Do you see ads labeled “Ads by Salus” while browsing the web, even on web sites that normally don’t have any advertisements? If so, you have the Salus Adware installed on your machine. Here’s how a Salus banner might look like:The Salus adware, or Salus Protector, or Salus Internet Protector as the installer refers to it is bundled with other software downloads. I found Salus bundled with an unofficial Google Chrome download. Here’s how the disclosure looks like:

For obvious reasons, Salus is adware. However, it appears as the anti-virus scanners have not yet started to detect it. Detection rate is 0/54 according to VirusTotal. I’m sure the anti-virus scanners will detect Salus sooner than later.

So, how can the Salus Adware be removed. No problem, you can easily uninstall it with FreeFixer. Just select the salus.exe and salus.sys file as shown in the screenshots below:

Or from the uninstall programs dialog:

Did you also have Salus installed on your machine? Any idea how it installed itself?

Hope you found this useful.

Did your search settings in Internet Explorer, Firefox and Chrome recently change to istartsurf.com and you are wondering how this search engine was installed on your computer? Most likely, istartsurf.com was bundled with another software download. I’ve seen it bundled a couple of times and here’s how the disclosure looked like in the installers:

If you’d like to remove istartsurf.com, you can do so from the Add/Remove programs dialog. If that does not work you can use FreeFixer to repair your browser settings.

Did you figure out which software download that bundled istartsurf.com? Please share by posting a comment below.

Did your search settings recently change to isearch.omiga-plus.com and you are wondering how this search engine was installed on your machine? Most likely, Omiga-Plus  was bundled with another download. I’ve seen it bundled twice and here’s how the installer windows looked like:

You can remove Omiga-Plus from the Uninstall programs dialog. If that does not work you can use FreeFixer to repair your search and homepage settings.

Did you figure out which software download that bundled Omiga-Plus? Please share by posting a comment.

Did you just find something called RelevantKnowledge in the Add/Remove programs dialog or did you see a process running in the background named rlvknlg64.exe, rk.exe, rlvknlg.exe or rlservice.exe?

So, how did RelevantKnownledge install on your machine? I would say that it was likely bundled with another program that you installed. At least that’s how it installed in my case. I was installing one program, and all of a sudden another window popped up with an “Additional Offer”. This is how it could have looked like when it installed on your machine:

Something that’s a bit strange is that the RelevantKnowledge installer window mention Linkular, but that was not what I was installing in the first place. If you want to find out when it was installed, you can check the “Created date” on the RelevantKnowledge file.

So what the RelevantSoftware do? Basically it monitors your browsing and shopping behaviour, then anonymise the data and aggregate it with other users that also run RelevantKnowledge, and generate a report that RelevantKnowledge’s clients use.

Hope that helped you figure out what RelevantKnowledge is.

Did you spot something called PriceLess and Support 1.80 on your machine? No problem,  I’ll show how to remove them. I found PriceLess bundled in a download claiming to be an episode of a famous TV-series. If you got this on your computer, you will see ads labeled “Ads by PriceLess” or “Ad by PriceLess“.

PriceLess adds itself in Internet Explorer and Mozilla Firefox as an add-on.

So what’s the problem with PriceLess? The scan result from VirusTotal clearly shows why you’d want to remove the PriceLess software. Adware/Win32.Agent and Multiplug.BAY are a few of the detection name. The detection rate is pretty low though, only 12%.

Removing PriceLess and Supporter 1.80 can be done from the Add/Remove programs dialog, or if that for some reason would fail you can remove them using FreeFixer by selecting the files as shown in the screenshots below:

How did you get PriceLess on your machine? Please share by posting a comment.

Yesterday I was fooling around with one of those downloads that I know bundles various types of unwanted software. I ran the installer over and over again to see if any new bundled software would install. Bingo.

Found something called OneKit and KeepMySearch, which added a desktop icon in form of a orange magnifying glass and a process named onekit.exe running in the background. The onekit.exe file was digitally signed by Montiera Technologies LTD. The company description on the file is Pay By Ads LTD.

When double-clicking on the OneKit icon a dialog for something called KeepMySearch popped up.

And when opening my Firefox browser, the Keep My Search widget appeared on the left side:

The same KeepMySearch widget also appeared in Google Chrome.

Only a few of the anti-virus scanners are detecting the onekit.exe file according to VirusTotal. Just a 9% detection rate. Montiera and PUP.Optional.PayByAds.A are two of the detection names for onekit.exe.

OneKit has an entry in the Uninstall program dialog which should allow you to uninstall it. I have not tried it though. FreeFixer can remove the OneKit software by selecting the two entries in the scan result as shown in the screenshots below.

Did you also get the OneKit and the KeepMySearch software on your computer? Any idea where you got it?

Found another bundled piece of software this morning. It’s called Cash’n’Back or NCupons and has been around for a while. If you have this on your machine, you’ll see the CashNBack.exe process running in the background.

Cash’n’Back is bundled with other software downloads. Here’s how it is disclosed in the installer where I found it:

CashNBack’s web site it ncupons.com if you’d like to review the Terms and Conditions and the Privacy Policy.

If you’d like to remove NCupons/CashNBack you can do so from the Add/Remove programs dialog, or by selecting the Cash’n Back files in FreeFixer.

I uploaded the CashNBack.exe file to VirusTotal and MalwareBytes detected it as PUP.Optional.CashNBack.A.

Stumbled on an adware called Glomatron yesterday when testing a software download. Glomatron was disclosed in the installer as you can see below. Basically Glomatron will insert various types of ads by modifying the web pages you currently visit. According to the installer it may show offers, coupons, related search results, etc.

Generally, software such as Glomatron is distributed by bundling. That is, the software is included in an unrelated download. You can avoid Glomatron and other bundled software by carefully reviewing what the installer displays and opting out from the unwanted software, before proceeding in the installer by clicking the Next, Accept or Install button.

Here’s how Glomatron appears in Firefox:

So how can Glomatron be removed. It’s pretty easy with FreeFixer, just select the Glomatron files for removal and the ads will be gone. You can also uninstall it from the Add/Remove programs dialog.

Did you also get Glomatron on your machine? What kind of download was it and where did you find it?