Category Archives: freefixer

Feven Adware – How to Removal

adware, freefixer

Found a new adware called Feven yesterday. The screenshot from the installer should give you some insights in what the Feven software does:

feven adware

There are a few anti-virus programs that detects Feven, with the following names:

  • PUP.Optional.Feven.A
  • AppRider
  • Crossrider (fs)

Feven can be uninstalled with help from FreeFixer. Here are some of the filenames that I’ve seen the Feven adware use:

You can also try the Feven entry in the Add/Remove programs dialog.

Feven in the Add/Remove dialog.

 

How did Feven find its way into your computer? I found it on a web site which package Feven with third party downloads.

How To Remove HD Streamer

adware, freefixer, Uncategorized

I’m current working on some code for FreeFixer to repair hijacked Internet shortcuts. I’ve installed a few browsers such as Chrome, Mozilla, Safari and Opera on the lab machine, and then l installed a download that I knew messed around with the shortcuts to the browsers. Typically, the Internet shortcuts on the desktop is modified to launch an unwanted web page instead of the web page that the user wants.

While doing this I found a new adware variant called “HD Streamer“. At the moment, only Vipre is picking up ScriptHost.dll, which is the main file of HD Streamer.

HD Streamer Firefox Extension

HDStreamer has an entry in the Add/Remove programs dialog. I haven’t tested it but I suppose it works.HD Streamer in the Add/Remove programs dialog

I did however test that FreeFixer deleted both ScriptHost.dll and the Mozilla Firefox Extension without any problem.

HD Streamer's ScriptHost.dll listed in FreeFixer

Now, back to writing that code.

Ads by PassShow – How To Remove

adware, freefixer,

Do you see ads labeled Ads by PassShow on your machine?

Ads By PassShow ad

Then you got the PassShow adware installed. You may also see pop-ups from the gld.pathticket.net web site.

PassShow is pretty easy to delete with FreeFixer. The following removal instructions will remove PassShow from Internet Explorer and Mozilla Firefox.

  1. Download, install and start FreeFixer
  2. Start the scan.
  3. Check 150.dll, PsUp.exe and 150.xpi for removal in the scan result, as shown in the screenshots below.
  4. Click Fix
  5. Restart your machine.

That’s it.

How did you get PassShow on your machine? I found it while testing a download from CNet’s Download.com site.

PassShow PsUp.exe PassShow Mozilla Firefox Extension PassShow 150.dll

  

 

 

How To Remove ShopperPro By Goobzo

adware, freefixer

Found another adware program this morning: ShopperPro. If you got this on your machine, you will see ads popping up while browsing. They ads are labeled “by shopper pro“, “Powered by Shopper-Pro” or “brought by ShopperPro“:

powered by Shopper-Pro"by shopperpro" ad injected into web page

 

brought by ShopperPro

You can remove Shopper Pro by checking the following files in FreeFixer’s scan result:

  • ShopperPro64.dll
  • ShopperPro.dll
  • ShopperPro.exe
  • ShopperPro.zip
  • SPRemove.exe
  • Updater.exe

There’s also a Shopper-Pro entry in the Add/Remove programs window in the Control Panel.

I found ShopperPro bundled with a free download. Where did you find ShopperPro? Did you also find it packaged with another download?

iWeBar – Removal Instruction

adware, freefixer, ,

Just a quick update. I’ve just uploaded a small removal tutorial for the iWeBar software.

If you have the iWeBar installed on your machine, you’ll probably see iWebar-bg.exe running in the Windows Task Manager and ads labeled “Powered by iwebar” in Chrome, Firefox and Internet Explorer.

powered by iwebar

There’s also a bunch of other iWeBar files that will be run by the Windows Task Scheduler that appears in FreeFixer’s scan result.

  • iWebar-bho.dll
  • iWebar-chromeinstaller.exe
  • iWebar-codedownloader.exe
  • iWebar-enabler.exe
  • iWebar-firefoxinstaller.exe
  • iWebar-updater.exe
  • iwebar.exe

Here’s the video:

Update 5th November: The iWebar adware is still distributed. Now the iWebar files are digitally signed by Gogo Network Club. According to the embedded certificate Gogo Network Club is located in Nicosia, Cyprus.

Gogo Network Club iwebar

Powered by Object Browser and Brought by Object Browser Ads and Coupons – How To Remove

adware, freefixer, , , , , ,

Are you getting ads labeled “Powered by Object Browser” or “Brought by Object Browser” while browsing sites such as BestBuy, E-Bay, Walmart or Amazon?

powered by Object Browserbrought by Object Browser

If so,  you have the ObjectBrowser adware installed on your machine. Here’s a tutorial on how to remove Object Browser:

Update 2014-11-13: Now the Object Browser files are digitally signed by “Sara Kodama Project“.

Sara Kodama Project

Update 2014-11-19: Now the files are signed by Tita-­nium Great Minds. Tita­nium is also located in Nicosia, Cyprus.

Tita-­nium Great Minds

 

Update 2014-12-19: Now the files are signed by Armageddon Labs (BrightCircle Investments Limited).

Connect Toolbar by Conduit – How To Remove

freefixer, Uncategorized,

The Connect Toolbar by Conduit is now bundled with downloads on the Internet. I found it while downloading software from Download.com.

Connect Toolbar by Conduit in Firefox

It pretty straightforward to remove the Connect Toolbar. You can either use FreeFixer to remove it, or by uninstalling it through the Add/Remove programs dialog.

Connect DLC 5 Toolbar for Internet Explorer

If you want to remove the Connect Toolbar with FreeFixer, look for prxtbConn.dll,  cltmng.execltmngsvc.exe and TBVerifier.dll in FreeFixer’s scan result.

cltmng.exe and CltMngSvc-exe in FreeFixerprxtbConn.dll Connect Toolbar in FreeFixerConnect DLC 5 Firefox ExtensionConnect Toolbar by Conduit Download.com Installer

Browser SafeGuard – How To Remove

adware, freefixer

Do you see an icon labelled Browser Safeguard in the system tray and BrowserSafeguard.exe running in the Windows Task Manager?browsersafeguard.exe

Then you have the Browser SafeGuard proxy software installed on your machine. According to the EULA it may show ads:

Furthermore, you understand and agree that: .. some services and/or software provided by Browser Safeguard contain advertising.  Additionally, we may supply advertising from time to time on websites that you visit.

Under normal circumstances I usually show how to remove software with FreeFixer, but since Browser Safeguard modifies your computer’s proxy settings I think it’s better to let it handle the uninstall process. FreeFixer does not have any “restore proxy settings” feature, but  that is certainly something that I should add.

Please let me know if you have lost your Internet access after removing BrowserSafeguard.exe manually. I’ll post some instructions here on how to restore Internet proxy settings.

Here’s a video tutorial where I show how to remove BrowserSafeguard:

eGdpSvc.exe – How To Uninstall

freefixer, malware, trojan

Back in July I was first notified about the eGdpSvc.exe file. At that time, only one of the 45 engines at VirusTotal detected the file and I didn’t know how it was distributed or how it ended up and the users’ machines.

Today, I noticed that eGdpSvc.exe is still distributed so I thought I’d make a quick uninstall guide that shows how to delete eGdpSvc.exe with the help of FreeFixer. This video also shows that the “more info” links in FreeFixer can be quite useful to determine if a file is legitimate or malware.

The more info links in FreeFixer

When looking at the “more info” page of eGdpSvc.exe in the video you’ll see that eGdpSvc.exe is currently detected by 14 of the anti-virus scanners at VirusTotal.

Do you click on the more info links while trying to determine if a files is legitimate or malware?