Welcome! If you are a regular here on the FreeFixer blog, you know that I’ve been examining files that have a digital signature and bundle various types of potentially unwanted software. Today I found another publisher named Techsnab LLC that bundles some software.
To get more details on the publisher, you can view the certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the embedded certificate we can see that Techsnab LLC is located in Moscow, Russia and that the certificate is issued by COMODO Code Signing CA 2. This Techsnab certificate has been revoked:
16% of the scanners detected the file. The Game_of_Thrones_S04E02_HDTV_x264-2HD[ettv].exe file is detected as APPL/Techsnab.onemb by Avira, W32.HfsAdware.894E by Bkav, Trojan ( 004b5df41 ) by K7GW, Trojan.Win32.Techsnab.dossoy by NANO-Antivirus and GetPrivate (fs) by VIPRE.
Did you also find a Techsnab LLC file? What kind of download was it? If you remember the download link, please post it in the comments below.
Welcome! Saturday night post this time 😉 Just wanted to let you know about a publisher called Jelbrus LLC. You may run into this download if you are visiting sites such as The Pirate Bay.
Information about a digital signature and the certificate can also be found under the Digital Signature tab. According to the embedded certificate we can see that Jelbrus LLC seems to be located in Moscow in Russia and that the certificate is issued by Thawte Code Signing CA – G2.
Here’s how the Jelbrus installer looks like if you run the file:
When clicking the Next button a bunch settings are changed and some files are added on your computer. Here’s the interesting stuff from a FreeFixer log:
You will also see advertisements while browsing the web labelled “Ad by CouponDropDown“. Here’s the “Ad by CouponDropDown” ads on Google:
So what does the anti-virus scanners at VirusTotal say about Jelbrus’ “Breaking Bad” file? The detection rate is 13/57. Gen:Variant.Strictor.75172, Jelbrus.3C0, Adware/Techsnab.9058, Jelbrus LLC (fs), W32.HfsAdware.307F and Gen:Variant.Strictor.75172 were some of the detection names.
Did you also find an Jelbrus LLC? Did you also find it at The Pirate Bay?
This page shows how to remove i_crbsjs_info.tlscdn.com from Mozilla Firefox, Google Chrome and Internet Explorer.
Sound familiar? You see i_crbsjs_info.tlscdn.com in your browser’s status bar while browsing on websites that typically don’t load any content from third party domains. Maybe the i_crbsjs_info.tlscdn.com domain appear when performing a search at the Google.com search engine?
Here is how the i_crbsjs_info.tlscdn.com status bar message looked like on my computer:
It appeared while I did a search at Google.
The following are some of the status bar messages you may see in your browser’s status bar:
Waiting for i_crbsjs_info.tlscdn.com…
Transferring data from i_crbsjs_info.tlscdn.com…
Looking up i_crbsjs_info.tlscdn.com…
Read i_crbsjs_info.tlscdn.com
Connected to i_crbsjs_info.tlscdn.com…
If this description sounds like your computer, you probably have some potentially unwanted program installed on your machine that makes the i_crbsjs_info.tlscdn.com domain appear in your browser. Contacting the owner for the site you were at would be a waste of time. The i_crbsjs_info.tlscdn.com status bar messages are not coming from them. I’ll try help you with the i_crbsjs_info.tlscdn.com removal in this blog post.
If you have been visiting this blog already know this, but if you are new: A little while back I dedicated a few of my lab computers and deliberately installed some potentially unwanted programs on them. Since then I have been following the behaviour on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program auto-updates, or if it installs additional potentially unwanted programs on the computers. I first spotted the i_crbsjs_info.tlscdn.com in Mozilla Firefox’s status bar on one of these lab computers.
i_crbsjs_info.tlscdn.com resolves to the 207.244.65.148 IP address.
So, how do you remove i_crbsjs_info.tlscdn.com from your browser? On the machine where i_crbsjs_info.tlscdn.com showed up in the status bar I had TornTV installed. I removed it with FreeFixer and that stopped the web browser from loading data from i_crbsjs_info.tlscdn.com.
The issue with status bar messages such as this one is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program running on my computer. This makes it impossible to say exactly what you need to remove to stop the status bar messages.
Anyway, here’s my suggestion for the i_crbsjs_info.tlscdn.com removal:
The first thing I would do to remove i_crbsjs_info.tlscdn.com is to examine the software installed on the machine, by opening the “Uninstall programs” dialog. You can find this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something suspicious listed there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed approximately about the same time as you started observing the i_crbsjs_info.tlscdn.com statusbar messages. Does TornTV appear there?
Then I would check the browser add-ons. Potentially unwanted program often show up under the add-ons menu in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Anything that you don’t remember installing? Is TornTV in the list?
I think most users will be able to identify and remove the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I started develop about 8 years ago. It’s a tool built to manually identify and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not locked like many other removal tools out there. It won’t require you to pay for the program just when you are about to remove the unwanted files.
And if you’re having a hard time figuring out if a file is clean or potentially unwanted in FreeFixer’s scan report, click on the More Info link for the file. That will open up a web page which contains more details about the file. On that web page, check out the VirusTotal report which can be quite useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Did you find any potentially unwanted program on your machine? Did that stop i_crbsjs_info.tlscdn.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.
This page shows how to remove nsl.mapticket.net from Mozilla Firefox, Google Chrome and Internet Explorer.
Does this sound like your story? You see nsl.mapticket.net in your browser’s status bar while browsing sites that usually don’t load any content from third party domains. Maybe the nsl.mapticket.net domain show up when performing a search at the Google search engine?
Here is how the nsl.mapticket.net statusbar message looked like on my machine, when I did a search at the Google search engine:
Here are some of the statusbar messages you may see in your browser’s status bar:
Waiting for nsl.mapticket.net…
Transferring data from nsl.mapticket.net…
Looking up nsl.mapticket.net…
Read nsl.mapticket.net
Connected to nsl.mapticket.net…
Does this sound like your machine, you most likely have some adware installed on your machine that makes the mapticket.net domain appear in your web browser. There’s no use contacting the owners of the site you currently were browsing. The nsl.mapticket.net status bar messages are not coming from them. I’ll do my best to help you remove the nsl.mapticket.net message in this blog post.
I found nsl.mapticket.net on one of the lab systems where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if anything new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on site that usually don’t show ads, or if some new files have been saved to the hard-drive.
nsl.mapticket.net resolves to 208.43.241.247. nsl.mapticket.net was created on 2013-06-26. The domain is protected by Domains By Proxy, LLC.
According to YouGetSignal’s reverse IP lookup, the following domains has also resolved to the same IP:
dso.maptickets.net
dss.drivefor.net
enl.trepage.net
gho.doorknobregorgeasperse.com
gin.mapdiv.net
gip.driverdiv.net
gir.driveropti.net
gld.pathticket.net
jdt.drivetool.net
jgp.makejava.net
jgs.prediv.net
jsf.jsticket.net
lkb.yardarmsweatermothy.com
luu.lightquartrate.com
nel.dosection.net
nll.coupecranklest.com
nsl.mapticket.net
www.usertube.com
yxo.warmportrait.com
So, how do you remove nsl.mapticket.net from your browser? On the machine where nsl.mapticket.net showed up in the status bar I had BlockAndSurf, TinyWallet and BrowserWarden installed. I removed them with FreeFixer and that stopped the web browser from loading data from nsl.mapticket.net.
It seems as nsl.mapticket.net has been getting a lot of traffic, but it has dropped significantly recently, based on Alexa’s traffic rank:
The problem with status bar messages such as this one is that it can be caused by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the status bar messages.
Anyway, here’s my suggestion for the nsl.mapticket.net removal:
Review what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see anything that you don’t remember installing or that was recently installed?
You can also review the browser add-ons. Same thing here, do you see something that you don’t remember installing?
If that didn’t solve the problem, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your system at lots of locations where unwanted software is known to hook into your computer. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:
An example of FreeFixer’s “More Info” links. Click for full size.
Did you find any adware on your machine? Did that stop nsl.mapticket.net? Please post the name of the adware you uninstalled from your machine in the comment below.
This page shows how to remove ourstaticdatastorage.com from Mozilla Firefox, Google Chrome and Internet Explorer.
Did you just see app.ourstaticdatastorage.com or logs.ourstaticdatastorage.com in the status bar of your browser and wonder where it came from? Or did ourstaticdatastorage.com show up while you search for something on one of the big search engines, such as the Google.com search engine?
Here is how the ourstaticdatastorage.com looked in my network log:
I got this while doing a search at Google.
Here are some of the status bar messages you may see in your browser’s status bar:
Waiting for ourstaticdatastorage.com…
Transferring data from ourstaticdatastorage.com…
Looking up ourstaticdatastorage.com…
Read ourstaticdatastorage.com
Connected to ourstaticdatastorage.com…
If this description sounds like what you are seeing, you probably have some potentially unwanted program installed on your computer that makes the ourstaticdatastorage.com domain appear in your browser. Don’t blame the people that runs the site you were at when you first spotted ourstaticdatastorage.com in the status bar. They are probably not responsible, but from the potentially unwanted program that’s installed on your machine. I’ll try help you with the ourstaticdatastorage.com removal in this blog post.
Those that have been reading this blog already know this, but here we go: Not long ago I dedicated some of my lab computers and purposely installed a few potentially unwanted programs on them. Since then I have been monitoring the actions on these computers to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program updates itself, or if it downloads and installs additional potentially unwanted programs on the computers. I first noticed the ourstaticdatastorage.com in Mozilla Firefox’s status bar on one of these lab machines.
ourstaticdatastorage.com was created on 2014-02-18. app.ourstaticdatastorage.com resolves to the 69.16.175.10 IP address and ourstaticdatastorage.com to 208.109.4.201. logs.ourstaticdatastorage.com resolves 69.16.175.4.
Update 2015-03-19: Found another subdomain called js.ourstaticdatastorage.com.
Update 2015-03-28: Found another subdomain: stats.ourstaticdatastorage.com.
So, how do you remove ourstaticdatastorage.com from your browser? On the machine where ourstaticdatastorage.com showed up in the status bar I had TornTV installed. I removed it with FreeFixer and that stopped the browser from loading data from ourstaticdatastorage.com.
The issue with statusbar messages like this one is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program on my computer. This makes it impossible to say exactly what you need to remove to stop the status bar messages.
To remove ourstaticdatastorage.com you need to check your computer for potentially unwanted programs and uninstall them. Here’s my suggested removal procedure:
The first thing I would do to remove ourstaticdatastorage.com is to examine the programs installed on the machine, by opening the “Uninstall programs” dialog. You can open this dialog from the Windows Control Panel. If you are using one of the more recent versions of Windows Operating System you can just type in “uninstall” in the Control Panel’s search field to find that dialog:
Click on the “Uninstall a program” link and the Uninstall programs dialog will open up:
Do you see something strange-looking in there or something that you don’t remember installing? Tip: Sort on the “Installed On” column to see if something was installed about the same time as you started observing the ourstaticdatastorage.com status bar messages.
The next thing to check would be your web browser’s add-ons. Potentially unwanted program often appear under the add-ons dialog in Google Chrome, Mozilla Firefox, Internet Explorer or Safari. Is there anything that looks suspicious? Something that you don’t remember installing?
I think you will be able to track down and uninstall the potentially unwanted program with the steps outlined above, but in case that did not work you can try the FreeFixer removal tool to identify and remove the potentially unwanted program. FreeFixer is a freeware tool that I’ve developed since 2006. Freefixer is a tool built to manually identify and uninstall unwanted software. When you’ve found the unwanted files you can simply tick a checkbox and click on the Fix button to remove the unwanted file.
FreeFixer’s removal feature is not locked like many other removal tools out there. It will not require you to pay for the program just when you are about to remove the unwanted files.
And if you’re having problems figuring out if a file is safe or potentially unwanted in the FreeFixer scan result, click on the More Info link for the file. That will open up your browser with a page which contains additional information about the file. On that web page, check out the VirusTotal report which can be very useful:
An example of FreeFixer’s “More Info” links. Click for full size.
Did you find any potentially unwanted program on your machine? Did that stop ourstaticdatastorage.com? Please post the name of the potentially unwanted program you uninstalled from your machine in the comment below.
This page shows how to remove d2a8a4q9.ssl.hwcdn.net from Mozilla Firefox, Google Chrome and Internet Explorer.
Does this sound like your story? You see d2a8a4q9.ssl.hwcdn.net in your browser’s status bar while browsing at sites that commonly don’t load any content from third party domains. Perhaps the d2a8a4q9.ssl.hwcdn.net domain appear when performing a search at the Google search engine?
Here’s how the d2a8a4q9.ssl.hwcdn.net connection when I got it in the network log on my computer, while searching at Google:
Here are some of the status bar messages you may see in your browser’s status bar:
Waiting for d2a8a4q9.ssl.hwcdn.net…
Transferring data from d2a8a4q9.ssl.hwcdn.net…
Looking up d2a8a4q9.ssl.hwcdn.net…
Read d2a8a4q9.ssl.hwcdn.net
Connected to d2a8a4q9.ssl.hwcdn.net…
Does this sound like what you see your system, you presumably have some potentially unwanted program installed on your computer that makes the d2a8a4q9.ssl.hwcdn.net domain appear in your browser. So there’s no idea contacting the owner of the site you currently were browsing. The d2a8a4q9.ssl.hwcdn.net status bar messages are not coming from them. I’ll try help you with the d2a8a4q9.ssl.hwcdn.net removal in this blog post.
If you have been visiting this blog already know this, but if you are new: Some time ago I dedicated a few of my lab computers and knowingly installed some potentially unwanted programs on them. I’ve been tracking the actions on these systems to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the potentially unwanted program auto-updates, or if it downloads and installs additional potentially unwanted programs on the machines. I first found the d2a8a4q9.ssl.hwcdn.net in Mozilla Firefox’s status bar on one of these lab computers.
d2a8a4q9.ssl.hwcdn.net resolves to 205.185.208.11.
So, how do you remove d2a8a4q9.ssl.hwcdn.net from your browser? On the machine where d2a8a4q9.ssl.hwcdn.net showed up in the statusbar I had GamesDesktop, istartsurf, MedPlayerNewVersion and Movie Wizard installed. I removed them with FreeFixer and that stopped the browser from loading data from d2a8a4q9.ssl.hwcdn.net.
The issue with statusbar messages like the one described in this blog post is that it can be caused by many variants of potentially unwanted programs, not just the potentially unwanted program on my computer. This makes it impossible to say exactly what you need to remove to stop the statusbar messages.
Anyway, here’s my suggestion for the d2a8a4q9.ssl.hwcdn.net removal:
What software do you have installed if you look in the Add/Remove programs dialog in the Windows Control Panel? Something that you don’t remember installing yourself or that was recently installed?
You can also examine the browser add-ons. Same thing here, do you see anything that you don’t remember installing?
If that didn’t solve the problem, I’d recommend a scan with FreeFixer to manually track down the potentially unwanted program. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:
An example of FreeFixer’s “More Info” links. Click for full size.
Did this blog post help you to remove d2a8a4q9.ssl.hwcdn.net? Please let me know or how I can improve this blog post.
This page shows how to remove god.driverjs.net from Mozilla Firefox, Google Chrome and Internet Explorer.
Does this sound like what you are seeing right now? You see god.driverjs.net in your web browser’s status bar while browsing at websites that typically don’t load any content from third party domains. Perhaps the god.driverjs.net domain appear when performing a search at the Google search engine?
Here is how the god.driverjs.net status bar message looked like on my computer while I was doing a Google search:
The following are some of the status bar messages you may see in your browser’s status bar:
Waiting for god.driverjs.net…
Transferring data from god.driverjs.net…
Looking up god.driverjs.net…
Read god.driverjs.net
Connected to god.driverjs.net…
If this sounds like what you are seeing on your system, you probably have some adware installed on your machine that makes the god.driverjs.net domain appear in your web browser. So there’s no use contacting the owner of the site you were browsing. The god.driverjs.net status bar messages are not coming from them. I’ll do my best to help you remove the god.driverjs.net message in this blog post.
Those that have been following this blog already know this, but here we go: Not long ago I dedicated a few of my lab machines and wilfully installed a few adware programs on them. Since then I have been monitoring the actions on these machines to see what kinds of advertisements that are displayed. I’m also looking on other interesting things such as if the adware updates itself automatically, or if it installs additional unwanted software on the machines. I first found the god.driverjs.net in Mozilla Firefox’s status bar on one of these lab computers.
god.driverjs.net resolves to the 208.43.241.241 IP address. god.driverjs.net was created on 2013-06-26.
So, how do you remove god.driverjs.net from your browser? On the machine where god.driverjs.net showed up in the status bar I had TinyWallet, BlockAndSurf and BrowserWarden installed. I removed them with FreeFixer and that stopped the browser from loading data from god.driverjs.net.
The problem with statusbar messages such as this one is that it can be caused by many variants of adware. This makes it impossible to say exactly what you need to remove to stop the status bar messages.
Anyway, here’s my suggestion for the god.driverjs.net removal:
Examine what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see something that you don’t remember installing or that was recently installed?
How about your browser add-ons. Anything in the list that you don’t remember installing?
If that did not help, you can give FreeFixer a try. FreeFixer is built to assist users when manually tracking down adware and other types of unwanted software. It is a freeware utility that I’ve been working since 2006 and it scans your machine at lots of locations where unwanted software is known to hook into your computer. If you would like to get additional details about a file in FreeFixer’s scan result, you can just click the More Info link for that file and a web page with a VirusTotal report will open up, which can be very useful to determine if the file is safe or malware:
An example of FreeFixer’s “More Info” links. Click for full size.
Did this blog post help you to remove god.driverjs.net? Please let me know or how I can improve this blog post.
Do you see some of the following messages about ajax.googleapis.com in the status bar of Firefox, Chrome or Internet Explorer while visiting a web site?
Waiting for ajax.googleapis.com…
Transferring data from ajax.googleapis.com…
Looking up ajax.googleapis.com…
Read ajax.googleapis.com
Connected to ajax.googleapis.com…
You are seeing those status messages in your browser because the web site you visited is using one of the Google Hosted Libraries. Google is offering a bunch of open-source JavaScript libraries on a content distribution network.
These script libraries are included by adding the script tag to a web page. For example, here’s how to include jQuery on a web page:
Your browser may get stuck for a moment the first time it downloads a library from ajax.googleapis.com. The second time you load the same web page, you should probably not see any delay caused by ajax.googleapis.com, since the browser loads the library code from its local cache.
Did you just get a pop-up from t2.junbi-tracker.com and ponder where it came from? Did the t2.junbi-tracker.com ad appear to have been popped up from a web site that under normal circumstances don’t use advertising such as pop-up windows? Or did the t2.junbi-tracker.com pop-up show up while you clicked a link on one of the major search engines, such as Google, Bing or Yahoo?
Here is how the t2.junbi-tracker.com pop up looked like on my system:
If you also see this on your system, you most likely have some adware installed on your computer that pops up the t2.junbi-tracker.com ads. There’s no use contacting the owners of the site you currently were browsing. The ads are not coming from them. I’ll do my best to help you remove the t2.junbi-tracker.com pop-up in this blog post.
I found the t2.junbi-tracker.com pop-up on one of the lab machines where I have some adware running. I’ve talked about this in some of the previous blog posts. The adware was installed on purpose, and from time to time I check if anything new has appeared, such as pop-up windows, new tabs in the browsers, injected ads on site that usually don’t show ads, or if some new files have been saved to the hard-drive.
junbi-tracker.com resolves to the 95.128.200.219 IP address. t2.junbi-tracker.com resolves to the same IP. junbi-tracker.com was created on 2013-04-11. Here’s Alexa’s traffic rank for the domain:
So, how do you remove the t2.junbi-tracker.com pop-up ads? On the machine where I got the t2.junbi-tracker.com ads I had TinyWallet, BlockAndSurf and BrowserWarden installed. I removed them with FreeFixer and that stopped the t2.junbi-tracker.com pop-ups and all the other ads I was getting in Mozilla Firefox.
The issue with pop-ups like this one is that it can be initiated by many variants of adware, not just the adware that’s installed on my machine. This makes it impossible to say exactly what you need to remove to stop the pop-ups.
Anyway, here’s my suggestion for the t2.junbi-tracker.com ads removal:
Review what programs you have installed in the Add/Remove programs dialog in the Windows Control Panel. Do you see something that you don’t remember installing or that was recently installed?
You can also check the add-ons you installed in your browsers. Same thing here, do you see something that you don’t remember installing?
If that does not help, I’d recommend a scan with FreeFixer to manually track down the adware. FreeFixer is a freeware tool that I’m working on that scans your computer at lots of locations, such as browser add-ons, processes, Windows services, recently modified files, etc. If you want to get additional details about a file in the scan result, you can click the More Info link for that file and a web page will open up with a VirusTotal report which will be very useful to determine if the file is safe or malware:
An example of FreeFixer’s “More Info” links. Click for full size.
Here’s a video guide showing how to remove pop-up ads with FreeFixer:
Did this blog post help you to remove the t2.junbi-tracker.com pop up ads? Please let me know or how I can improve this blog post.
