Remove buzzdock.com from Firefox, Chrome and Internet Explorer

browser status bar

This page shows how to remove buzzdock.com from Mozilla Firefox, Google Chrome and Internet Explorer.

Did you just see buzzdock.com in the status bar of your browser and ponder where it came from? Or did buzzdock.com show up while you searched for something on one of the major search engines, such as the Google search engine?

Here’s a screen dump of buzzdock.com when it showed up on my machine:

buzzdock.com status bar

As you can see, it appeared while I did a search at Google.

The following are some of the statusbar messages you may see in your browser’s status bar:

  • Waiting for buzzdock.com…
  • Transferring data from buzzdock.com…
  • Looking up buzzdock.com…
  • Read buzzdock.com
  • Connected to buzzdock.com…

Does this sound like what you see your computer, you apparently have some potentially unwanted program installed on your machine that makes the buzzdock.com domain appear in your browser. So don’t flame the people that runs the web site you were at when you first spotted buzzdock.com in the statusbar. They are apparently not responsible, but from the potentially unwanted program that’s running on your machine. I’ll try help you with the buzzdock.com removal in this blog post.

For those that are new to the blog: Not long ago I dedicated some of my lab computers and deliberately installed some potentially unwanted programs on them. I’ve been monitoring the behaviour on these computers to see what kinds of ads, if any, that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself automatically, or if it downloads additional software on the computers. I first spotted buzzdock.com in Mozilla Firefox’s status bar on one of these lab machines.

buzzdock.com was registered on 2009-11-02. buzzdock.com resolves to the 8.25.35.116 IP address. I’ve also seen edge.buzzdock.com in use.

So, how do you remove buzzdock.com from your browser? On the machine where buzzdock.com showed up in the status bar I had PriceFountain, SpeedChecker, YTDownloader and WebWaltz installed. I removed them with FreeFixer and that stopped the browser from loading data from buzzdock.com.

The issue with status bar messages like this one is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program that’s installed on my machine. This makes it impossible to say exactly what you need to remove to stop the status bar messages.

Anyway, here’s my suggestion for the buzzdock.com removal:

The first thing I would do to remove buzzdock.com is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Uninstall a program search

Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Uninstall a program dialog

Do you see something dubious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started seeing the buzzdock.com status bar messages.

Then you can examine you browser add-ons. Potentially unwanted programs often appear under the add-ons dialog in Chrome, Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
Firefox add-ons manager

I think most users will be able to find and remove the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop many years ago. Freefixer is a tool built to manually identify and remove unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.

FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to pay a fee just when you are about to remove the unwanted files.

And if you’re having troubles deciding if a file is clean or potentially unwanted in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains additional information about the file. On that web page, check out the VirusTotal report which can be very useful:

FreeFixer More Info link example
An example of FreeFixer’s “More Info” links. Click for full size.

Did you find any potentially unwanted program on your machine? Did that stop buzzdock.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.

Thank you!

TRUSTED INSTALL SOFTWARE – Generic.AA1 or False Positive?

digital signature,

Hi there! Just a quick post on a file named finaltorrent-setup.exe digitally signed by TRUSTED INSTALL SOFTWARE.

TRUSTED INSTALL SOFTWARE publisher

Typically you’d see the TRUSTED INSTALL SOFTWARE publisher name appear when double-clicking on the finaltorrent-setup.exe file: It’s possible to view additional information about the certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that TRUSTED INSTALL SOFTWARE is located in San Fransisco in US and that the certificate is issued by VeriSign Class 3 Code Signing 2010 CA.

TRUSTED INSTALL SOFTWARE cert

So, what’s the problem here? Well, AVG detects this as Generic.AA1. All the other anti-virus programs over at VirusTotal did not detect the file. Could AVG’s detection be a false positive? What do you think?

TRUSTED INSTALL SOFTWARE virustotal

Did you also find a file signed by the same publisher? Does the scanners at VirusTotal detect it?

Thanks for reading.

Astori LLC – 18% Detection Rate

digital signature,

Hello! Was looking for some downloads to play around with and found one, digitally signed by Astori LLC. The file is named in such a way that users might think it is a download for the Game of Thrones TV series.

The following screenshot shows the User Account Control dialog when running the Astori LLC file:

Astori LLC publisher

It’s possible to view additional information about the certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that Astori LLC appears to be located in Moscow, Russia and that the certificate is issued by COMODO Code Signing CA 2.

Astori LLC cert

I found an older file, also signed by Astori LLC. This one was detected by 10 of the 57 scanners over at VirusTotal:

Astori LLC virustotal

Did you also find a Astori LLC file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

GLobal appS Roi – 27% Detection Rate – Downloader.MTU / HfsAdware / OutBrowse

digital signature,

Hi there! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs. A few days ago I found another publisher named GLobal appS Roi.

GLobal appS Roi publisher

If you have a GLobal appS Roi file on your machine you may have noticed that GLobal appS Roi is displayed as the publisher in the UAC dialog when double-clicking on the file. You can also see the GLobal appS Roi certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, GLobal appS Roi is located in Dublin, Ireland.

GLobal appS Roi cert

These are the current VirusTotal detections for the file. Downloader.MTU, W32.HfsAdware.4546, Trojan.OutBrowse.760 and Adware-OutBrowse.g as a few of the detection names for the Player.exe file.

GLobal appS Roi signature report

Did you also find a GLobal appS Roi file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Artur Flomenko – 11% Detection Rate

digital signature,

Welcome! Just wanted to give you the heads up on files digitally signed by Artur Flomenko.

Artur Flomenko publisher

If you have a Artur Flomenko file on your machine you may have noticed that Artur Flomenko is displayed as the publisher in the UAC dialog when double-clicking on the file. The certificate is issued by Certum Code Signing CA. Mr Flomenko is located in Ukraine.

Artur Flomenko cert

So, what does the anti-virus programs say about the Artur Flomenko file? No problem, I just uploaded the file to VirusTotal and it turned out that some of the anti-virus programs detects the Artur Flomenko file, with names such as Win32:FakeDownload-G [PUP], a variant of Win32/Kryptik.DPGT, Trojan.Downloader, Trj/Genetic.gen and PE:AdWare.Win32.MultiPlug.aq!1075358402.

Artur Flomenko virustotal

Did you also find an Artur Flomenko? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

COnfirmED APp nLn – 18% Detection Rate – OutBrowse

digital signature, ,

Hi there! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file called Player.exe, digitally signed by COnfirmED APp nLn.

The following screenshot shows the User Account Control dialog when running the COnfirmED APp nLn file:

COnfirmED APp nLn publisher

You can also check the digital signature under the file’s properties. According to the certificate we can see that COnfirmED APp nLn seems to be located in Ireland and that the certificate is issued by thawte SHA256 Code Signing CA.

COnfirmED APp nLn cert

The problem with the COnfirmED APp nLn file is that it is detected by many of the antivirus progams. Here are some of the detection names: Downloader.LIR, PUA.OutBrowse.A and Adware-OutBrowse.g.

COnfirmED APp nLn anti-virus detection

Since you probably came here after finding a file that was signed by COnfirmED APp nLn, please share what kind of download it was and if it was detected by the antivirus scanners at VirusTotal.

Thank you for reading.

Top Scale (New Media Holdings Ltd.) – 14% Detection Rate – InstallCore

digital signature, ,

Hi there! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called Top Scale (New Media Holdings Ltd.).

Top Scale New Media Holdings Ltd publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Top Scale (New Media Holdings Ltd.) certificate.

Top Scale New Media Holdings Ltd. cert

Top Scale is located in Tel Aviv, Israel, according to the certificate.

What caught my attention was that the download was called GoogleChromeSetup.exe. This might look like an official Google Chrome download, but it is not. If it was an official download, it should have been signed by Google Inc.. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Chrome Google Inc publisher

So, what does the anti-virus programs say about the Top Scale (New Media Holdings Ltd.) file? No problem, I just uploaded the file to VirusTotal and it turned out that some of the anti-virus programs detects the Top Scale (New Media Holdings Ltd.) file, with names such as InstallCore.A98, W32.HfsAdware.D59D, PUP.Optional.InstallCore.A and InstallCore (fs).

Top Scale New Media Holdings anti-virus report

Did you also find an Top Scale (New Media Holdings Ltd.)? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

Remove view.contextualyield.com Pop Up Ads

pop-ups

Does this sound like your story? You see pop-up advertisements from view.contextualyield.com while browsing sites that typically don’t advertise in pop-up windows. The pop-ups manage to bypass the built-in pop-up blockers in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Perhaps the view.contextualyield.com pop ups appear when clicking search results from Google? Or does the pop-ups show up even when you’re not browsing?

Here’s a screenshot of the view.contextualyield.com pop-up ad when it showed up on my machine:

view.contextualyield.com pop up

(Sorry for the ridiculous use of watermarks. I have to do it to stop the copy-cats.)

If this description sounds like your computer, you probably have some adware installed on your machine that pops up the view.contextualyield.com ads. Contacting the owner of the website would be a waste of time. They are not responsible for the ads. I’ll try help you with the view.contextualyield.com removal in this blog post.

Those that have been spending some time on this blog already know this, but here we go: A little while back I dedicated some of my lab computers and intentionally installed some adware programs on them. I have been tracking the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself automatically, or if it downloads additional unwanted software on the computers. I first found the view.contextualyield.com pop-up on one of these lab computers.

view.contextualyield.com resolves to 46.105.156.73. view.contextualyield.com was registered on 2015-06-25. bycontext.com is also located at the same IP according to YouGetSignal’s reverse lookup service.

So, how do you remove the view.contextualyield.com pop-up ads? On the machine where I got the view.contextualyield.com ads I had istartsurf, MedPlayerNewVersion and Movie Wizard installed. I removed them with FreeFixer and that stopped the view.contextualyield.com pop-ups and all the other ads I was getting in Mozilla Firefox.

It seems as view.contextualyield.com is getting quite a lot of traffic, based on Alexa’s traffic rank:

contextualyield.com traffic rank

The issue with this type of pop-up is that it can be initiated by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.

So, what can be done to solve the problem? To remove the view.contextualyield.com pop-up ads you need to review your computer for adware or other types of unwanted software and uninstall it. Here’s my suggested removal procedure:

  1. What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
  2. You can also check the add-ons you have in your browsers. Same thing here, do you see anything that you don’t remember installing?
  3. If that didn’t solve the problem, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your computer at lots of locations where unwanted software is known to hook into your system. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:

    FreeFixer More Info link example
    An example of FreeFixer’s “More Info” links. Click for full size.

Here’s a video tutorial which shows FreeFixer in action removing adware that caused pop-up ads:

Did you find any adware on your machine? Did that stop the view.contextualyield.com ads? Please post the name of the adware you uninstalled from your machine in the comment below.

Thank you!

Egor Klochko – 34% Detection Rate – MultiPlug / Graftor

digital signature, ,

Welcome! Just a note on a publisher called Egor Klochko. The Egor Klochko download – Download Uc Browser V Handler Zip.exe – was detected when I uploaded it to VirusTotal. Did you also find a download by Egor Klochko? Was it also detected when you uploaded it to VirusTotal?

Egor Klochko publisher

Typically you’d see the Egor Klochko publisher name appear when double-clicking on the Download Uc Browser V Handler Zip.exe file: It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Egor Klochko certificate.

Egor Klochko certificate

The VirusTotal report shows that the Egor Klochko file should be avoided, since Download Uc Browser V Handler Zip.exe is detected as Trojan.Adware.Graftor.D31885 by Arcabit, Gen:Variant.Adware.Graftor.202885 by BitDefender and PUP.Optional.Multiplug by Malwarebytes.

Egor Klochko anti-virus report

Did you also find a Egor Klochko file? Do you remember where you downloaded it?

Thank you for reading.

Alekxandr Zabaro – 13% VirusTotal Detection Rate

digital signature

Hi there! Just a quick post on a publisher called Alekxandr Zabaro that I found while running some tests for the upcoming FreeFixer release. The suspicious file is named Download.exe.

Alekxandr Zabaro file

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Alekxandr Zabaro certificate.

Alekxandr Zabaro cert

After uploading the Alekxandr Zabaro file – Download.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 13% and some of the detection names were: Win32:MultiPlug-AAE [PUP], a variant of Win32/Adware.MultiPlug.MO and Unwanted-Program ( 0040f9681 ).

Alekxandr Zabaro anti virus report

Did you also find a Alekxandr Zabaro file? Do you remember where you downloaded it?

Hope this blog post helped you avoid some unwanted software on your machine.

Thank you for reading.