Category Archives: freefixer

How To Remove enh.guzzlepraxiscommune.com Pop-Up Ads

October 27, 2014adware, freefixer, pop-upsRoger Karlsson

Getting pop-ups from enh.guzzlepraxiscommune.com? If those pop-ups also sneak through the built-in pop-up blockers in Chrome, Firefox and Internet Explorer, you most likely have some adware installed on your machine. I’ll give some advice on how to remove the enh.guzzlepraxiscommune.com pop-up in this blog post.

The enh.guzzlepraxiscommune.com removal is pretty straightforward, I uninstalled the adware that was installed on my machine with help from the FreeFixer removal tool. The adware were BlockAndSurf, Browser Warden and Tiny Wallet. In my case, BlockAndSurf was responsible for the pop-ups. Please keep in mind, that the enh.guzzlepraxiscommune.com pop-ups can be launched by other variants of adware. I think Safer-Surf and CheckMeUp, SpeedCheck and Salus can also be responsible for the pop-ups.

Tip: If you are having problems to determine whether a file or setting in FreeFixer’s scan result is good or bad, please have a look at the information shown on the More Info page, which appears when clicking on the More Info link as shown in the screenshot below. It will show a VirusTotal scan which can be useful when trying to determine whether to keep or remove the file.

FreeFixer More Info opening up the info page for Skype_setup.exe — The More Info links in FreeFixer opens up a VirusTotal report. Click for full size.

Hope that stopped the enh.guzzlepraxiscommune.com pop-ups on your machine.

What adware did you uninstall on your machine to get rid of the enh.guzzlepraxiscommune.com ads? Thank you very much for sharing and helping other users in the same situation.

Thank you for reading and welcome back! I’m going to follow up this one with more info later today or tomorrow.

Update 2014-10-30: Below is the full URL for the pop-up when I spotted it in Chrome. It mentions the datropy.com domain (wkj.datropy.com), it also sends the name of the adware to the server, in this case SaferSurf. The URL also contains www.google.se, which was the web site I was visiting when the pop-up appeared. The URL also contains WhiteLabelBidRequestHandlerServlet, indicating that something in the back-end is written in Java.

http://enh.guzzlepraxiscommune.com/sd/dw32.html?u=http%3A%2F%2Fwkj.datropy.com%2FWhiteLabelBidRequestHandlerServlet%3Foid%3D1%26width%3D1%26height%3D100%26pubid%3D9050%26tagid%3D5771%26noaop%3D1%26revmod%3DCRD%26cb%3Dcybabw%26encoded%3D1%26cirf%3Dhttps%3A%2F%2Fwww.google.se%2F%26pstn%3D90505771&p=SaferSurf&a=&c=9050-5771&b=chrome&bv=37&t1=1414676170615&tt=1414676170615&r=www.google.se&ua=0&n=convertmedia&sn=&mpa=0&mp=0

Based on the traffic I’m getting to this blog post it appears that there’s a large number of users having problems with the enh.guzzlepraxiscommune.com pop-ups. The Alexa traffic rank today shows that the enh.guzzlepraxiscommune.com site has reached a global rank of 26153 in just a few days.

Remove “Powered by HQ-Video-Pro-2.1cV26.10” Ads in Google Search results

October 27, 2014adware, freefixerCrossRiderRoger Karlsson

Hello readers. Welcome to the blog. Did something called HQ-Video-Pro-2.1cV26.10 appear on your computer? HQ-Video-Pro-2.1cV26.10 seems to be a variant of CrossRider that I’ve talked about previously. If the HQ-Video-Pro-2.1cV26.10 Adware is installed on your computer, you will find ads labeled powered by HQ-Video-Pro-2.1cV26.10 in Google’s search results. I’ll show how to remove HQ-Video-Pro-2.1cV26.10 in this blog post with the FreeFixer removal tool.

Here’s HQ-Video-Pro-2.1cV26.10 in Firefox’ add-on menu:

HQ-Video-Pro-2.1cV26.10 is bundled with other software. Bundled means that it is included in another software’s installer.

You can remove HQ-Video-Pro-2.1cV26.10 with the FreeFixer removal tool. Just select the HQ-Video-Pro-2.1cV26.10 files as shown in the screen dumps below. You may have to restart your computer to complete the removal.

Hope this helped you solved the HQ-Video-Pro-2.1cV26.10 problem.

I stumbled upon HQ-Video-Pro-2.1cV26.10 while testing out some downloads that are known to bundled lots of unwanted software. Any idea how HQ-Video-Pro-2.1cV26.10 was installed on your machine? Please share by posting a comment. Thank you!

Thank you for reading.

“Disable developer mode extensions” Pop-Up in Chrome caused by malware.

October 26, 2014adware, freefixerRoger Karlsson

Are you getting a pop-up from Google Chrome saying:

“Disable developer mode extensions. Extensions running in developer mode can harm your computer. If you’re not a developer, you should disable these extensions running in developer mode to stay safe.”

As the pop-up says, if you are a developer and working on an extension in developer mode, it’s fine.

If you are not a developer, this pop-up is an indication that you have some unwanted software on your machine that you need to remove. In my case, Chrome alerted me due to an extension called PriceLess which often is classified as adware. I think you should disable the extensions, and then get your hands dirty tracking down the unwanted software running on your machine. If you are lucky, it’s just the Chrome extension, but most likely you will see other changes and new files on your machine that you will need to remove. If you are comfortable with using a tool used to manually track down unwanted software, you can try the FreeFixer removal tool. It’s freeware.

Hope this blog post pointed you in the right direction.

What unwanted software did you find on your machine?

Thanks for reading.

Remove InetStat – InetStat.exe Removal Instructions

October 25, 2014freefixerRoger Karlsson

Just found a file called InetStat.exe, bundled in another software download. InetStat.exe was located in c:\users\%USERNAME%\appdata\roaming\inetstat. I could also see it running in the Windows Task Manager.

InetStat.exe was not detected by the anti-virus programs over at VirusTotal when I uploaded it, but I think it should be removed anyway. It was bundled with another software download, but as far as I could see, not disclosed in the installer. The file did not have a digital signature or any version information that could help users figure out the purpose of the file and who developed it.

I’ve saved a copy of the InetStat.exe file to see if it will be added to the anti-virus programs detection list in the future.

Anyway, if you’d like to remove InetStat, you can do so with FreeFixer. Just select InetStat.exe for removal:

Thanks for reading.

Remove “powered by SmartOnes” Ads

October 23, 2014adware, freefixerMultiPlugRoger Karlsson

Hello guys and gals. As usual I was looking around on the Internet to see what is being bundled with some software downloads. This time I found something called SmartOnes. If you have SmartOnes on your computer, you’ll find new add-ons installed in Chrome, Internet Explorer and Mozilla Firefox and ads labeled powered by SmartOnes while browsing the web. I’ll show how to remove SmartOnes in this blog post with the FreeFixer removal tool.

Here’s how SmartOnes appears in Firefox and Internet Explorer:

SmartOnes is distributed by a strategy called bundling. Bundling means that a piece of software is included in other software’s installers. When I first found SmartOnes, it was bundled with a download called a download claiming to be an episode of the Game of Thrones TV serie. Here’s how it appeared in the installer where I found it:

Generally, you can avoid bundled software such as SmartOnes by being careful when installing software and declining the bundled offers in the installer.

As always when I test some new bundled software I uploaded it to VirusTotal to see if the anti-viruses there detect anything. 4 of the scanners detected the file. MultiPlug seems to be the common detection name.

The SmartOnes removal with FreeFixer is straightforward. Check all the SmartOnes items for removal and click fix. Here’s a few screenshots from the removal that should help you:

To remove the Chrome extension, type in chrome://extensions/ in Chrome’s address bar.

Hope this helped you remove the SmartOnes adware.

Any idea how SmartOnes was installed on your computer? Please share by posting a comment. Thanks a bunch!

Thank you for reading and welcome back.

Remove Site Pro 0.1

October 23, 2014freefixerRoger Karlsson

Here’s another bundled program. Sites Pro 0.1. You can remove it with FreeFixer or from Firefox’s add-on menu. I seems it only added itself into Firefox and not in Chrome or Internet Explorer.

Sites Pro 0.1 firefox add-on

Thanks for reading.

Remove HQ-Video-Pro-2.1cV22.10 Ads

October 23, 2014adware, freefixerCrossRiderRoger Karlsson

Hello there and welcome to the FreeFixer blog. Did something called HQ-Video-Pro-2.1cV22.10 appear on your machine? HQ-Video-Pro-2.1cV22.10 seems to be a variant of CrossRider that I’ve written about before. If you have HQ-Video-Pro-2.1cV22.10 on your machine, you will find ads labeled powered by HQ-Video-Pro-2.1cV22.10 in Google search results. You will also see new add-ons installed in Internet Explorer and Mozilla Firefox. I’ll show how to remove HQ-Video-Pro-2.1c in this blog post with the FreeFixer removal tool.

HQ-Video-Pro-2.1c is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found HQ-Video-Pro-2.1cV22.10, it was bundled with a download called FlvPlayer. Generally, you can avoid bundled software such as HQ-Video-Pro-2.1c by being careful when installing software and declining the bundled offers in the installer.

As usual when I play around with some new bundled software I uploaded it to VirusTotal to test if the anti-malware software there find something. The detection rate is 4/54 which I’d say is pretty low. Some of the detection names for HQ-Video-Pro-2.1cV22.10 are a variant of Win64/Toolbar.Crossrider.L, PUP.Optional.HQVideo.A and Crossrider (fs). The file is signed by “Radon Battery Technologies“.

The HQ-Video-Pro-2.1cV22.10 removal with FreeFixer is pretty straightforward. Check all the HQ-Video-Pro-2.1cV22.10 files/settings for removal and click fix. Here’s a few screenshots from the removal that should help you:

Hope this helped you remove the HQ-Video-Pro-2.1cV22.10 Adware.

Any idea how you got HQ-Video-Pro-2.1cV22.10 on your computer? Please share in the comments below. Thanks a bunch!

Hope you found this useful. Thanks for reading.

Update 2014-10-24: Found another variant called HQ-Video-Pro-2.1cV23.10.

Update 2014-10-25: Another variant: HQ-Video-Pro-2.1cV24.10.

Seems like the version number is updated every day. So I’ll assume we will see the following variants shortly:

HQ-Video-Pro-2.1cV25.10
HQ-Video-Pro-2.1cV26.10
HQ-Video-Pro-2.1cV27.10
HQ-Video-Pro-2.1cV28.10
HQ-Video-Pro-2.1cV29.10
HQ-Video-Pro-2.1cV30.10

WordProser Ads Removal Instructions

October 20, 2014adware, freefixerInfoAtoms, VitruvianRoger Karlsson

Hello readers. Welcome to the blog. Just a short post on a called Word Proser or WordProser. Word Proser appears to be a variant of Vitruvian that I’ve blogged about before. If you have WordProser installed and running on your computer, you will find ads labeled WordProser Ads or Ads by WordProser, new add-ons in Mozilla Firefox and Internet Explorer and a new service called wpsvc.exe. I’ll show how to remove WordProser in this blog post with the FreeFixer removal tool.

You may also see the “WordProser search results”:

Word Proser is bundled with a number of downloads. Bundling means that software is included in other software’s installers. When I first found Word Proser, it was bundled with a piece of software called FastPlayer. The screengrab below shows how the FastPlayer installer informed the user that Word Proser was bundled.

Generally, you can avoid bundled software such as Word Proser by being careful when installing software and declining the bundled offers in the installer.

As always when I find some new bundled software I uploaded it to VirusTotal to see if the anti-malware progams there detect anything interesting. 3 of the scanners detected the file. The Word Proser files are detected as a variant of Win32/AdWare.Vitruvian.D by ESET-NOD32 and InfoAtoms (fs) by VIPRE.

Since you probably want to remove Word Proser, wpnfd_1_10_1.sys, wpsvc.exe and WordProserClient.dll are the files you should check for removal if you want to remove it with FreeFixer. You might have to reboot your computer to complete the removal. Problem taken care of.

Hope that helped you with the removal.

Any idea how you got Word Proser on your computer? Please share your story the comments below. Thank you!

Hope you found this useful. Thanks for reading.

Remove RCore Trojan – RCore.exe Removal Instructions

October 20, 2014freefixer, trojanRoger Karlsson

Hello guys and gals. Just a quick post on the RCore trojan. If RCore is installed on your machine, you will see rcore.exe in in the Windows Task Manager and a new service called rcores pointing to rcore.exe. I’ll show how to remove RCore in this blog post with the FreeFixer removal tool.

RCore is distributed by a method called bundling. Bundling means that a piece of software is included in other software’s installers.

When I find some new bundled software I always upload it to VirusTotal to see if the anti-malware scanners there detect anything fishy. The detection rate is 14/52. The RCore files are detected as Trojan.Win32.Generic.pak!cobra by AVware, a variant of Win32/Agent.WGA by ESET-NOD32 and Artemis!0339F1025037 by McAfee.

You can remove RCore with the FreeFixer removal tool. Here’s a few screenshots from the removal that should help you: A restart of your computer may be required to complete the removal.

Hope that helped you with the removal.

Do you also have RCore on your computer? Any idea how it installed? Please let me and the readers know by posting a comments. Thanks!

Thanks for reading. Welcome back!

How To Remove OfferBoulevard

October 17, 2014adware, freefixerLinkuryRoger Karlsson

Hello there. Found another adware called OfferBoulevard right now. OfferBoulevard seems to be a variant of Linkury. If the OfferBoulevard adware is installed on your system, you will see OfferBoulevard.exe and OfferBoulevardW.exe running in the Task Manager. I’ll show how to remove OfferBoulevard in this blog post with the FreeFixer removal tool.

OfferBoulevard is bundled with other software. Bundled means that it is included in another software’s installer. When I first found OfferBoulevard, it was bundled with FastPlayerPro. Here’s how it appeared in the FastPlayerPro installer where I found it:

For some reason it is called Offer Blvd in the EULA.

Generally, you can avoid bundled software such as OfferBoulevard by being careful when installing software and declining the bundled offers in the installer.

When I play around with some new bundled software I always upload it to VirusTotal to check if the anti-viruses there detect something fishy. 10 of the 54 anti-virus scanners detected the file. ESET-NOD32 reports OfferBoulevard as a variant of MSIL/Toolbar.Linkury.H, Malwarebytes classifies it as PUP.Optional.Offer and VIPRE detects it as Adware.Linkury (fs).

The OfferBoulevard removal with FreeFixer is pretty easy. Check all the OfferBoulevard files for removal and click fix. Here’s a few screenshots from the removal that should help you:

Hope this helped you remove the OfferBoulevard adware.

Any idea how OfferBoulevard was installed on your computer? Please let me and the readers know by posting a comments. Thank you very much!

Thank you for reading.