Category Archives: Uncategorized

What is SyncPulse Manager?

Uncategorized

I found the SyncPulse Manager software while installing another download called BitLord. SyncPulse Manager was included in the BitLord installation package, or installed by one of the programs that were bundled with BitLord. Unfortunately, I could not see any notice that SyncPulse Manager would be installed while proceeding though BitLord’s installation wizard. Maybe I did not examine the various licence agreements shown during installation with enough care, or perhaps SyncPulse was not disclosed at all?

Anyway, if you have SyncPulse Manager on your machine, you’ll see SyncPulseManager.exe running in the Windows Task Manager:

syncpulsemanager.exe task manager

Out of curiosity, I uploaded the SyncPulseManager.exe file to VirusTotal. Currenly, none of the anti-virus programs is detecting SyncPulse. It will be interesting to see if any of them will detect SyncPulseManager.exe.

syncpulsemanager.exe virustotal

So should it be removed? I think so, since it was bundled and I could not see any notice that it would be installed. If you’d like to remove SyncPulse Manager, you can do so with FreeFixer, or from the Windows Control Panel:

syncpulsemanager.exe process syncpulse manager service

syncpulse manager unistall

How did you get SyncPulse Manager on your computer? Please share in the comments below. If it was bundled, did you see any disclosure that it would be installed?

Remove websearch.fixsearch.info – Uninstall Guide

Uncategorized

Did your search settings and home page in Chrome, Firefox and Internet Explorer just change to websearch.fixsearch.info? No worries, I’ll show how to remove websearch.fixsearch.info from your computer.

websearch.fixsearch.info

I found the unwanted websearch.fixsearch.info search engine while testing out some downloads. The downloaded files were digitally signed by Igor Kramoren and Alexey Kurilenko, publishers that have previously bundled unwanted software with their downloads.

How did you get fixsearch.info on your computer? Please share by posting a comment.

So, the websearch.fixsearch.info removal. One way to do the removal is to use the FreeFixer tool.

  1. Download and install FreeFixer.
  2. Click the Start scan button. It should complete in about 5 minutes.
  3. Check the websearch.fixsearch.info items in the scan result.
  4. Click the Fix button.
  5. Restart your web browsers.

You can also use the reset function in Firefox, Chrome and Internet Explorer. The reset feature restores many settings of the web browser to its default state. The problem is that it may do a little to much.

How to reset Mozilla Firefox settings:

  1. Click the menu button firefox menu button in the upper-right corner of the browser.
  2. Then click the Help button firefox help button at the bottom of the Firefox menu.
  3. From the Help menu, choose Troubleshooting Information.
  4. If you cannot access the Help menu, type about:support in the address bar to open up the Troubleshooting Information page.
  5. Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
    firefox reset button
  6. A dialog will pop up explaining what settings Firefox tries to preserve. Notice that everything else will be removed! To continue, click the Reset Firefox button in the confirmation window that opens.firefox reset button confirm.
  7. Firefox will close and reset itself. When the reset is done, a window will list the information that was imported. Click Finish and you’re done.

How to reset Google Chrome settings:

  1. Click the Chrome menu chrome menu button in the upper-right corner of Chrome.
  2. Select Settings.
  3. Click Show advanced settings and locate the “Reset browser settings” section. chrome reset browser settings button
  4. Click the Reset browser settings button.
  5. In the confirmation dialog that appears, review the changes the reset feature performs, then click Reset. chrome reset confirm

 How to reset Internet Explorer settings

  1. Start Internet Explorer.
  2. On the Tools menu, ie tools button that appears in the upper-right corner of the browser, click Internet options. If you can’t see the Tools menu, press Alt on your keyboard.
  3. In the Internet Options window, click the Advanced tab. ie advanced tab
  4. Click Reset… If you’re using Internet Explorer 6, click Restore Default.
  5. In the Reset Internet Explorer Settings dialog box, click Resetie confirm reset
  6. Select the Delete personal settings check box if you want to reset home pages, search providers and accelerators. Delete temporary Internet files, history, cookies, web form information, ActiveX Filtering data, Tracking Protection data, Do Not Track data and passwords.
  7. When Internet Explorer has finished applying the default settings, click the Close button.
    ie reset progress
  8. Reboot your machine.

Hope that helped you remove websearch.fixsearch.info.

Thank you for reading.

Orbiter, ORBTR, SPPD.sys and SearchProtect by ClientConnect LTD.

Uncategorized, , ,

I was playing around with a download this morning to see if it bundled some software. When running the installer “Search Protect by Conduit” was offered. The installer also displayed a few links – as shown in the screenshot below – to learn more about the SearchProtect software and to the EULA and the privacy policy, but for some unknown reason, no browser popped up when clicking the links.

Conduit Search Protect

Search Protect is designed to change search settings in Firefox, Chrome and Internet Explorer to trovi.com and pop up a notification window when these settings are changed.

Since I more or less on a daily basis look on what’s being bundled with various downloads, I’m used to see Search Protect, but this was a new variant that I had not seen before. It also installed something called Orbiter in “c:\Program Files (x86)\ORBTR” or “c:\Program Files\ORBTR”. The files were named Orbiter.dll and Orbt.ext. A new driver name SPPD.sys also appeared on the hard drive located in “c:\Windows\System32\drivers“. All these files were digitally signed by ClientConnect LTD.

I was curious to see if the anti-virus programs over at VirusTotal detected the orbiter.dll file, and some of them did. As shown in the screenshot, 10 of the 55 anti-virus scanners detected the orbiter.dll file, under various detection names, such as PUP.Optional.Conduit.A and Adware.Orbiter.

orbiter.dll virustotal report

If you’d like to remove SearchProtect and Orbiter, you can do so from the Add/Remove programs dialog, by right-clicking on the Search Protect icon and selecting Uninstall. This also uninstalled the Orbiter software.

orbiter and search protect uninstall

Did you also get SearchProtect and Orbiter on your machine? Any idea how it was installed? Did the uninstaller work successfully?

Videos MediaPlay-Air – Removal instructions

Uncategorized

It saturday, but since I just found this new adware variant called “Videos MediaPlay-Air” I though I should write a quick post about it. The ads are labeled “Ad by Videos MediaPlay-Air” or “Click to Continue -> by Videos MediaPlay-Air” as shown below.

Ad by Video MediaPlay-Air Click to continue by videos MediaPlay-Air

The Videos MediaPlay-Air adware is detected by some of the anti-virus programs. CrossRider and AppRider are some of the detection names:

Videos MediaPlay-Air virustotal

Notice how the adware modified the webpage with the “PROGRAMS” link 🙂

Removing Videos MediaPlay-Air is easy. Just select the Videos MediaPlay-Air for removal in FreeFixer, click Fix, reboot your machine and the ads will be gone.

Videos MediaPlay-Air in internet explorer Videos MediaPlay-Air

Any idea how you got this on your machine?

Remove PicRec – “Ads by PicRec” Removal Instructions

Uncategorized

Hello, found a new adware just before heading off to the local indian restaurant for lunch. Back in front of the computer now to write the blog post. The adware is called PicRec and displays ads labeled “Ads by PicRec“. Here’s some examples of the ads:

Ads by PicRec Ads by PicRec - Media Player Ads by PicRec in Firefox

If you have PicRec installed on your machine, you will also see three files, privoxy.exe, picrecs.exe and picrdrw.sys on your computer. The files are digitally signed by One Call Ltd.

Currently none of the anti-virus programs detect the picrecs.exe file according to VirusTotal. I’m sure the anti-virus vendors will add PicRec to their detection database sooner than later.

picrecs.exe virustotal

Since you probably came here searching for removal instructions, let’s get on with it. PicRec can easily be removed by FreeFixer. Just select picrecs.exepicrdrw.sys and privoxy.exe for removal as shown in the screenshots.

Picrecs.exe privoxy.exe process picrdrw.sys driver PicRecs.exe service

How did you get PicRec on your computer? I found it bundled with another software download where the “I agree” checkbox for PicRec was already checked. Here’s how it was disclosed:

PicRec installer

The PicRec’s web site is picrec.com where you can find the Terms and Conditions and privacy policy:

picrec.com web site

 

Thanks for reading. Hope this helped you remove PicRec.

Remove Rewin_Cinematic 1.1 – Uninstall Guide

Uncategorized,

Found a new variant of the CrossRider adware called Rewin_Cinematic 1.1, so I thought I should write a removal guide. If you have the Rewin_Cinematic 1.1 adware on your machine, you will see ads labeled “Ads by Rewin_Cinematic 1.1“. These ads are inserted into web pages when you browse:

Ads by Rewin_Cinematic 1.1 banner

Ads by Rewin_Cinematic 1.1

Obviously Rewin_Cinematic is adware. The adware files are digitally signed by Monkey Code Lab.

Rewin_Cinematic is installed as add-ons in your web browsers. Here’s how it appears in Mozilla Firefox:

Rewin_Cinematic 1.1 in Firefox

Removing Rewin_Cinematic is pretty easy. All you have to do is check the Rewin_Cinematic files in FreeFixer for removal as shown in the screenshots below.

Rewin_Cinematic 1.1 tasks Rewin_Cinematic internet explorer Rewin_Cinematic firefox extension

That’s it! Hope that helped you remove Rewin_Cinematic.

Do you also have the Rewin_Cinematic adware installed on your machine? Any idea how it was installed? Please share by posting a comment.

 

search.safefinder.com – Removal Instructions

Uncategorized

Hello there! Sorry for not posting for the last days. I’ve been on a short holiday. Came back home yesterday and found a search engine called search.safefinder.com that is being bundled with some downloads. Here’s how the search.safefinder.com appears in the web browser:

search.safefinder.com in the web browser

Do you also have safefinder.com on your machine? It probably installed as a bundled offer. That’s where I found it. Here’s how search.safefinder.com is disclosed in the installer:

safefinder installer

Clicking the Terms of Service links in the installer brings up this web page:

safefinder terms

According to the Terms of Service, safefinder is run by a company called MobileMonetizer LTD.

Removing search.safefinder.com is pretty straightforward. Just select the safefinder.com items for removal in FreeFixer and the problem should be solved:

safefinder.com internet explorer settings

Did you also get search.safefinder.com in your browser? Do you remember which download that bundled it? Please share by posting a comment below.

ShopOp – Removal Instructions

Uncategorized

Did you spot something called ShopOp on your computer and wonder where it came from? It is likely that ShopOp was bundled with another software download. Here’s how ShopOp was disclosed when I found it bundled:

shopop bundled in a software download

You can uninstall ShopOp from the Programs and Features dialog in the Windows Control Panel. If ShopOp cannot be found there, or if its uninstaller is not working, then you can use FreeFixer to remove the ShopOp files.

IStart123.com – How did it install on your computer?

Uncategorized

Did your browser’s home page and search settings recently change to istart123.com? Are you are wondering how this web site installed itself on your machine?

It’s likely that istart123.com was bundled with another software downloader. That’s where I found it, bundled in an unofficial Google Chrome download, digitally signed by Smart Secure Software. Here’s how IStart123.com was disclosed in the installer:

Istart123

To uninstall Istart123.com, you can use the entry in the Add/Remove programs list or use FreeFixer to uninstall it.

Score.exe Removal Instructions

Uncategorized

Yesterday I was testing the Smart Secure Software download, that is known to bundle lots of unwanted programs. After going through the installer a new service appeared on the machine called score.exe. I though the file looked suspicious, since it was unsigned, had no version information, dropped in the c:\Windows folder,  and no entry in the Add/Remove programs dialog.

To my surprise none of the anti-virus programs over at VirusTotal detected the file:

score.exe virustotal report

It will be interesting to see if any of the anti-virus scanners starts to pick up score.exe.

So, should the score.exe file be removed? Yes I think so. You can remove it from FreeFixer by selecting the score.exe process and service:

scores service scores.exe process

Did you also find score.exe on your machine? Any idea how it got there?

Update 2014-10-07: Many of the anti-virus programs are now detecting score.exe:

  • AVG Agent5.HW
  • AVware Trojan.Win32.Generic.pak!cobra
  • Ad-Aware Trojan.Generic.11822832
  • Avast Win32:Dropper-gen [Drp]
  • Baidu-International Trojan.Win32.Agent.BWGA
  • BitDefender Trojan.Generic.11822832
  • Cyren W32/Trojan.KZBC-4044
  • ESET-NOD32 a variant of Win32/Agent.WGA
  • Emsisoft Trojan.Generic.11822832 (B)
  • F-Secure Trojan.Generic.11822832
  • Fortinet W32/Agent.WGA!tr
  • GData Trojan.Generic.11822832
  • Ikarus Trojan.Win32.Agent
  • McAfee Artemis!08675763B644
  • McAfee-GW-Edition Artemis
  • MicroWorld-eScan Trojan.Generic.11822832
  • Qihoo-360 Win32/Trojan.Dropper.c9f
  • Symantec Trojan.Gen.2
  • TheHacker Trojan/Agent.wga
  • TrendMicro TROJ_GEN.R0C1C0EJ514
  • TrendMicro-HouseCall TROJ_GEN.R0C1C0EJ514
  • VIPRE Trojan.Win32.Generic.pak!cobra
  • nProtect Trojan.Generic.11822832