Category Archives: freefixer

What is Maxiget Software Manager (Softsonic)? – Removal Instructions

freefixer

Did you find something called Maxiget Software Manger on you machine and wonder where it came from? The Maxiget Software Manger is a desktop application showing a web page named “Softsonic” that promotes software downloads and shows, what to appears to be Google Adsense Ads:

Maxiget Software Updater (Softsonic) main gui

If you have Maxiget Software Manger installed on your computer you may also see a process called MaxigetUpdater.exe running in the Windows Task Manager.

So, how did Maxiget Software Manger install on you computer? It could have been installed as a bundled offer, that was displayed when installing some other software on your machine. I found Maxiget while installing software, and here’s how Maxiget was disclosed:

maxiget software manager bundled

As usual when I find some bundled software, I upload it to VirusTotal to see what the anti-virus programs says about the file. AVG was the only anti-virus scanner that detected Maxiget, under the Generic.E22 detection name:

maxigetupdater.exe virustotal reportIf you would like to remove the Maxiget Software Manger, you can do so by selecting the MaxigetUpdater.exe file in FreeFixer:

maxigetupdater.exe service maxiget updater task

Or by using the Uninstall programs dialog:

maxiget software manager uninstall

Hope this helped you figure out what Maxiget is.

Did you also get Maxiget as a bundled software offer?

What is One More Game (OMG) And How To Uninstall It

freefixer

Just a quick post about a piece of software called One More Game before going back to programming on the FreeFixer tool. I’m working on a feature that scans Google Chrome Extensions.

Anyway, what’s One More Game? OMG is a piece of software that sits in the system tray and pops up notification about “new and exclusive offers and gaming tips“.

One More Game Ad for Big Farm One More Game Window

One More Game in the System Tray

You will also see a process called omg.exe running in the Windows Task Manager.

Did One More Game pop up unexpectedly on your machine? If so, One More Game might have been bundled in another download’s installer. That’s where I found it. Here’s how One More Game was disclosed in the installer of “FLV Player”:

one more game installer

So, what does the anti-virus programs say about the omg.exe file. Not much actually, none of the anti-virus detects OMG, except Symantec that reports omg.exe as WS.Reputation.1:

omg.exe virustotal

If you’d like to remove One More Game (OMG) you can do some from the “Uninstall Programs” dialog in the Windows Control Panel. There should be an entry named “One More Game” which you can right-click and select Uninstall.

Any idea how One More Game installed on your computer? Please share by posting a comment.

TubeHD Adware – Removal Instructions

adware, freefixer

I was reviewing some of the files submitted to the FreeFixer database tonight and found something new called TubeHD. This looked like a new variant of the CrossRider adware and the VirusTotal scan result clearly shows that is the case:

TubeHD is detected as Adware.CrossRider

Typically, adware such as TubeHD is distributed through bundling. That is, when downloading and installing some application, an additional offer is shown that suggests you should also install TubeHD.

Did you get Tube HD though bundling? If you remember the download link or the name of the software that bundled TubeHD, please let me know by posting a comment below. I’d like to try the installer to see how well TubeHD is disclosed.

Removing TubeHD with FreeFixer is pretty straightforward, assuming it’s just a regular variant of the Crossrider adware. Just select the TubeHD files for removal in the scan result, and then click Fix. The files should all be located in C:\Program Files (x86)\TubeHD-V1.8\ or C:\Program Files\TubeHD-V1.8\. The version number can vary depending on which version of TubeHD you have on your machine.

Thanks for reading!

Ads by Rewin Cinema – Removal Instructions

adware, freefixer

Do you see ads labeled “Ads by Rewin Cinema” in your web browser. If that is the case, you have the Rewin Cinema adware installed and running on your machine. Rewin Cinema is bundled with various free software downloads, and that’s probably how it was installed on your machine. In my case, it was bundled with a download called JDownloader.

Ads by Rewin Cinema

You will also see Rewin Cinema installed as an add-on in your web browser. Here’s how it appears in Firefox:

Rewin Cinema add-on in the Firefox browser

If you would like to uninstall the Rewin Cinema adware you can easily do so by checking the Rewin Cinema files in FreeFixer:

Rewin Cinema files in FreeFixer

Do you also have the Rewin Cinema adware installed on your machine? Do you remember what download that bundled it? Please share by posting a comment.

 

SkypEmoticons – What Is SkypEmoticons and How To Remove It

freefixer

Just a quick post on a program called SkypEmoticons. I found this bundled with another software download. If SkypEmoticons showed up unexpectedly on your machine, you may also have installed it as a bundled offer.

I uploaded the main file of SkypeEmoticons, SE.exe, to VirusTotal to see if the anti-virus scanners reported it. Only one of the anti-virus tools detected the SE.exe file, and that was Tencent, which reported the SE.exe file as Win32.Trojan.Falsesign.

skypemotics virustotal report

If you’d like to uninstall SkypEmoticons, you can simply check the SE.exe file for removal in FreeFixer:

skypemoticons startup skypemoticons se.exe process

Or uninstall it from the Add/Remove programs dialog:

skypemotics uninstall

Did you also find SkypEmoticons on your machine? Any idea how it was installed?

UniversalUpdater, UpdateService.exe and AlNaddy Removal

freefixer,

Hello readers! Hope you are having a good time and not too many malware issues. Currently I’m on a short vacation, but I brought the laptop since I found a few new malware programs that I wanted to post about.

Found something called UniversalUpdater while testing out another download. If you’ve got UniversalUpdater on your machine, you’ll notice UpdateService.exe and CrashMon.exe running in the Windows Task Manager.

So, what’s are those two files? Well, a few of the anti-virus scanners over at VirusTotal flags the files as you can see in the screenshot. Artemis and Alnaddy are two of the detection names.

UniversalUpdater is detected as Alnaddy and Artemis

I could not see any entry for UniversalUpdater in the Add / Remove programs dialog. However, removing UniversalUpdater is easy with FreeFixer, just select the CrashMon.exe and UpdaterService.exe file for removal:

updaterservice.exe and the crashmon.exe files updaterservice.exe service

Did you also find UniversalUpdater on you machine? Any idea how it was installed?

ServiceChecker, Pirrit and UptUpdater.exe Removal Instructions

freefixer

Another find today. Stumbled on a file called UptUpdater.exe, also bundled by an unofficial Google Chrome download. I first spotted the UptUpdater.exe file running in the Windows Task Manager, but after a while UptUpdater.exe showed its GUI, where it claimed to install something called ServiceChecker:ServiceChecker

Anyway, as usual when I find some new file, I upload them to VirusTotal to see what the anti-virus scanners says about the file. Turns out UptUpdater.exe is detected by a file of the anti-virus scanners, under names such as Adware.Win32.PirritAdware.Downware and Pirrit.UptUpdater.exe Pirrit VirusTotal Report

If you’d like to remove Pirrit from your machine, you can do so by selecting the UptUpdater.exe file in FreeFixer:UptUpdater.exe process

Did you also find the ServiceChecker/Pirrit/UptUpdater.exe on your computer? Any idea how it was installed?

KernelScreenshotWin32.exe – Looks like malware to me

freefixer

Just a quick note on a file called KernelScreenshotWin32.exe that I found earlier today. The file uses typical malware behaviour, that is, it has no version information, no digital signature, no entry in the Add/Remove programs dialog, runs in an unusual folder, called C:\Windows\SysWOW64\KernelScreenshotWin32\ instead of c:\Program Files, bundled with a file signed by Smart Secure Software, no visible GUI, runs in the background, etc, etc.

KernelScreenshotWin32.exe file

However, when I uploaded the file to VirusTotal, none of the 50+ anti-virus programs detected it. Maybe I’m incorrectly calling this malware? It will be interesting to see if some of the scanners start to pick up the KernelScreenshotWin32.exe file in the future.

Anyway, if you’d like to remove the KernelScreenshotWin32.exe file you can do so with FreeFixer. Just select the KernelScreenshotWin32.exe process and service:

KernelScreenshotWin32.exe process KernelScreenshotWin32.exe service

Did you also find KernelScreenshotWin32.exe on your machine? Any idea how it was installed? Please share by posting a comment.

Website Xplorer Removal Instructions

adware, freefixer

Just a quick post on a browser add-on called Website Xplorer that was installed into Mozilla Firefox while installing another piece of software. I could not see that Website Xplorer was disclosed during the installation.

website xplorer firefox add-on

According to the description, Website Xplorer 0.1 will:

“Searches for matching web site, relevant to you.”

I could not find much info about it. If you have some additional details, please share by posting a comment. The extension .RDF file does mention a domain named weliketheweb.com.

website xplorer - weliketheweb.com in the rdf

The removal is pretty easy. Just select the file for removal in FreeFixer or remove it directly in Firefox’s add-on menu.

website xplorer firefox etx

Any idea how you got Website Xplorer on your machine?

Ads by SaferSurf – Removal Instructions

adware, freefixer

Are there are advertisements labeled Ads by SaferSurf while you browse the web, even on web pages that normally does not show any ads? Do you see “Visual Search results” labeled powered by safer-surf in when using the Google search engine. Then chances are you have the Safer-Surf adware installed on your machine.

safersurf - Ads by SaferSurf

powered by safer-surf

You can also see Safer-Surf in your browser’s add-on menu. Here it is in Mozilla Firefox:

safersurf in firefox

Software such as SaferSurf is generally distributed with bundling. That is, SaferSurf is included inside another software’s installer file. During the installation the user is offered to also install SaferSurf. Most often, the bundled software’s “I agree” radio button is already selected which will result in some users proceeding through the installer without realising that they accepted the bundled software.

Some of the anti-virus programs at VirusTotal are detecting the SaferSurf files, under names such as Strictor or AddLyrics.

If you’d like to get rid of the Safer-Surf ads you can simply uninstall it from the Add/Remove programs dialog. You can also nuke the SaferSurf adware with FreeFixer. Start the FreeFixer scan, and then select the Safer-Surf files in the scan result:

safer-surf uninstall

safer surf firefox ext safer-surf.exe process safersurf task safersearch in internet explorer and a startup

How did you get SaferSurf on you machine? Please share by posting a comment.