Welcome! I was playing around and testing some downloads when I found a file digitally signed by FASt download got.
If you have a FASt download got file on your computer you may have noticed that FASt download got pops up as the publisher in the User Account Control dialog when running the file. You can also see the FASt download got certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, FASt download got is located in Dublin in Ireland.
The problem is that installer_adobe_flash_player_English.exe is not an official Adobe Flash Player download. If it was, it should be digitally signed by Adobe Systems Incorporated. Here’s how the authentic Adobe Flash Player looks like when you double click on it. Notice that the “Verified publisher” says “Adobe Systems Incorporated”.
If you are considering to run the FASt download got signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program:
Avast reports installer_adobe_flash_player_English.exe as Win32:PUP-gen [PUP], AVG names it Downloader.FFH, CAT-QuickHeal reports Adware.NSIS.OutBrowse.A, DrWeb calls it Trojan.OutBrowse.263, ESET-NOD32 reports Win32/OutBrowse.BU potentially unwanted and McAfee-GW-Edition calls it BehavesLike.Win32.Suspicious.hc.
Did you also find a file digitally signed by FASt download got? What kind of download was it and where did you find it?
This page shows how to remove fkv.kaeygmagba.com from Mozilla Firefox, Google Chrome and Internet Explorer.
Does this sound like your story? You see fkv.kaeygmagba.com in your browser’s status bar while browsing on sites that typically don’t load any content from third party domains. Perhaps the fkv.kaeygmagba.com domain appear when performing a search at the Google search engine?
Here is a screenshot on fkv.kaeygmagba.com in the network log from my computer:
The following are some of the status bar messages you may see in your browser’s status bar:
Waiting for fkv.kaeygmagba.com…
Transferring data from fkv.kaeygmagba.com…
Looking up fkv.kaeygmagba.com…
Read fkv.kaeygmagba.com
Connected to fkv.kaeygmagba.com…
Does this sound like what you are seeing, you presumably have some potentially unwanted program installed on your computer that makes the fkv.kaeygmagba.com domain appear in your browser. Contacting the owner of the web site you were browsing would be a waste of time. They are not responsible for the fkv.kaeygmagba.com status bar messages. I’ll do my best to help you remove the fkv.kaeygmagba.com message in this blog post.
If you have been spending some time on this blog already know this, but if you are new: Some time ago I dedicated some of my lab systems and intentionally installed a few potentially unwanted programs on them. Since then I’ve been following the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself automatically, or if it downloads and installs additional potentially unwanted programs on the computers. I first found the fkv.kaeygmagba.com in Mozilla Firefox’s status bar on one of these lab systems.
fkv.kaeygmagba.com resolves to 5.153.38.133. fkv.kaeygmagba.com was registered on 2015-03-18.
So, how do you remove fkv.kaeygmagba.com from your web browser? On the machine where fkv.kaeygmagba.com showed up in the status bar I had TinyWallet, BlockAndSurf and BrowserWarden installed. I removed them with FreeFixer and that stopped the browser from loading data from fkv.kaeygmagba.com.
The problem with this type of status bar message is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program running on my machine. This makes it impossible to say exactly what you need to remove to stop the status bar messages.
Anyway, here’s my suggestion for the fkv.kaeygmagba.com removal:
The first thing I would do to remove fkv.kaeygmagba.com is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something shady listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed approximately about the same time as you started getting the fkv.kaeygmagba.com status bar messages.
Then I would check the browser add-ons. Potentially unwanted program often appear under the add-ons menu in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
I think you will be able to track down and remove the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool designed to manually track down and remove unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not locked down like many other removal tools out there. It won’t require you to purchase the program just when you are about to remove the unwanted files.
And if you’re having issues figuring out if a file is clean or potentially unwanted in FreeFixer’s scan report, click on the More Info link for the file. That will open up a web page which contains more information about the file. On that web page, check out the VirusTotal report which can be very useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Did this blog post help you to remove fkv.kaeygmagba.com? Please let me know or how I can improve this blog post.
Hello readers! Just a quick post on a file named FinalTorrentSetup.exe signed by Premium Platform (Fried Cookie Ltd.).
Windows will display Premium Platform (Fried Cookie Ltd.) as the publisher when running the file. Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that Premium Platform (Fried Cookie Ltd.) is located in Tel Aviv, Israel.
Win32:Malware-gen, Application.Win32.InstallCore.DI, a variant of Win32/InstallCore.YH potentially unwanted and InstallCore (fs) are some detection names according to VirusTotal:
Did you also find a Premium Platform (Fried Cookie Ltd.) file? What kind of download was it? If you remember the download link, please post it in the comments below.
Welcome! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, used by a publisher called SuperSource (Fried Cookie Ltd.).
You can see who the signer is when double-clicking on an executable file. SuperSource (Fried Cookie Ltd.) appears in the publisher field in the dialog that pops up. Information about a digital signature and the certificate can also be found under the Digital Signature tab.. The screenshot below shows the SuperSource (Fried Cookie Ltd.) certificate. From the certificate info we can see that SuperSource (Fried Cookie Ltd.) appears to be located in Israel.
The reason I’m writing this blog post is that the SuperSource (Fried Cookie Ltd.) file is detected by many of the anti-virus software at VirusTotal. Avast detects installer_jdownloader_English.exe as Win32:Trojan-gen, AVG reports Generic.0C3, DrWeb reports Trojan.InstallCore.312, K7AntiVirus calls it Adware ( 004b91c91 ) and VIPRE reports InstallCore (fs).
Did you also find a SuperSource (Fried Cookie Ltd.) file? What kind of download was it? If you remember the download link, please post it in the comments below.
This page shows how to remove i.simpli.fi from Mozilla Firefox, Google Chrome and Internet Explorer.
Does this sound familiar? You see i.simpli.fi in your browser’s status bar while browsing sites that normally don’t load any content from third party domains. Maybe the i.simpli.fi domain appears when performing a search at the Google.com search engine?
Here is a screen capture on i.simpli.fi from my machine, which appeared in Firefox’ status bar while doing a search at Google:
Here are some of the status bar messages you may see in your browser’s status bar:
Waiting for i.simpli.fi …
Transferring data from i.simpli.fi …
Looking up i.simpli.fi …
Read i.simpli.fi
Connected to i.simpli.fi …
Does this sound like your computer, it’s possible you have some potentially unwanted program installed on your machine that makes the i.simpli.fi domain appear in your browser’s status bar. Don’t write angry emails to the website you were browsing, they are most likely not responsible for the i.simpli.fi status bar messages. The potentially unwanted program on your machine is. I’ll do my best to help you remove the i.simpli.fi message in this blog post.
For those that are new to the blog: Some time ago I dedicated a few of my lab machines and purposely installed some potentially unwanted programs on them. Since then I’ve been monitoring the actions on these systems to see what kinds of ads that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself automatically, or if it downloads additional potentially unwanted programs on the machines. I first found the i.simpli.fi in Mozilla Firefox’s status bar on one of these lab computers.
So, how do you remove i.simpli.fi from your browser? On the machine where i.simpli.fi showed up in the status bar I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the browser from loading data from i.simpli.fi .
The issue with this type of status bar message is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program running on my machine. This makes it impossible to say exactly what you need to remove to stop the status bar messages.
So, what can be done? To remove i.simpli.fi you need to check your machine for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:
The first thing I would do to remove i.simpli.fi is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something strange-looking listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if some program was installed about the same time as you started getting the i.simpli.fi statusbar messages.
Then I would check the browser add-ons. Potentially unwanted program often show up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there anything that looks suspicious? Anything that you don’t remember installing?
I think you will be able to find and uninstall the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I’ve developed since 2006. Freefixer is a tool designed to manually identify and uninstall unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not locked down like many other removal tools out there. It will not require you to pay a fee just when you are about to remove the unwanted files.
And if you’re having difficulties determining if a file is clean or potentially unwanted in FreeFixer’s scan result, click on the More Info link for the file. That will open up your browser with a page which contains additional details about the file. On that web page, check out the VirusTotal report which can be quite useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Did this blog post help you to remove i.simpli.fi ? Please let me know or how I can improve this blog post.
Thank you!
Update 2015-05-04: I’ve also seen the um.simpli.fi subdomain in use. Here’s two examples:
I was experimenting with an add-on in Firefox that monitors HTTP responses and HTTP requests. While doing a standard Google search I noticed a request to clients1.google.com, specifically to the http://clients1.google.com/ocsp URL:
The request is of the “application/ocsp-request” type. OCSP is an acronym for Online Certificate Status Protocol and it is a protocol used for getting the revocation status of a digital certificate.
And that’s probably what the connection is about: Checking the revocation status for some certificate, probably Google’s HTTPS certificate since I was doing a Google https:// search. I have not bothered to decode the OCSP request to see in detail what information Firefox requests. Please let me know what you find out if you dig deeper into the clients1.google.com communication.
Hi there! Just a short post on a publisher called LiveSoftAction SRL before going back to some coding on FreeFixer.
You will also see LiveSoftAction SRL listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file: The certificate information can also be viewed from Windows Explorer.. The screenshot below shows the LiveSoftAction SRL certificate. From the certificate info we can see that LiveSoftAction SRL appears to be located in Bucuresti in Romania.
When I uploaded the LiveSoftAction SRL file to VirusTotal, it came up with a 11% detection rate. The file is detected as Win32:Dropper-gen [Drp] by Avast, Adware.Iminent.25 by DrWeb, a variant of Win32/GetNow.H potentially unwanted by ESET-NOD32, BehavesLike.Win32.LiveSoftAction.dc by McAfee-GW-Edition and LiveSoftAction (fs) by VIPRE.
Did you also find a file digitally signed by LiveSoftAction SRL? What kind of download was it and where did you find it?
This page shows how to remove bkz.evgiagvu.com from Mozilla Firefox, Google Chrome and Internet Explorer.
Having issues with bkz.evgiagvu.com showing up in the lower left corner of your browser? If so, you might have some potentially unwanted program installed on your computer. I noticed bkz.evgiagvu.com in Mozilla Firefox’s statusbar when doing a search at Google, but I guess bkz.evgiagvu.com can appear if you are using Chrome, Internet Explorer, Safari or Opera too.
The following are some of the status bar messages you may see in your browser’s status bar:
Waiting for bkz.evgiagvu.com…
Transferring data from bkz.evgiagvu.com…
Looking up bkz.evgiagvu.com…
Read bkz.evgiagvu.com
Connected to bkz.evgiagvu.com…
If you also see this on your computer, you almost certainly have some potentially unwanted program installed on your machine that makes the bkz.evgiagvu.com domain appear in your browser. So there’s no use contacting the owner of the site you were browsing. The bkz.evgiagvu.com status bar messages are not coming from them. I’ll do my best to help you with the bkz.evgiagvu.com removal in this blog post.
I found bkz.evgiagvu.com on one of the lab computers where I have some potentially unwanted programs running. I’ve talked about this in some of the previous blog posts. The potentially unwanted programs was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the web browsers, injected ads on site that usually don’t show ads, or if some new files have been saved to the hard-drive.
bkz.evgiagvu.com was registered on 2015-03-18. bkz.evgiagvu.com resolves to 5.153.38.134.
So, how do you remove bkz.evgiagvu.com from your web browser? On the machine where bkz.evgiagvu.com showed up in the status bar I had CheckMeUp installed. I removed it with FreeFixer and that stopped the web browser from loading data from bkz.evgiagvu.com.
The problem with this type of status bar message is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program on my machine. This makes it impossible to say exactly what you need to remove to stop the status bar messages.
So, what can be done to solve the problem? To remove bkz.evgiagvu.com you need to examine your machine for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:
The first thing I would do to remove bkz.evgiagvu.com is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something dubious in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started getting the bkz.evgiagvu.com status bar messages.
The next thing to check would be your browser’s add-ons. Potentially unwanted programs often show up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer, Safari or Opera. Is there something that looks suspicious? Something that you don’t remember installing?
I think most users will be able to identify and uninstall the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. Freefixer is a tool designed to manually track down and uninstall unwanted software. When you’ve tracked down the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not locked like many other removal tools out there. It won’t require you to pay for the program just when you are about to remove the unwanted files.
And if you’re having troubles figuring out if a file is legit or potentially unwanted in the FreeFixer scan result, click on the More Info link for the file. That will open up a web page which contains additional details about the file. On that web page, check out the VirusTotal report which can be very useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Did you find any potentially unwanted program on your machine? Did that stop bkz.evgiagvu.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.
Did you just get a pop-up in a new tab from zeroredirect1.com and ponder where it came from? Did the zeroredirect1.com ad appear to have been popped up from a web site that under normal circumstances don’t use advertising such as pop-ups? Or did the zeroredirect1.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?
Here’s how the zeroredirect1.com pop-up looked like when I got it on my computer:
The domain in this case was zj.zeroredirect1.com.
Does this sound like what you see your machine, you most likely have some adware installed on your machine that pops up the zeroredirect1.com ads. So don’t send angry emails to the site you were browsing, the ads are most likely not coming from them, but from the adware on your machine. I’ll do my best to help you remove the zeroredirect1.com pop-up in this blog post.
I found the zeroredirect1.com pop-up on one of the lab machines where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if something new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on website that usually don’t show advertisements, or if some new files have been saved to the hard-drive.
zj.zeroredirect1.com resolves to the 54.172.189.104 address and zeroredirect1.com to 54.84.0.18. zeroredirect1.com was created on 2013-06-14.
So, how do you remove the zeroredirect1.com pop-up ads? On the machine where I got the zeroredirect1.com ads I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the zeroredirect1.com pop-ups and all the other ads I was getting in Mozilla Firefox.
If you are wonder if there are many others out there also getting the zeroredirect1.com ads, the answer is probably yes. Check out the traffic rank from Alexa:
The bad news with pop-ups like the one described in this blog post is that it can be launched by many variants of adware, not just the adware that’s installed on my system. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
Anyway, here’s my suggestion for the zeroredirect1.com ads removal:
The first thing I would do to remove the zeroredirect1.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something strange-looking listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started seeing the zeroredirect1.com pop-ups.
The next thing to check would be your browser’s add-ons. Adware often show up under the add-ons menu in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
I think you will be able to track down and remove the adware with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop about 8 years ago. Freefixer is a tool designed to manually identify and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not crippled like many other removal tools out there. It will not require you to purchase the program just when you are about to remove the unwanted files.
And if you’re having problems determining if a file is legit or adware in FreeFixer’s scan result, click on the More Info link for the file. That will open up a web page which contains additional information about the file. On that web page, check out the VirusTotal report which can be quite useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Here you can see FreeFixer in action removing pop-up ads:
Did this blog post help you to remove the zeroredirect1.com pop-up ads? Please let me know or how I can improve this blog post.
Are you getting pop-up surveys from consumer-responses.com while browsing on sites that typically don’t advertise in pop-up windows or by opening new tabs. Do the pop-ups manage to escape the built-in pop-up blockers in Google Chrome, Mozilla Firefox, Internet Explorer or Safari.
Here’s how the consumer-responses.com survey looked like when I got it on my computer:
Does this sounds like your experience, you probably have some adware installed on your system that pop up the consumer-responses.com surveys. I’ll try help you to remove the consumer-responses.com in this blog post.
If you have been visiting this blog already know this, but if you are new: Some time ago I dedicated some of my lab machines and deliberately installed some adware programs on them. I’ve been monitoring the behaviour on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware auto-updates, or if it downloads additional unwanted software on the computers. I first found the consumer-responses.com pop-up on one of these lab computers.
Generally these survey pop-ups claim that they are “official” surveys from the web site you were currently browsing and that you will get a reward or have a chance of winning a price by completing the survey. Sometimes they also claim that your feedback will be used to improve the web site you were visiting. Since I own the freefixer.com web site, I know the survey is 100% fake.
So, how do you remove the consumer-responses.com pop-up ads? On the machine where I got the consumer-responses.com ads I had GoSave, CheckMeUp and PennyBee installed. I removed them with FreeFixer and that stopped the consumer-responses.com pop-ups and all the other ads I was getting in Mozilla Firefox.
It seems as consumer-responses.com is getting quite a lot of traffic, based on Alexa’s traffic rank:
From the traffic graph we can see that the traffic has booming since in the beginning of November. consumer-responses.com was registered in July 2014, and the domain resolves to 8.29.137.208.
The issue with this type of pop-up is that it can be launched by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
Anyway, here’s my suggestion for the consumer-responses.com ads removal:
The first thing I would do to remove the consumer-responses.com pop-ups is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can reach this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows OS you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something suspect listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started seeing the consumer-responses.com pop-ups.
The next thing to check would be your browser’s add-ons. Adware often show up under the add-ons dialog in Mozilla Firefox, Google Chrome, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing?
I think you will be able to track down and remove the adware with the two steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the adware. FreeFixer is a freeware tool that I started develop many years ago. It’s a tool built to manually identify and uninstall unwanted software. When you’ve identified the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not crippled like many other removal tools out there. It won’t require you to purchase the program just when you are about to remove the unwanted files.
And if you’re having difficulties determining if a file is clean or malware in FreeFixer’s scan report, click on the More Info link for the file. That will open up your browser with a page which contains more information about the file. On that web page, check out the VirusTotal report which can be quite useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Are you a Mac or Linux user and get the consumer-responses.com pop-ups? What did you do to stop the pop-up in your browser? Please share in the comments below. Thank you!
Did this blog post help you to remove the consumer-responses.com pop-ups ads? Please let me know or how I can improve this blog post.
