Category Archives: freefixer

DGen.exe 100% CPU Usage? – Bitcoin Miner Removal

freefixer, , , , ,

Do you see a process named dgen.exe running at 99% or even 100% CPU usage? If that is the case someone is mining Bitcoins on your machine!

dgen.exe high cpu usage in the task manager

The dgen.exe Bitcoin miner has been around for some time. I first spotted it about a month ago, but for some reason I chose not to blog about it at that time. However, today I found it again, bundled with another download, so I thought I should post about it after all. Many of the anti-virus programs detect it as you can see in the scan result from VirusTotal:

dgen.exe virus total scan

How did you get dgen.exe on your machine? Please share by posting a comment.

To remove the dgen.exe bitcoin miner you can check the dgen.exe process and the starthelp.exe service for removal in FreeFixer. This will also fix the high CPU usage that you probably see on your machine.

dgen.exe-process

The starthelp.exe service appear as “Protect Monitor”:

starthelp.exe service called "ProtectMonitor" or "Protect Monitor".

Here’s a video where I show FreeFixer in action while removing dgen.exe and starthelp.exe:

Hope you found this useful. Thank you for watching!

Update 2014-08-11: I’ve seen a few cases where other filenames appear in the “c:\Program Files\PCDapp”  folder:

  • cudaminer.exe

How To Remove MPlayerPlus_01

adware, freefixer, ,

Just found a new adware variant called MPlayerplus_01. You might have found it in the Windows Task Manager where it appears as Mplayerplus_01-nova.exe or when inspecting the add-ons in Internet Explorer and Mozilla Firefox:

Mplayerplus_01 0.94.34 Firefox

Update 2014-05-22: There seems to be another variant around called MPP, that uses filenames such as MPP-bho64.dll, MPP-bho.dll, MPP-codedownloader.exe, MPP-novainstaller.exe, MPP-nova.exe and MPP-bg.exe.

Update 2014-05-26: Just found another variant. It is called MPMP.

Update 2014-05-27: Seems like the MPlayerPlus_01 constantly updates its name. I’ll list any future name here:

  • MediaPlayer+
  • Media_play_er+

I found MPlayerplus_01 while checking out a free media player download. In my case the installer disclosed that MPlayerplus_01 was bundled. Currently only a few anti-virus programs flag MPlayerplus_01:

MPlayerplus_01 is reported as CrossRider by Virus Total

The anti-virus vendors report MPlayerPlus as CrossRider.

How did you get MPlayerplus_01 on your machine? Was it bundled with some free downloads, and if so, was it disclosed that MPlayerplus_01 would be installed along with the download?

Removing MPlayerplus_01 with FreeFixer is a piece of cake. All you need to do is to select the MPlayerplus_01 files for removal and click the Fix button.

MPlayerplus_01 Scheduled Tasks Mplayerplus_01 in Internet-Explorer MPlayerplus_01 Firefox Extension in Freefixer

Here’s a removal video where I show FreeFixer in action deleting Mplayerplus:

Hope this helped you to figure out what MPlayerplus_01 is and how to remove it. If you like, please post a comment and share what you know about MPlayerplus_01.

Fpro1.2 Ads – Removal Instruction

adware, freefixer, , , ,

I just found a new variant of the Freeven Pro adware called Fpro1.2, Fpro_1.2, pro123 and pro12.  This will be a quick post before I’m going to bed. If you have Fpro1.2 on your machine you will probably notice it when it displays the ads that are labeled “Click to Continue – by Fpro1.2” and “Ad by Fpro1.2” as shown in the screenshots below:

ad by Fpro1.2        Click to Continue - by Fpro1.2

The ads above are from Internet Explorer and Mozilla Firefox. You can also see FPro listed in the web browser’s add-ons list, here in Firefox:Fpro in Firefox

The Fpro1.2 removal easy, just select the FPro files in FreeFixer: Fpro1.2-nova.exe, Fpro1.2-bg.exe, the Fpro Firefox Extensions, etc:

Fpro in Internet Explorer

fpro1.2 firefox freefixer fpro1.2-nova.exe fpro1.2 scheduled tasks

Since the removal for Fpro1.2 is the same as for Freeven Pro, for which I’ve done a removal video, I won’t do a new one. I think you’ll get the hang of it by watching the old video:

There’s also an entry in the add/remove programs dialog, but I have not tested it:fpro1.2-uninstall

Hope you found this useful.

How did you get Fpro1.2 on your machine? Please share by posting a comment.

websearch.eazytosearch.info – Removal Instructions

freefixer,

Found another search engine called websearch.eazytosearch.info that is installed as a bundled offer. Here’s how eazytosearch.info looks like in Internet Explorer:

websearch.eazytosearch.info in Internet Explorer

The removal is pretty straightforward with FreeFixer, just select the websearch.eazytosearch.info entries. Here are a few of them:websearch.eazytosearch.info in Firefoxwebsearch.eazytosearch.info in Internet Explorer

I’ve made a quick video where I show FreeFixer in action removing websearch.eazytosearch.info:

Hope you found this useful.

Freeven Pro – Removal Instructions

adware, freefixer, , , ,

Are you getting ads while browsing the web labeled “Click to Continue > by Freeven pro 1.2“, like the one shown below?

Click to Continue by Freeven Pro 1.2

Then you have a piece of software called Freeven Pro installed on your machine. Freeven Pro comes bundled with various software downloads. In my case I found it while testing a non-official download of the Google Chrome browser.

So, what is Freeven Pro? Obviously it’s adware since it shows advertisements. The anti-virus programs over at VirusTotal classify the Freeven pro 201.2-bho.dll file with names such as MultiBundle.RWin32.Application.Plush.BAdWare.PlusHD and AppRider.

Preeven Pro VirusTotal scan result

Removing Freeven Pro is pretty easy. Simply check the Freven Pro files for removal in FreeFixer. The screenshots below shows which files to remove:

Freeven Pro DLL in Internet ExplorerFreeven Pro Scheduled TasksFreeven Pro in Firefox

I’ve also captured a video that shows FreeFixer in action while deleting the Freeven Pro files. Hope you find it useful:

It seems as the Freeven developers are randomizing the product name. These are the variants I’ve found so far:

  • Frevens Pro 13
  • Fre_Ven_s Pro 23
  • Free_Ven_s_pro 25
  • Frieven_s_Prox_1.8
  • Fraven 1.1

What variants of Freeven have you found?

How To Remove Search-NewTab

adware, freefixer, trojan, ,

I’m currently looking at what is advertised on some of the torrent sites. Today I found another adware called Search-NewTab that installed into Internet Explorer and Mozilla Firefox:

search-newtab Firefox add-on 

The software seems to use some semi-random naming. I’ve seen in appear as “Seeaerch-oNeewTAb”, “Seearch-NewTTab”, “Sieaarch-NewTab” and “Search-NewTaBi”. What name did Search-Newtab use on your machine?

Currently, Search-NewTab is detected by many of the anti-virus program under names such as MultiPlug and MultiPlag. Most of the antivirus programs classify it as adware, but some report Search-NewTTab as a trojan, as you can see in the screenshot from VirusTotal below:

search-newtab virustotal results

So how about the removal? You can easily remove Search-NewTab by checking its files in FreeFixer:search-newtab bho in Internet ExplorerSearch-newtab as it appears in Freefixer

There’s also a Search-NewTab entry in the Add/Remove programs dialog in the Windows Control Panel, but I have not tested it. So no guarantees there.Seearch-newttab Uninstall from the Programs and Features dialog

Hope this helped you with the Search-Newtab removal.

How did you get Search-Newtab on your machine Please share by posting a comment.

Remove PlurPush Ads

adware, freefixer

If you see updatePlurPush.exe in the Task Manager or pop-up ads labeled PlurPush you have the PlurPush adware installed on your machine.

I found PlurPush when testing a free download, where the following information was displayed in the installer:

PlurPush info displayed in the installer

In other words: PlurPush will show ads while you browse the web.

PlurPush will add itself into Internet Explorer and Mozilla Firefox as shown below:

PlurPush 1.0.1 Mozilla Add-On

If you’d like to remove PlurPush with FreeFixer, you can easily do so by checking PlurPushBho.dll, updatePlurPush.exe and the PlurPush Firefox Extension for removal:

plurpushbho.dllUpdatePlurPush.exeThe PlurPush Firefox Extension

I’ve created a short video that shows FreeFixer in action while removing PlurPush:

Hope you found this useful.

How did you get PlurPush on your machine? Please share in the comments field below.

urlguard.exe is Gen.Variant.Symmi – Removal Instructions

freefixer,

Did you spot urlguard.exe in the Windows Task Manager? Then you have something called Gen.Variant.Symmi running on your machine.

urlguard.exe in the task manager

urlguard.exe is currently detected by 7 of the 52 anti-virus programs over at VirusTotal:urlguard.exe is Gen:Variant.Symmi.9161

You can remove urlguard.exe with FreeFixer by selecting the urlguard.exe file and registry startup entry:

urlguard.exe startup in registryurlguard.exe process

Hope that helped you to get rid of urlguard.exe.

How did you get urlguard.exe on your machine? Please share by posting a comment.

How To Remove SaveClicker

adware, freefixer

I was actually searching for another adware, but ran into the SaveClicker adware instead. When I found SaveClicker, it was bundled with a free download manager. Here’s the info it displays in the installer.

saveclicker install info

“Just install the add-on on your browser, surf the web and get specials offers (special coupons, discounts and sales)”

Obviously SaveClicker is adware. Here’s how the SaveClicker ad looks like:

Powered by SaveClicker

SaveClicker can easily be uninstalled  by selected in the SaveClicker files in FreeFixer, or by using the entry in the Programs and Features dialog:

SaveClicker saveclicker in internet explorer saveclicker uninstall

How did you get SaveClicker on your computer? Please share by posting a comment.