Category Archives: freefixer

What is Site Matcher Pro? – Removal Instructions

adware, freefixer

Did you just find something called Site Matcher Pro in Mozilla Firefox’ Add-on dialog? site-matcher-pro-1.0

Site Matcher Pro is a piece of software that suggests similar web site based on the sites that you are currently browsing.

How did you get Site Matcher Pro on your computer? I found it bundled with an unofficial Adobe Flash Player download. The Flash download was signed by the SuperCool Applications publisher. Here’s a screenshot of Site Matcher Pro appearing in the installer:

Site Matcher Pro is bundled with an unofficial Adobe Flash Player download.

If you’d like to remove Site Matcher Pro, you can do so from inside Firefox, or by selecting the Site Matcher Pro extension for removal in FreeFixer:

Site Matcher Pro appears in FreeFixer's scan result

Hope this helped you to figure out what Site Matcher Pro is and how to remove it.

Update 2014-10-06: Found Site Matcher Pro in another installer:

site matcher pro

Media_Play_AIR+ – Removal Instructions

adware, freefixer, ,

Just wanted to let you know about a new adware variant called Media_Play_AIR+ that I found tonight. 8 of the 50 anti-virus scanners at VirusTotal detects the Media_Play_AIR_1.1-bg.exe file, which you may see in the Windows Task Manager: media_play_air+-virustotal Some of the anti-virus program calls Media_Play_AIR+ Artemis, CrossRider and AppRider.

These are the variants I’ve found so far:

  • Media_Play_AIR+_1.1
  • Mediaa_Play_AIR_1.4

I found Media_Play_AIR+ bundled with a Zip/Unzip utility. The setup file was digitally signed by CloverMedia SL. How did you get Media_Play_AIR on your computer? The Media_Play_AIR+ files are digitally signed by individual developer SIMONA-VIORICA MARIN, which according to the certificate is located in Bucharest, Romania. Media_Play_AIR+_1.1-bg.exe certificate You can remove Media_Play_AIR+ with FreeFixer. Just select the Media_Play_AIR+ files as shown in the screenshots. Most of the files are located in c:\Program Files \Media_Play_AIR+_1.1 or c:\Program Files (x86)\Media_Play_AIR+_1.1 on 64-bit Windows. media_player_air+ in Firefox media_play_air+-bho media_play_air+ Media_Play_AIR+ is a variant of MPlayerPlus. Since the removal procedure is the same I’ll link that removal video where you can see FreeFixer in action removing the adware: Hope you found this useful.

How To Remove NewPlayer Ads

adware, freefixer

Did you see a new type of ads labeled Ads by NewPlayer popping up recently on your computer, even on web sites that normally don’t show any ads? Then you have the NewPlayer adware on your machine. The two types of NewPlayer ads that I’ve seen is a standard banner (to the left), and the Nav-Links roll-over ad type (to the right), as shown in the screenshot below.Ads by NewPlayer

Removing NewPlayer a one minute job with FreeFixer. All you need to do is to selected the NewPlayer files for removal, and then hit the Fix button. The filenames for NewPlayer can vary somewhat. In my case they were called NewPlayerFT171.exeNewPlayerV40.exe and NewPlayerLwruQw.exe. I’m sure you can identify them on your computer. Here’s the NewPlayer files in the FreeFixer scan result:

NewPlayer.exe Service NewPlayer Scheduled Tasks

Newplayer Process in FreeFixer

The detection rate for the NewPlayer adware appears to be pretty low. 3 of the 52 anti-virus scanners at VirusTotal detected the NewPlayer file. Avast refers to it as Win32:Adware-BQV and Baidu and ESET-NOD32 calls it AddLyrics.

newplayer-virus-total

How did you get NewPlayer on your computer?

Norpalla Adware Removal Instructions

adware, freefixer

Found another adware this morning. It’s called Norpalla, and it adds itself in your web browsers. Here you can see Norpalla in the Mozilla Firefox browser:

norpalla-firefox

I found Norpalla in a download that claimed to be an episode of the Game of Thrones tv-series. That download was digitally signed by “New IT Limited“.

Norpalla is an easy match for FreeFixer. Just select the norpallabho.dll file and the Norpalla Firefox Extension for removal and the problem is solved.

norpalla-firefox-extension norpalla-internet-explorer

Where did you find the Norpalla adware? Was it also bundled with a movie or tv-series download?

Majestic Savings Adware Removal

adware, freefixer

Found a new adware called Majestic Savings this morning. If you have Majestic Savings on your machine, you may have noticed additional links with a green arrow appearing, with a tool-tip saying “Click to Continue -> by Majestic Savings“.

Click to Continue - ads by Majestic Savings

Majestic Savings also modifies Google search results by inserting ads. The ads are labeled Ads by Majestic Savings.

Ads by Majestic Savings in Google search results

You may also see Majestic Savings popping up a dialog saying that it has upgraded itself by installation something called Browser Guardian:

Majestic Savings - Browser Guardian

Majestic Savings is added as an add-on in your web browsers. Here’s how it looks in Firefox:

Majestic Savings 1.0 appears as a Firefox Add-on

Removing Majestic Savings is easy, just select the Majestic Savings files in FreeFixer and the adware problem is solved:

majestic-savings-internet-explorer majestic-savings-firefox-extension

How did you get Majestic Savings on your machine? Please share by posting a comment. I found it while testing a software download, where Majestic Savings was offered during the installation, however, the installer referred to it as Majestic Coupons:

Majestic Coupons

 

Hope you found this useful.

GetMyFilesNow – How To Remove

adware, freefixer, , , ,

Stumbled upon an adware called GetMyFilesNow the other day. Here’s how its installer looks like:

getmyfilesnow installer

Once installed it will appear as an add-on in Mozilla Firefox:

getmyfilesnow addon 1.0 in Firefox

So, what kind of advertising does GetMyFilesNow show? After installation the well-known Nav-Links type of ads started to appear, but when I tested it GetMyFilesNow also replaced Google Adsense ads on the web sites that I visited.

getmyfilesnow nav-link popup

 

GetMyFilesNow may also insert ads into Google search results. They ads are labeled “Powered by GetMyFilesNow“:

Powered by GetMyFilesNow ads

Many of the anti-virus programs are obviously aware of GetMyFilesNow. When I scanned getmyfilesnow.exe, 14 of the 53 anti-virus programs flagged the file. Most of them report it as KillFiles, Linkular and Linkun.

getmyfilesnow.exe virus total scan

You can remove GetMyFilesNow by simply removing the Firefox Extension, either directly in Firefox or by checking the extension for removal in FreeFixer:

getmyfilesnow-firefox-ext

Hope this helped you figure out what GetMyFilesNow is and how to remove it.

How did you get this adware on your machine? Please share by posting a comment.

 

Productivitypro Ads – Removal Instruction

adware, freefixer,

Getting bombarded with ads labeled “productivitypro Ads” and a large sidebar with search results called “Topic Torch by productivitypro” like in the screenshots below?

productivitypro ads

Topic Torch by productivitypro

productivitypro will also appear in your web browser’s add-on list. It appears as “productivitypro 1.0.1” in Firefox:

productivitypro 1.0.1

So, how about the removal. Simply check the productivitypro files in FreeFixer for removal:

productivitypro Internet Explorer add-on productivitypro firefox extension

Out of curiosity, how did you get the productivitypro adware on your computer? Please let me know by posting a comment.

WiseManager’s CfjdkPfhrU.exe is a Bitcoin Miner – Removal Instructions

freefixer, Uncategorized,

I found yet another Bitcoin miner this morning. You might have spotted it because of a new file called WiseManager.exe running at startup or the high CPU usage by CfjdkPfhrU.exe as shown in the screenshot of the Task Manager below:

CfjdkPfhrU.exe CPU Setup Task Manager

The Wise Manager files are located in C:\Users\%USER%\AppData\Roaming\WiseManager\ and C:\Users\%USER%\AppData\Roaming\WiseManager\CGMInerDLLs.

wisemanager cgminerdlls folder

Currently no anti-virus detects the two main files, WiseManager.exe and CfjdkPfhrU.exe when I uploaded them to VirusTotal, but I assume the scanners will start picking them up sooner than later. WiseManager.exe is digitally signed by Moresta Holdings LimitedCfjdkPfhrU.exe is unsigned.

By the way, CfjdkPfhrU.exe sounds like it been given a random file name. Does your computer show another file hogging the CPU?

Removing WiseManger.exe and CfjdkPfhrU.exe is easy with FreeFixer. Just check WiseManager.exe and CfjdkPfhrU.exe for removal and click the Fix button and the problem is solved.

wisemanager.exe startup in the roaming folder wisemanager.exe and cfjdkPfhrU.exe processes

Now you can remove the C:\Users\%USER%\AppData\Roaming\WiseManager\ folder manually in Explorer.

I found the Wise Manager Bitcoin miner while testing a free download. WiseManager was bundled inside the download. How did you get Wise Manager and CfjdkPfhrU.exe on your computer?

Findopolis Ads Removal

adware, freefixer

Getting bombarded by Findopolis ads like in the screenshot below. No problem, I’ll show how to remove the Findopolis adware. Read on…Findopolis ads

The Findopolis adware has been are for some time, at least from the beginning of February 2014, but it is still being distributed. So I though I should write a few lines about it. I found Findopolis yesterday when a pop-up claimed that my computer needed a “Video Upgrade”.

All you need to do to remove Findopolis is to check the Findopolis files for removal in FreeFixer and click the Fix button.

findopolisbho.dll - Check this file for removal

Here’s a video showing demonstrating the removal:

Hope you found this useful.

How did you get Findopolis on your machine? Please share your story in a comment below.

Remove Settings Manager by Aztec Media

freefixer

If you see systemku.exe and SystemkService.exe running in the Task Manager you have the Settings Manager by Aztec Media installed on your machine. SettingsManager comes bundled with some free software downloads.

systemkservice.exe-task-manager

Settings Manager is detected by some of the anti-virus programs. Here’s the scan result for the SystemkService.exe file:

settingsmanager-virus-total

You can simply uninstall SettingsManager from the Windows Control panel as shown in the video below:

If the Settings Manager removal failed for some reason, you can also remove it with FreeFixer, by selecting Systemku.exe, SystemkService.exe, sysapcrt.dll and the Settings Manager Firefox extension for removal.

systemku.exe process in the task manager

systemk service

sysapcrt.dll

settings manager by aztec media in firefox

How did you get Settings Manager on your machine? Please share your story in the comments below.