Category Archives: freefixer

How To Remove the AtuZi Adware

adware, freefixer

CNet’s Download.com site recently started bundling a new adware called AutZi. Basically it will show ads and change some browser settings:AtuZi CNet Installer

AutZi adds itself into Internet Explorer and Mozilla Firefox as shown in the screenshots below:

AtuZi-1.0.1 Firefox add-on requesting install AtuZi In FirefoxAtuZi add-on Internet Explorer

Removing AutZi is pretty straightforward. You can just select the AtuZibho.dll file and the AtuZi Firefox extension in FreeFixer:AtuZibho.dllAutZi Firefox Extension

Here’s a step-by-step removal video that shows how to uninstall AtuZi with FreeFixer:

There’s also an entry in the Program and Features dialog which allows you to uninstall AtuZi:AtuZi Uninstall

Please let me know if this helped you remove AtuZi by posting a comment.

SW-Booster.exe, SW-Sustainer 1.80, saVee aNete 5.14

adware, freefixer, malware

Played around with another download this morning. This time a bunch of new files and settings appeared. The first notable change was a new process and scheduled task called SW-Booster.exe appearing:sw-booster.exe

SW-Booster.exe is detected under names such as “a variant of Win32/TrojanDownloader.Agent.AFD” and “PUP.Optional.MultiPlug.A

Two new Firefox extensions also appeared, Y**tubeAdBlocker and saVee aNete 5.14:savee-anete-5.14

I’ve verified that FreeFixer removed these completely. There are also entries in the Programs and Features dialog.SW-Booster-SW-Sustainer 1.80

Please let me know if this helped you remove the SW-Booster malware by posting a comment.

Update 2014-11-21: Seems to be a variant around called SoftwareBooster.exe:

SoftwareBooster.exe task manager

 

How To Remove SaveNet

adware, freefixer,

Played around with an adware called SaveNet this evening. The screenshot below explains what types of ads SaveNet will show:

SaveNet Install

Basically you’ll see SaveNet coupons while you browse the web.

If you have SaveNet on your machine, you may also see a file called SN.Booster.exe in the Task Manager. SN.Booster.exe will also run as a service:SN.booster.exe

You’ll also see a Browser Helper Object and a Mozilla Firefox extension when scanning your computer with FreeFixer. The nasty thing about SaveNet is that it will use some sort of semi-random names displayed in Mozilla, Internet Explorer and the Programs and Features dialog. I’ve seen names such as:

  • saVe neut
  • ssave net
  • saveE! neot
  • save. net
  • Save net
  • SNT
  • savve noeT
  • Y**t*beAdblocker
  • saVVE Net
  • saVe neut
  • ssave net
  • saveE! neot
  • savve noeT
  • SN.Booster
  • SN.Sustainer 1.80

What names did you see? Please share by posting a comment.

SaveNet Browser Helper ObjectsSaveNet Firefox Extensions

Luckily it’s pretty easy to remove SaveNet with FreeFixer. Just select the SaveNet files and click Fix and the problem will be gone. You might need to restart your machine to complete the removal.

So, what does the anti-virus programs say about SaveNet? Here’s the detections for SN.Booster.exe:

  • Avast Win32:Agent-ASOC [Adw] 20140419
  • ESET-NOD32 Win32/TrojanDownloader.Agent.AFD 20140419
  • Qihoo-360 Win32/Trojan.Downloader.ec6 20140419
  • TotalDefense Win32/Tnega.VeAcWa 20140419
  • Kingsoft Win32.Troj.Generic.a.(kcloud) 20140419
  • F-Prot W32/Trojan2.OBQW 20140419
  • Commtouch W32/Trojan.ZIUW-3330 20140419
  • Fortinet W32/Agent.AFD!tr.dldr 20140418
  • Bkav W32.SauseiLTAR.Trojan 20140418
  • Comodo TrojWare.Win32.TrojanDownloader.Agent.AFD 20140419
  • Jiangmin TrojanDownloader.Adload.vxu 20140419
  • CAT-QuickHeal TrojanDownloader.Adload.dsd.cw4 20140418
  • VBA32 TrojanDownloader.Adload 20140418
  • AhnLab-V3 Trojan/Win32.Agent 20140419
  • TheHacker Trojan/Downloader.Agent.afd 20140419
  • ViRobot Trojan.Win32.S.Agent.729600.B 20140419
  • VIPRE Trojan.Win32.Generic!BT 20140419
  • NANO-Antivirus Trojan.Win32.Agent.cojdgu 20140419
  • Baidu-International Trojan.Win32.Agent.50 20140418
  • Symantec Trojan.Gen.2 20140419
  • ByteHero Trojan.Exception.gen.101 20140419
  • DrWeb Trojan.DownLoad3.30962 20140419
  • Agnitum Trojan.DL.Adload!sfG54tBszYg 20140418
  • Ad-Aware Trojan.Agent.WDCR.C 20140419
  • BitDefender Trojan.Agent.WDCR.C 20140419
  • F-Secure Trojan.Agent.WDCR.C 20140419
  • GData Trojan.Agent.WDCR.C 20140419
  • MicroWorld-eScan Trojan.Agent.WDCR.C 20140419
  • nProtect Trojan.Agent.WDCR.C 20140418
  • Kaspersky Trojan-Downloader.Win32.Adload.dyhq 20140419
  • Emsisoft Trojan-Downloader.Win32.Adload (A) 20140419
  • Ikarus Trojan-Downloader.Adload 20140419
  • K7AntiVirus Trojan-Downloader ( 0048ec4f1 ) 20140418
  • K7GW Trojan-Downloader ( 0048ec4f1 ) 20140418
  • TrendMicro TROJ_DLOADER.ADFK 20140419
  • TrendMicro-HouseCall TROJ_DLOADER.ADFK 20140419
  • Sophos Troj/Agent-AFFX 20140419
  • Panda Trj/WLT.A 20140419
  • AntiVir TR/Downloader.A.988 20140419
  • Norman Suspicious_Gen4.FKQEC 20140419
  • McAfee RDN/Downloader.a!oi 20140419
  • McAfee-GW-Edition RDN/Downloader.a!oi 20140419
  • Malwarebytes PUP.Optional.MultiPlug.A 20140419
  • AVG Downloader.Generic13.BRBQ 20140419

There are entries to uninstall SaveNet in the Programs and Features dialog. In my case, they appear as SN-Booster, SN-Sustainer, SNT and Y**tubeAdBlocker. What names did SaveNet use on your computer?

SN.Booster SN.Sustainer

Did this help you remove SaveNet? Please let me know by posting a comment.

How To Remove istart.webssearches.com

adware, freefixer

Is your browser starting with istart.webssearches.com as the start page?istart.webssearches.com

No problem, just check the istart.webssearches.com items in FreeFixer and it will be removed from Firefox and Internet Explorer:istart.webssearches.com in freefixer

istart.webssearches.com in freefixer

There is also an entry for webssearches.com in the Programs and Features dialog in the Windows Control Panel. I have not tried it. If you do, please let me know if that removed webssearches.com completely.istart.webssearches.com remove

Please let me know if you found this useful when removing istart.webssearches.com by posting a comment. Any idea how you got istart.webssearches.com on your machine?

 

How To Remove TowerTilt

adware, freefixer

Found a new adware called TowerTilt while testing a free download.  This is how it will appear when it adds itself in Firefox:

TowerTilt 1.0.1 Firefox Extension

Removing TowerTilt from Firefox and Internet Explorer with help from FreeFixer is pretty straightforward. Just check the TowerTiltBho.dll file and the Firefox extension in FreeFixer:

TowerTilt in Firefoxtowertiltbho.dll

I haven’t tried it, but TowerTilt also has an uninstall entry in the Windows Control Panel:Remove TowerTilt

Please let me know if this helped you remove TowerTilt by posting a comment. Do you know how you got TowerTilt on your computer?

WebSpades – Removal Instructions

adware, freefixer

Found another adware today called WebSpades. Made a quick video on how to remove it with FreeFixer.

The WebSpades removal is pretty straightforward with FreeFixer. Download and install FreeFixer, scan, check the WebSpades files, click Fix, reboot if FreeFixer asks you to do so, and WebSpades is gone.

Here’s some WebSpades Screenshots:

webspades.info web sitewebspadesbho.dll WebSpade Firefox Extension

 

How did you get the WebSpades adware on your machine. Please share by posting a comment.

Ads by Costmin and RightCoupon – Removal Instructions

adware, freefixer,

Stumbled upon ads labeled Ads by Costmin and RightCoupon a few days ago. Here’s a video where I show how to remove the ads:

Here are some CostMin and RightCoupon screenshots:

costmin overview

 

The offers will pop at the top right corner of your browser and help you save money and time.

Here’s how the RightCoupon pop-up looks like:

rightcoupon ad

How to uninstall it? Easy, remove it from the Programs and Features dialog, or nuke it with FreeFixer.

Costmin in the Add Remove programs dialog

Jotzey Removal Instructions

adware, freefixer

Found another bundled piece of software today dubbed Jotzey. It is bundled with download from CNet’s download.com:

Jotzey is bundled with free downloads

If you got Jotzey installed on your machine, you’ll see it listed in Firefox add-ons and in the Add/Remove programs dialog.

Jotzey in the add remove dialog Jotzey Firefox Add-on

You can uninstall it using FreeFixer. Check jotzeybho.dll and the firefox@jotzey.net.xpi extension for removal, or use the entry in the Add/Remove programs dialog.

Here’s a demonstration on where I remove Jotzey with FreeFixer:

What is FlowSurf – FlowSurf Removal Instructions

freefixer

This morning I was reviewing the new files added into the FreeFixer library. One of the new files was FlowSurf.dll, which currently only Comodo picks up as Application.Win32.Altbrowse.AK. The description, “FlowSurf toolbar” indicates that it is part of an Internet Explorer toolbar.

flowsurf.dll-anti-virus-report

It’s unclear if flowsurf.dll is part of the FlowSurf software distributed from flowsurf dot net. I tried out that download which installed into Firefox.

flowsurf 1.0 in Firefox

The FlowSurf EULA gives more details on the software:

(a) interacts with your Internet browser to create editable, virtual layers that can alter the appearance of underlying Internet websites, as they appear on your computer only (the “FlowSurf Apps Add-On”); (b) incorporates the FlowSurf Apps “FlowSurf” search enhancer on each new web page that is spawned when you open a new Internet browser session (“FlowSurf”); and (c) displays featured FlowSurf search results at the top of the search results page. Where you conduct a search using FlowSurf, you will be showed search results generated by a third party search engine provider as designated by FlowSurf Apps or, where permitted, as selected by you (“Third Party Search Providers”).

If you want to remove FlowSurf, you can do so using FreeFixer. Select fsupd.exe and flowsurf.dll for removal:

Fsupd.exe - FlowSurf flowsurf.dll

Hope this helped you remove FlowSurf.

How did you get FlowSurf on your machine? Please share by posting a comment.