial which shows FreeFixer in action removing adware that caused pop-up ads:

Did this blog post help you to remove the micepopcorn.country pop-up ads? Please let me know or how I can improve this blog post.

Thank you!

Remove palaceofbingo.com Pop Up Ads Caused By Adware

pop-ups

Having issues with pop-ups from palaceofbingo.com? If that is the case, you might have adware installed on your machine. I got the palaceofbingo.com pop-ups in Firefox, but they can appear if you are using Chrome, Internet Explorer, Safari or Opera too.

Here’s how the palaceofbingo.com pop-up looked like when I got it on my computer in a new tab:

palaceofbingo.com pop up

If this sounds like what you are seeing on your system, you probably have some adware installed on your computer that pops up the palaceofbingo.com ads. There’s no use contacting the owners of the site you were browsing. The advertisements are not coming from them. I’ll do my best to help you with the palaceofbingo.com removal in this blog post. This is done by removing the unwanted adware from your machine.

I found the palaceofbingo.com pop-up on one of the lab computers where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on web site that usually don’t show ads, or if some new files have been saved to the hard-drive.

So, how do you remove the palaceofbingo.com pop-up ads? On the machine where I got the palaceofbingo.com ads I had TinyWallet, BlockAndSurf and TinyWallet installed. I removed them with FreeFixer and that stopped the palaceofbingo.com pop-ups and all the other ads I was getting in Mozilla Firefox.

The problem with pop-ups like this one is that it can be initiated by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what can be done to solve the problem? To remove the palaceofbingo.com pop-up ads you need to examine your system for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

The first thing I would do to remove the palaceofbingo.com pop-ups is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something suspicious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started seeing the palaceofbingo.com pop-ups.

Then you can examine you browser add-ons. Adware often appear under the add-ons dialog in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think you will be able to find and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I’ve developed since 2006. Freefixer is a tool built to manually find and remove unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not locked like many other removal tools out there. It will not require you to purchase the program just when you are about to remove the unwanted files.

And if you’re having difficulties deciding if a file is safe or adware in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains more details about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial which shows FreeFixer in action removing adware that caused pop-up ads:

Did you find any adware on your machine? Did that stop the palaceofbingo.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Symbu LLC – 9% Detection Rate – DownloadAdmin / WebInstallBundle

Uncategorized,

Hello! Was looking for some downloads to play around with and found one, digitally signed by Symbu LLC. The file is named freeallinonemediaplayer-setup.exe. You may see Symbu LLC appear as the publisher when double-clicking on the freeallinonemediaplayer-setup.exe file.

Symbu LLC uac

By examining the certificate, we can see that Symbu LLC is located in San Fransisco, the US. The certificate is issued by DigiCert SHA2 Assured ID Code Signing CA.

Symbu LLC certificate

9% of the scanners detected the file when uploaded to VirusTotal. The freeallinonemediaplayer-setup.exe file is detected as Trojan.Win32.Atraps.b by ByteHero, Adware:W32/WebInstallBundle by F-Secure, Win32.Application.DownloadAdmin.A by GData and DownloadAdmin (fs) by VIPRE.

Symbu LLC virustotal

Did you also find a Symbu LLC file?

Hope this blog post helped you avoid some unwanted software on your machine.

Thank you for reading.

Software Association LLC – 16% Detection Rate – Sevas-S / iBryte / OpenCandy

digital signature, ,

Hi there! Just wanted to give you the heads up on a file called skypesetupfull.exe that’s digitally signed by Software Association LLC. This is how it looks when double-clicking on the file and Software Association LLC appears as the publisher.

Software Association LLC uac

Software Association LLC is located in Ukraine. The certificate is issued by DigiCert SHA2 Assured ID Code Signing CA.

Software Association LLC certificate

The issue is that skypesetupfull.exe is not an official Skype download. If it was, it would have been digitally signed by Skype Software Sarl. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.
Skype Software Sarl publisher

The reason I’m writing this blog post is that the Software Association LLC file is detected by some of the anti-malware scanners at VirusTotal. AVG detects skypesetupfull.exe as OpenCandy.F33, AVware names it Sevas-S Installer (fs), Jiangmin detects it as Adware/iBryte.hhhm, K7GW names it DoS-Trojan ( 200b63e51 ) and Malwarebytes reports PUP.Optional.OpenCandy.

Software Association LLC virustotal

Did you also find a file digitally signed by Software Association LLC? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thanks for reading.

How To Remove The Positive Finds Adware

adware

Just found another bundled program called “Positive Finds“. If you are wondering where it came from, it was probably bundled with some free download. In my case it was bundled with a program that extracts RAR files. Currently, no anti-virus program detected it when I uploaded it to VirusTotal.

positive find firefox

The software is clearly adware as explained in the EULA:

positive find eula adware

You can remove Positive Finds from the Windows Control Panel:

Positive Finds uninstall

If that does not work, just select the files in FreeFixer:

positive finds internet explorer Positive Finds firefox remove

Thanks for reading!

 

 

Broken Spoke Digital – 28% Detection Rate – DownloadAdmin / Downware

digital signature,

Hi there! Just a short post on a publisher called Broken Spoke Digital. You may see Broken Spoke Digital appear as the publisher when double-clicking on the installer_jdownloader_English.exe file.

Broken Spoke Digital uac dialog-*

Information about a digital signature and the certificate can also be found under the Digital Signature tab. According to the certificate we can see that Broken Spoke Digital is located in San Fransisco in US and that the certificate is issued by Go Daddy Secure Certificate Authority – G2.

Broken Spoke Digital certificate

When I uploaded the Broken Spoke Digital file to VirusTotal, it came up with a 28% detection rate. The file is detected as Riskware.Agent! by Agnitum, PUP/Win32.Downware by AhnLab-V3, Trojan/Win32.TSGeneric by Antiy-AVL, DownloadAdmin (fs) by AVware, Win.Adware.Downloadadmin by ClamAV, W32/S-92ce39bf!Eldorado by F-Prot, PUP.Optional.DownloadAdmin by Malwarebytes and DownloadAdmin (fs) by VIPRE.

Broken Spoke Digital virustotal

Did you also find a Broken Spoke Digital file? Do you remember where you downloaded it?

Thanks for reading.