Category Archives: freefixer

Remove mwl.petuniasaucecockup.com Pop-Up Ads

November 4, 2014adware, freefixer, pop-upsRoger Karlsson

Did a pop-up ad from mwl.petuniasaucecockup.com just appear while you were browsing, perhaps when clicking on a search result in one of the major search engines, such as Google, Bing or Yahoo? Did the built-in pop-up stoppers in Chrome, Firefox or Internet Explorer fail to block the mwl.petuniasaucecockup.com popup? If so, you most likely have some adware installed on your machine that pop up these ads. I’ll show how to remove the mwl.petuniasaucecockup.com pop-ups in this blog post.

If you have been reading this blog post during the autumn you know that I’ve been playing around with some of the most common adware variants by installing them on a few of my lab machines and monitoring their behaviours. That’s where I found the mwl.petuniasaucecockup.com pop-up. On the machine where I found the pop-up I had installed the BlockAndSurf adware, so if you also have it on your computer, uninstall it and the mwl.petuniasaucecockup.com problems should be gone. As usual I tested to remove mwl.petuniasaucecockup.com with FreeFixer which worked without any hiccups. I always do that to make sure FreeFixer successfully removes the adware.

The problem with the mwl.petuniasaucecockup.com pop-ups is they can be caused by other adware variants, which makes it impossible to say exactly what should be removed on your computer to stop the popups.

To remove the mwl.petuniasaucecockup.com pop-ups I’d start looking in the “Uninstall Programs” dialog which can be found in the Windows Control Panel. Do you see something that you don’t remember installing? Do you see something that was installed about the same time as the mwl.petuniasaucecockup.com ads started to pop up? Tip: Sort on the “Installed On” column. You might need to do a few Google searches on the program names you find.

If that did not help, I would look in the add-ons menu in the browser to see if something suspicious is found. Do you also see something that you don’t remember installing?

If that still did not help you can try FreeFixer, which is a tool that I’ve developed for some time now. It’s a freeware tool that will help you identify and remove unwanted software from your computer. Basically, it scans lots of locations on your machine, such browser add-ons, drivers, processes, search settings, etc. Then it removes safe items by using a whitelist, to reduce the number of items in the scan result. Sometimes it can be difficult to determine if an item FreeFixer has found is safe or malware, but the “More Info” links can most likely help you there. The More Info links in the scan result will, as the screenshot shows, open up a web page, which contains a VirusTotal report for the file you just clicked. That should probably help you sort the goodies from the baddies.

Hope this helped you remove the mwl.petuniasaucecockup.com pop-ups ads. What adware did you remove to stop the mwl.petuniasaucecockup.com ads? Please share in the comment.

Remove HQ-Video-Pro-2.1cV02.11 Ads

November 3, 2014adware, freefixerCrossRider, Cyprus, Nicosia, Radon Battery Technologies, Space Battleship Creative, Winston ProjectRoger Karlsson

Hello readers. Hope you are doing ok. Did you just spot something called HQ-Video-Pro-2.1cV02.11 on your system? HQ-Video-Pro-2.1cV02.11 appears to be a variant of CrossRider that I’ve written about before. If the HQ-Video-Pro-2.1cV02.11 adware is installed on your machine, you will notice ads labeled Visual Search Results and Powered by HQ-Video-Pro-2.1cV02.11 in Google’s search results. I’ll show how to remove HQ-Video-Pro-2.1cV02.11 in this blog post with the FreeFixer removal tool.

Here it is in Firefox’ add-on menu:

HQ-Video-Pro-2.1cV02.11 is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers. When I first found HQ-Video-Pro-2.1cV02.11, it was bundled with a piece of software called FastPlayer.

Generally, you can avoid bundled software such as HQ-Video-Pro-2.1cV02.11 by being careful when installing software and declining the bundled offers in the installer.

When I find some new bundled software I always upload it to VirusTotal to verify if the anti-malware software there detect anything suspicious. The detection rate is 7/54. Some of the detection names for HQ-Video-Pro-2.1cV02.11 are Trojan.NSIS.GoogUpdate.dt, PUP.Optional.HQVideo.A and Crossrider (fs). The files are signed by “Radon Battery Technologies“.

Removing HQ-Video-Pro-2.1cV02.11 is pretty easy with FreeFixer. The screen capture that should help you along the way: You might have to restart your machine to complete the removal.

Hope that helped you to figure out how to do the removal.

Any idea how HQ-Video-Pro-2.1cV02.11 was installed on your computer? Please let me and the readers know by posting a comments. Thanks!

Hope you found this useful and thanks you for reading.

Update 2014-11-04: Today another variant was released called HQ-Video-Pro-2.1cV03.11. I guess we will see more variants where just the version number is increased:

HQ-Video-Pro-2.1cV04.11 (Yeah, found 5th Nov 2014)
HQ-Video-Pro-2.1cV05.11 (Found on the 6th of November)
HQ-Video-Pro-2.1cV06.11
HQ-Video-Pro-2.1cV07.11 (Found 13th of November)
HQ-Video-Pro-2.1cV08.11
HQ-Video-Pro-2.1cV09.11
HQ-Video-Pro-2.1cV10.11 (Found 13th of November)
HQ-Video-Pro-2.1cV11.11
HQ-Video-Pro-2.1cV12.11
HQ-Video-Pro-2.1cV13.11
HQ-Video-Pro-2.1cV14.11 (Found 15th of Nov)
HQ-Video-Pro-2.1cV15.11 (Found 16th of Nov)
HQ-Video-Pro-2.1cV16.11 (Found 16th Nov)
HQ-Video-Pro-2.1cV17.11 (Found 17th Nov)
HQ-Video-Pro-2.1cV18.11 (Found 19th Nov)
HQ-Video-Pro-2.1cV19.11 (Found 20th Nov)
HQ-Video-Pro-2.1cV20.11
HQ-Video-Pro-2.1cV21.11
HQ-Video-Pro-2.1cV22.11
HQ-Video-Pro-2.1cV23.11 (Found 23 Nov)
HQ-Video-Pro-2.1cV24.11 (Found 24 Nov)
HQ-Video-Pro-2.1cV25.11
HQ-Video-Pro-2.1cV26.11
HQ-Video-Pro-2.1cV27.11
HQ-Video-Pro-2.1cV28.11 (Found 28 Nov)
HQ-Video-Pro-2.1cV29.11
HQ-Video-Pro-2.1cV30.11

Update 2014-11-13: Now the files are signed by Space Battleship Creative. They seems to be located in Nicosia, Cyprus.

Update 2014-11-19: Now the files are signed by Winston Project:

Update 2014-12-02: New naming convention:

HQ-Video-Pro-2.1cV01.12
HQ-Video-Pro-2.1cV02.12
HQ-Video-Pro-2.1cV03.12
HQ-Video-Pro-2.1cV04.12
HQ-Video-Pro-2.1cV05.12
HQ-Video-Pro-2.1cV06.12
HQ-Video-Pro-2.1cV07.12
HQ-Video-Pro-2.1cV08.12
HQ-Video-Pro-2.1cV09.12

(Found 9 Dec 2014)

HQ-Video-Pro-2.1cV10.12
HQ-Video-Pro-2.1cV11.12
HQ-Video-Pro-2.1cV12.12
HQ-Video-Pro-2.1cV13.12
HQ-Video-Pro-2.1cV14.12
HQ-Video-Pro-2.1cV15.12
HQ-Video-Pro-2.1cV16.12
HQ-Video-Pro-2.1cV17.12
HQ-Video-Pro-2.1cV18.12
HQ-Video-Pro-2.1cV19.12
HQ-Video-Pro-2.1cV20.12
HQ-Video-Pro-2.1cV21.12
HQ-Video-Pro-2.1cV22.12
HQ-Video-Pro-2.1cV23.12
HQ-Video-Pro-2.1cV24.12
HQ-Video-Pro-2.1cV25.12
HQ-Video-Pro-2.1cV26.12
HQ-Video-Pro-2.1cV27.12

Remove bxh.mulctsamsaracorbel.com Pop-Up Ads

November 2, 2014adware, freefixer, pop-upsAddLyricsRoger Karlsson

Are you getting pop-ups from bxh.mulctsamsaracorbel.com while browsing in Chrome, Firefox or Internet Explorer? Do the pop-ups appear even though the built-in pop-up blocker in your browser is enabled? If that is the case, you probably have some sort of adware installed on your machine. This blog post will hopefully help you remove the bxh.mulctsamsaracorbel.com pop-ups ads.

If you have been following me here on the blog you know that I’ve installed some adware on purpose on my lab machines and that I’m currently monitoring what kind of advertisements that appears, the domain names of the pop-ups and other actions that the adware performs. The adware I have installed on this lab machines are TinyWallet, Browser Warden and BlockAndSurf. As you you can see in the screenshot below, the bxh.mulctsamsaracorbel.com pop-up is labeled BlockAndSurf, so there we have the adware that was responsible for the pop-up on my machine. So, in my case, the BlockAndSurf removal stopped the bxh.mulctsamsaracorbel.com pop-ups.

bxh.mulctsamsaracorbel.com ads by BlockAndSurf

There’s a problem though. BlockAndSurf is not the only adware that launch the bxh.mulctsamsaracorbel.com pop-ups. If your pop-up also is labeled with the adware name, go ahead and uninstall it, that should solve the problem.

However, the pop-ups are not always nicely labeled like that, so you might have to get your hands dirty to track down the adware that pop up the ads. The Add/Remove programs dialog in the Windows Control Panel and you browser’s add-on menu is a good start to search for suspicious software.

BlockAndSurf is variant of an adware family, often referred to as “AddLyrics” by the anti-virus programs. I think that the pop-ups are opened by some of the other variants too, not just BlockAndSurf. I’ve seen the following labels on the bxh.mulctsamsaracorbel.com pop-up type: Salus, CheckMeUp, Safer-Surf and NewPlayer.

I did a search in FreeFixer’s library of files to dig up a few more AddLyrics variants. It’s possible that one of these could be responsible for the bxh.mulctsamsaracorbel.com ads:

TubeSaver
SuperLyrics
LyricXeeker
MarkKit
PassShow
PassWidget
Plus-HD
Re-markit
ViewPassword
Re-Markable
Better Mark-it

If that does not help, you can try FreeFixer, a tool that I’m working on that assists users to track down and remove unwanted software. It’s a freeware tool. Tip, if you have difficulties determining if a file in FreeFixer’s scan result is legitimate or malware, click on the More Info links. That will bring up the file information page, which contains useful information about the file, such as a VirusTotal report for the file.

Screenshot showing how FreeFixer's "More Info" links opens up the file information page with a VirusTotal report. — FreeFixer’s More Info links. Click for full size.

Please let me know if you managed to track down what caused the bxh.mulctsamsaracorbel.com pop-ups in your case. What adware did you uninstall from your machine? Your comment will help other users in the same situation.

Thanks for reading, and welcome back to the blog.

How To Remove SitezExpert

November 1, 2014adware, freefixerRoger Karlsson

Just found another bundled Firefox add-on called SitezExpert 2.4.

If you’d like to remove SitezExpert, you can do so from Firefox’ add-on menu or use FreeFixer to remove it.

The SitezExpert add-on has recently been added to Firefox’ block list:

https://bugzilla.mozilla.org/show_bug.cgi?id=1073810

According to the bug database, all the following add-ons are variants of the same adware:

Website Xplorer
Site Counselor
Web Counselor
Sites Pro
ProfSites

Have a nice day!

Remove videosMediaPlayersversion2.1 and videosMediaPlayersv2.2 Ads

November 1, 2014adware, freefixerCrossRider, Cyprus, Nicosia, Railroad Party AppsRoger Karlsson

Hello guys and gals. I just found another bundled adware named videosMediaPlayersversion2.1 and videosMediaPlayersv2.2 and thought I should give you some removal instructions. videosMediaPlayersversion2.1 and videosMediaPlayersv2.2 seems to be a variant of CrossRider that I wrote about previously. If the videosMediaPlayersversion2.1 and videosMediaPlayerv2.2 adware is running on your machine, you will find new add-ons called videosMediaPlayers installed in Firefox and Internet Explorer. I’ll show how to remove videosMediaPlayersversion2.1 and videosMediaPlayersv2.2 in this blog post with the FreeFixer removal tool in case the removal from the Control Panel fails.

videosMediaPlayersversion2.1 and videosMediaPlayerv2.2 is distributed by a tactic called bundling. Bundling means that a piece of software is included in other software’s installers. I found these two programs bundled with a download called FastPlayer.

Following the standard procedure when I test some new bundled software I uploaded it to VirusTotal to check if the anti-virus progams there find anything suspicious. 13% of the scanners detected the file. Kaspersky names videosMediaPlayersversion2.1 and videosMediaPlayervs2.2 as Trojan.NSIS.GoogUpdate.dp, Malwarebytes reports PUP.Optional.VideosMediaPlayer.A and VIPRE detects it as Crossrider (fs). The file was digitally signed by Railroad Party Apps.

According to the certificate, Railroad Party Apps is located in the city of Nicosia on Cyprus.

Removing videosMediaPlayersversion2.1 and videosMediaPlayerv2.2 is pretty easy with FreeFixer. Here’s a few screen dumps from the removal that should help you. All files are located under the “videosMediaPlayers..” folder. You may have to restart your machine to complete the removal.

Hope that helped you to figure out how to do the removal.

Did you also find videosMediaPlayersversion2.1 and videosMediaPlayerv2.2 on your system? Any idea how it installed? Please share your story the comments below. Thanks!

Hope you found this useful and thanks you for reading.

Remove PriceFountain Ads

November 1, 2014adware, freefixerDealPly, GraftorRoger Karlsson

Hello there. Today I wanted to talk about an adware called PriceFountain and give you some removal instructions. This seems to be a variant of PennyBee that I’ve previously written about. If PriceFountain is running on your computer, you will see ads labeled brought by PriceFountain while browsing the web and pricefountain.exe and pricefountainw.exe running in the Windows Task Manager. You will also see PriceFountain in your browser’s add-on menu. I’ll show how to remove PriceFountain in this blog post with the FreeFixer removal tool.

PriceFountain is bundled with other software. Bundled means that it is included in another software’s installer.

As usual when I test some new bundled software I uploaded it to VirusTotal to test if the anti-virus scanners there detect anything interesting. 19 of the antivirus scanners detected the file. AegisLab reports PriceFountain as Troj.NSIS.GoogUpdate, Avira detects it as Adware/DealPly.1257472, F-Secure calls it Gen:Variant.Graftor.162003, Fortinet names it Riskware/DealPly and McAfee reports Artemis!AD168966F8B7.

You probably came here looking for removal instructions for PriceFountain and you can do so with the FreeFixer removal tool. Just select the PriceFountain files as shown in the screen-caps below. A restart of your machine might be required to complete the removal.

Hope that helped you to figure out how to do the removal.

I stumbled upon PriceFountain while testing out some downloads that are known to bundled lots of unwanted software. Any idea how PriceFountain was installed on your computer? Please share your story the comments below. Thank you very much!

Thanks for reading. Welcome back!

How To Remove SitesKing

November 1, 2014adware, freefixerRoger Karlsson

Hello readers. Hope you are having a great Halloween. I just found another bundled adware called SitesKing and wanted give you some removal instructions. This seems to be a variant of Website Counselor that I’ve previously blogged about. If the SitesKing adware is running on your computer, you’ll find a new add-on called SiteKing 3.7 in Mozilla Firefox’ add-on menu. I’ll show how to remove SitesKing in this blog post with the FreeFixer removal tool.

SitesKing is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found SitesKing, it was bundled with the Softsonic Downloader. This is how SitesKing was disclosed in Softsonic Downloader’s installer when I found it. Yes, that is correct, Website Counselor was disclosed, but SitesKing was installed.

Generally, you can avoid bundled software such as SitesKing by being careful when installing software and declining the bundled offers in the installer.

Since you probably want to remove SitesKing, this is the files you should check for removal if you want to remove it with FreeFixer. You may have to reboot your computer to complete the removal. Did that help you solve the problem? Hope this helped you solved the SitesKing problem.

Did you also find SitesKing on your machine? Any idea how it installed? Please share in the comments below. Thanks!

Thank you for reading and welcome back.

Box Rock Ads Removal Instructions

October 29, 2014adware, freefixerBrowseFoxRoger Karlsson

Hello readers. Another day, another blog post. I just found another bundled adware named Box Rock this morning and wanted to give you some removal instructions. This seems to be a variant of CrossRider that I’ve previously written about. If the Box Rock adware is running on your computer, you will find floating ads labeled Powered by Box Rock, ads labeled Box Rock Ads in Google’s search results and a new add-on added in Internet Explorer and Mozilla Firefox called Box Rock. Chrome seems to have remained clean. I’ll show how to remove Box Rock in this blog post with the FreeFixer removal tool.

Here’s BoxRock in Mozilla Firefox’ add-on menu:

Box Rock is distributed by a strategy called bundling. Bundling means that a piece of software is included in other software’s installers. When I first found Box Rock, it was bundled with GoForFiles. Here’s one example how it appears in the GoForFiles installer.

Generally, you can avoid bundled software such as Box Rock by being careful when installing software and declining the bundled offers in the installer.

When I stumble upon some new bundled software I always upload it to VirusTotal to test if the anti-malware scanners there find something. 7 of the anti-virus scanners detected the file. The Box Rock files are detected as BrowseFox.F by AVG, Trojan.BPlug.144 by DrWeb and PUP.Optional.BoxRock.A by Malwarebytes.

If you would like to remove Box Rock you can do so with the freeware FreeFixer tool. Select the Box Rock files for removal in FreeFixer, click Fix, reboot your system and the problem will be gone. Here’s a few screenshots to point you in the right direction:

Hope that helped you to figure out how to do the removal.

Any idea how BoxRock was installed on your computer? Please share your story the comments below. Thanks a bunch!

Thanks for reading!

How To Remove Support TW 1.1

October 28, 2014freefixerRoger Karlsson

Hello there and welcome to the FreeFixer blog. Did something named Support TW 1.1 appear on your machine? If Support TW 1.1 is installed and running on your machine, you’ll see it listed in the Add/Remove programs dialog. I’ll show how to remove Support TW 1.1 in this blog post with the FreeFixer removal tool in case the Add/Remove programs uninstall fails.

Support TW 1.1 is bundled in other software’s installers. When I found Support TW 1.1 this morning, it was bundled with a download promoted at The Pirate Bay.

Since you probably want to remove Support TW 1.1, these are the items you should check for removal if you want to remove it with FreeFixer. A restart of your machine might be required to complete the removal.

Hope this helped you remove the Support TW 1.1.

Did you also get Support TW 1.1 from a Pirate Bay download? Please share in the comments below. Thanks!

And, if you also see something called TinyWallet, remove that one as well 😉

Thank you for reading and welcome back.

Remove HQ-Video-Pro-2.1cv27.10 Ads

October 28, 2014adware, freefixerRoger Karlsson

Found another variant of HQ-Video-Pro. This one is called HQ-Video-Pro-2.1cv27.10. If you got it on your machine, you will see ads labeled Powered by HQ-Video-Pro-2.1cv27.10 in your Google search results. The removal procedure is the same as an older version.

Here’s how HQ-Video-Pro-2.1cv27.10 appears in Firefox: HQ-Video-Pro-2.1cV27.10 firefox