Category Archives: freefixer

Remove Ads By GoSaveNow – Adware Removal Instructions

adware, freefixer,

Are you seeing ads labelled Ads By GoSaveNowAd By GoSaveNow or Brought by GosaveNow? Do you also see links inserted into the web page that have a small green icon and says “Click to Continue > by Gosavenow“? If so, you have the GosaveNow adware installed on your machine. I’ll show how to remove Gosavenow in this blog post with the FreeFixer removal tool.

I’ve also found a variant of this adware called GoSave.

Here are a few examples on how the Gosavenow ads looks like:

Ad by Browser Shop Ad by Gosavenow

The Gosavenow ads also appears on search engines such as Google:

Ad by Gosavenow on the Google search engine ads by gosavenow

The following Gosavenow ad was inserted on Wikipedia.org:

brought by GoSaveNow Click to continue by Gosavenow

Gosavenow installs itself in Internet Explorer, Mozilla Firefox and Google Chrome. You can spot it if you open up the add-ons manager in the web browsers.

Gosavenow 1.8 chrome browser extensionGosavenow 1.8 in Firefox

Some of the antivirus programs are detecting the GosaveNow adware, but the detection rate is rather low. Only 4 of the 55 anti-virus scanners at VirusTotal detected it. That’s a 7% detection rate. MultiPlug seems to be the common detection name:

gosavenow virustotal report: MultiPlug

So, the GosaveNow removal. You can easily remove GosaveNow with FreeFixer. Just select the Gosavenow files for removal and click the Fix button. You may have to reboot your machine to complete the removal:

gsbooster.exe process gosavenow firefox extension GosaveNow chrome extension gosavenow bho

That’s it. Hope that helped you unistall GosaveNow.

Did you also get GosaveNow on your machine? Any idea how it was installed? Please share by posting a comment below.

Thank you for reading!

findamo.com and websearch.searchiseasy.info – Removal Instructions

freefixer

Getting redirected to findamo.com when starting your web browser? It appears that another web site, websearch.searchiseasy.info, is currently redirected to findamo.com.  So, if you are trying to remove findamo.com, you might have to look for searchiseasy.info instead of findamo.com in your browser’s home page and search settings.

findamo.com

I stumbled upon the findamo.com search engine while testing out some downloads that are known to bundled lots of unwanted software. How did you get findamo.com on your computer? Please share by posting a comment.

Back to the findamo.com removal. One way to do the removal is to use the FreeFixer tool.

  1. Download and install FreeFixer.
  2. Click the Start scan button. It should complete in about 5 minutes.
  3. Check the websearch.searchiseasy.info items in the scan result.
  4. Click the Fix button.
  5. Restart your web browsers.

You can also use the reset function in Firefox, Chrome and Internet Explorer. The reset feature restores most of the settings of the web browser to its default state. The problem is that it may do a little to much.

How to reset Mozilla Firefox settings:

  1. Click the menu button firefox menu button in the upper-right corner of the browser.
  2. Then click the Help button firefox help button at the bottom of the Firefox menu.
  3. From the Help menu, choose Troubleshooting Information.
  4. If you cannot access the Help menu, type about:support in the address bar to open up the Troubleshooting Information page.
  5. Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
    firefox reset button
  6. A dialog will pop up explaining what settings Firefox tries to preserve. Notice that everything else will be removed! To continue, click the Reset Firefox button in the confirmation window that opens.firefox reset button confirm.
  7. Firefox will close and reset itself. When the reset is done, a window will list the information that was imported. Click Finish and you’re done.

How to reset Google Chrome settings:

  1. Click the Chrome menu chrome menu button in the upper-right corner of Chrome.
  2. Select Settings.
  3. Click Show advanced settings and locate the “Reset browser settings” section. chrome reset browser settings button
  4. Click the Reset browser settings button.
  5. In the confirmation dialog that appears, review the changes the reset feature performs, then click Resetchrome reset confirm

 How to reset Internet Explorer settings

  1. Start Internet Explorer.
  2. On the Tools menuie tools button that appears in the upper-right corner of the browser, clickInternet options. If you can’t see the Tools menu, press Alt on your keyboard.
  3. In the Internet Options window, click the Advanced tab. ie advanced tab
  4. Click Reset… If you’re using Internet Explorer 6, click Restore Default.
  5. In the Reset Internet Explorer Settings dialog box, click Resetie confirm reset
  6. Select the Delete personal settings check box if you want to reset home pages, search providers and accelerators. Delete temporary Internet files, history, cookies, web form information, ActiveX Filtering data, Tracking Protection data, Do Not Track data and passwords.
  7. When Internet Explorer has finished applying the default settings, click the Close button.
    ie reset progress
  8. Reboot your machine.

Hope that helped you remove findamo.com. Thank you for reading.

 

 

YouTubeAdBlocke – Removal Instructions

adware, freefixer, ,

Hello there! As usual I was looking around on the Internet to see what is being bundled with some software downloads. This time I found something called YouTubeAdBlocke, which is installed as an add-on in Internet Explorer and Mozilla Firefox.

YoutubeAdBlocke 1.0 in Firefox YoutubeAdBlocke in Internet Explorer

YouTubeAdBlocke was installed with a bunch of other unwanted softwares called PC_Booster, PC_Sustainer 1.80 and PriceChop.

Just to set the record straight. YouTubeAdBlocke is not official software from Google.

As per usual I uploaded the suspicious YoutubeAdBlocke file to VirusTotal to see if any scanner detects it. The detection rate is quite low.

YoutubeAdBlocke virustotal report

PUP.Optional.MultiPlug, Adware.Win32.MultiPlug and Win32/Adware.MultiPlug are some of the detection names for the YoutubeAdBlocke file.

You can remove YouTubeAdBlocke from the Windows Control Panel. Please remember to remove the other unwanted softwares too.

YoutubeAdBlocke PC_Booster PC_Sustainer 1.80 PriceChop removal from the Windows Control Panel

If that does not work, you can remove YouTubeAdBlocke with the freeware FreeFixer malware removal tool. Just select the the YouTubeAdBlocke files for removal:

YoutubeAdBlocke Firefox Extension in FreeFixer

YoutubeAdBlocke bho in FreeFixer

Hope that helped you to figure out how to do the removal.

Did you also get YouTubeAdBlocke on your machine? Any idea how you got it?

Remove RockResult Ads in Firefox and Internet Explorer

adware, freefixer,

Hello there, hope you are having a great weekend. Just found another adware variant called RockResult. It appears that RockResult has been around for a while, at least a month, judging from the other anti-malware bloggers. But since I found it bundled today, I though I should write a short post about it.

If you have RockResult on your machine, you’ll see ads tagged as “RockResult Ads” while you are browsing the web. Here’s an example of the RockResult ads:RockResults ads

 

RockResult is added as an add-on in Internet Explorer and Firefox:

RockResult 1.0.1

 

So, how did RockResult install on your machine? It was probably bundled with some download that you installed recently. Here’s how RockResult was disclosed when I found it:

RockResult installer

 

I’m sure you’d like to remove RockResult, and that’s pretty easy with FreeFixer. Select the RockResult files, as shown in the screenshots below, click Fix, and reboot your machine and the ads should be gone.

RockResult removal internet explorer RockResult removal firefox

Thanks for reading.

 

Remove RocketTab – “Ads by RocketTab” Removal Instructions

adware, freefixer

Stumbled upon an adware called RocketTab this morning. I’ll show how to remove RocketTab, but first, let’s talk a little on how it is installed and what it does to your computer. RocketTab is distributed by bundling, that is, it is included in another software’s installer. Here’s how RocketTab was disclosed when I found it:

rockettab installer

Once installed you’ll notice the RocketTab file Client.exe running in the Windows Task Manager:

rockettab client.exe task manager

RocketTab inserts its ads while you browse the web. Here’s the ads are labeled “Ads by RocketTab” and appear on the Google search results.

rockettab - ad by RocketTab

As always when I find some new bundled software, such as RocketTab, I upload the files to VirusTotal to see what the other anti-virus programs report. And the detection rate is very low: 4%. The detection name is Adware.iBryte.

rockettab virustotal

Removing RocketTab is pretty easy with the FreeFixer removal tool. Just select the Client.exe process and scheduled task for removal, reboot and the problems is gone.

rockettab task rockettab client.exe process

Hope that helped you figure out what RocketTab is and how to remove it.

How did you get RocketTab on your computer? Please share in the comments below.

Update 2014-09-18: Client.exe is now digitally signed by Inertware.

Remove SnipSmart – Adware Removal Instructions

adware, freefixer,

Hello readers! Today I’m posting removal instructions for yet another adware variant called snipsmart. The snipsmart adware is bundled with other software downloads. So if snipsmart appeared unexpectedly on your machine, that’s probably how it was installed.

Snipsmart is installed as an add-on in Internet Explorer and Mozilla Firefox. Here’s a screendump from my lab machine which shows snipsmart in the add-ons menu of Firefox:

snipsmart in firefox's add-on menu

Typically, this type of adware adds banners on web site while you are browsing the web. The ads are usually tagged with texts such as “Snipsmart ads” or “Ads by Snipsmart“. However, for unknown reasons, I did not see any ads. Do you see the snipsmart ads on your machine? Please take a screenshot of the ad and send it to me and I’ll post it here on the blog. Thank you very much!

As per usual, I uploaded snipsmart to VirusTotal to see what the antivirus scanners report. And the detection rate is low. Only 6 of the 55 anti-virus programs detected the snipsmartBho.dll file:

snipsmart virustotal report. 11% detection rate

So, let’s get on with the snipsmart removal. As usual, this type of adware is easy to remove with FreeFixer. Just select the snipsmart files for removal and click Fix. You may have to reboot your machine to complete the removal. Here’s FreeFixer in action uninstalling snipsmart:

snipsmart firefox extensions snipsmart bho

Hope that helped you figure out what snipsmart is and how to remove it.

How did you get snipsmart on your machine? Please share by posting a comment.

Remove NeuroWise – Adware Uninstall Guide

adware, freefixer, ,

Yesterday I tried one of the downloads listed at CNET’s Download.com site and found that they are bundling a new adware called NeuroWise:

neurowise cnet installer

Neurowise appears to be a variant of the Atuzi adware that they previously bundled. According to Download.com’s disclosure,

Neurowise content includes advertisements and is not affiliated with any underlying websites. Browser settings will be adjusted at install.

Typically, this type of adware shows banner ads labeled “Ads by Neurowise” or “Neurowise Ads“, but for some reason I did not see any ads while browsing around with neurowise installed. Did you spot any Neurowise ads? How did they look like and where did they appear?

Neurowise is installed as a browser add-on in Firefox and Internet Explorer. In case you haven’t already spotted it in Firefox, here’s how it appears in the add-on menu:

neurowise firefox add-on

The majority of the anti-virus programs over at VirusTotal are detecting Neurowise, as shown in the screeshot below. BrowseFox and AltBrowse are some of the detection names.

neurowisebho.dll virustotal report

Removing the Neurowise adware is a piece of cake with FreeFixer. Just start the scan, select the Neurowise files, click Fix, reboot you machine and the problem will be gone. Here’s a few screenshots showing FreeFixer in action removing the Neurowise files:

neurowise internet explorer neurowise firefox

Hope that helped you figure out what Neurowise is and how to remove it. Did you also get Neurowise from Download.com?

Remove InfiniNet Ads – Adware Removal Guide

adware, freefixer,

Getting bombarded with ads labeled “InfiniNet Ads” in Internet Explorer and Firefox? Then you got the InfiniNet adware installed on your machine. InfiniNet inserts ads while you browse the web. I’ve seen the ads appear on all types of web pages.

InfiniNet Ads

Here InfiniNet inserts ads in search results on the Google search engine: InfiniNet ads in Google search results

I found the InfiniNet adware while testing another download that I knew had a history of bundling other types of adwares. Here’s how InfiniNet was disclosed in the installer:

InfiniNet installer

InfiniNet installs itself as an add-on in Firefox and Internet Explorer. Here’s how it shows up in Firefox’s add-on menu:

InfiniNet 1.0.1 in firefox

The anti-virus scanners seems to be pretty up to date when it comes to detecting InfiniNet.

InfiniNet Virustotal report

The detection rate is 45% which I think is pretty good. Some of the detection names are BrowseFox and AltBrowse.

The InfiniNet removal is straightforward with Freefixer. Just start the scan, select the InifiniNet files, click Fix and reboot your machine and the ads should be long gone. Here’s a few screenshots that shows FreeFixer in action deleting the InfiniNet files:

infininet firefox infininet bho

How did you get InfiniNet on your machine? Please share by posting a comment.

Kiril Skiba – 2 of 54 Anti-Virus programs detect the Kiril Skiba file

digital signature, freefixer,

Hello there, just a quick post on a publisher called Kiril Skiba that I found while running some tests on FreeFixer v1.12. I should have this new version of FreeFixer out this week. The suspicious file is named ldownload.exe and the following screenshot shows the User Account Control dialog when running the Kiril Skiba file.

Kiril Skiba appears as the Verified publisher.

The digital certificate appears to be relatively new. It’s valid from the 11th of Junly, 2014. According to the certificate, Kiril Skiba is located in Ukraine. The certificate is issued by  Certum Code Signing CA.

Kiril Skiba certificate

At the time being, the detection score for the Kiril Skiba file is very low. When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious –  only QIhoo-360 and VBA32 detected the file. The detection names are HEUR/Malware.QVM10.Gen and suspected of Trojan.Downloader.gen.h. With those two detections, I’d stay away from the file. It will be interesting to see if the other anti-virus programs will add this file it in the future.

Kiril Skiba ldownload.exe virus total report

When I tested to run the Kiril Skiba file, nothing appeared to happen. I could not see any modification at all on my lab computer. No windows popped up. Nothing.

Did you also find a file digitally signed by Kiril Skiba? Did it pose as something useful?

Plugin Update SL – Warning! Stay away from this file

adware, digital signature, freefixer, malware, ,

I’m in a hurry here, trying to wrap up the v1.12 release of FreeFixer, but I though I must write a few lines of about a file, digitally signed by Plugin Update SL, that was promoted as a Java update. Here’s how the ad appeared:

plugin update s.l ad - java update

When clicking on the ad, a download for something called Player_Setup.exe appeared. That file, is not a Java Update.

Plugin Update SL Certificate

The file is digitally signed by Plugin Update SL, which is a company that appears to be located on Tenerife, and if you run the file, it will start an installation of something called NewPlayer. During the installation, it offers lots of bundled unwanted software, such as Findopolis, FreeSoftToday, IStartSurf, etc, etc.

The VirusTotal scan also clearly shows why you should stay away from the Plugin Update SL malware file:

Plugin Update SL - Virus Total report

Some of the scanners report it as DomaIQ and SoftPulse.

Did you also find a file signed by Plugin Update SL? Was it also promoted as a Java update?

If you installed any of the bundled software, you can remove those with FreeFixer.

Hope this helped you avoid the Plugin Update SL software. Thanks for reading.